Functional Description
Contents
1. cece ce ceeeeee eee e eee ea ea ee eens teen ees 40 Zelid Available FEACUPES insni araida aiaa a Ea AEN ences 42 2 1 2 List of Items That Can Be Controlled sssssssesesresrerrrrerrrrerenn 44 2 1 3 Important POUMS srsrsriiaso ka nane ae a a 45 2 2 Sec rity WED POrtal vetcececccecas deena ceeceebecee Goede ebednedeahe e a a eaa 46 22 1 Available Feature Surinin aaa a OE a 48 2 2 2 IMportant POINTS sisccccsccscarrceresasseccisnantsasae tatastcaarsese sadaacessaaee 50 3 Compute Global Standard Menu 2 soiccescccissiceance dees cxsdybesnccsdiskacstelencndekd 51 3 1 Compute ReESOUFCE wecsisttesissntesasiientserenadsaectsaaresesaeteaassieerseseeatamensaaees 51 3 1 1 Available Features innen aa ana AE aN 51 3 1 2 Provision of Compute Resource POOIS ceceeeeeeee ee ee eee eee 52 3 1 3 Features for Controlling Compute Resource Pools 005 56 Sal VAPP PEQUUIG ic fs cicdecsced ane cache ae ccoevs can dh teins ENEA Urea aed 57 3 1 5 Assigning Resources to a Virtual Machine ccccc cece eeeneeeeees 57 3 1 6 Important POINTS 2 ccccuccecaienaet ede tag asinna EENE EE aaa 69 3 2 Compute Resource Dedicated DeVICE ccceceeceeeeeeeeeeeeeeeeeeeeeeaeneaees 74 Enterprise Cloud Functional Description ver2 36 321 Available Feature Saien tend E a 74 3 2 2 Provision of Compute Resource POOIS cccceceeeeeeeeeeeeeeneeeeees 75 3 2 3 Parameter Settings for RESOUrCeS sssssssssresrererrrrirerrrrerenen2. ssesesssrrrrrrrrrrrrrnrrrerenns 235 o On Premises Interconnectivity cceeeeeeee 154 OS LICENSE seisata SAA Enana 93 QVEIVICW wasasseisdesttcssuasssnrscestetastaavearsies titans 10 P Packet Filtering Feature ereere 160 Viral nasara aaa 224 Portal Siter innesi osr nineties 41 Private Catalog issiria 88 R RDS SAL iieri iener Eai 113 Real Time Malware Detection Email 240 Real Time Malware Detection Web 238 Red Hat Enterprise LINUX 93 Remote Monitoring System cceeeeeee 249 Routing Feature rissin arriaren 160 S Security Features isccsseccscsssetssesseessseensesacesss 194 Security Web Portal ccccccccssssssseeeeeeeeeseeneees 47 Server SegMent ssssssssesesrrrrrrrrrreerrrrrrrrre 141 Service Interconnectivity seeen 146 Enterprise Cloud Functional Description ver2 36 Service Management 41 Set of Materials Sent When You Start Using the SOIVICG E T 244 Support CENE reiii aink 245 T Technical Help Desk cccccsceeeeeeeeeeeeeees 245 Template isinen aie 88 TEMS siso nnanet 37 V VRIreWall ieuna aa aa 160 Virtual Machine ccceceeeeeeeeeeeeeeeeeeeeeees 88 VLOAC Balancer cccececeeeeeceeeeeeeeeeeeeeeeees 166 VM ANU VITUS oo csccssceeseesssssesssseeseeessessesnenes 218 VM Firewall ccccceceeeesesssseeeeeseereeseesseaees 228 VPN CONNECUIVILY 2 cece ete teee eter ee ee eres ea eeeeeeees 136 WwW WAF rason a 214 Web Application Firewall 214
3. 7 6 1 Available Features You can use the following features in Web Application Firewall WAF Feature Overview Web Application Firewall This feature detects attack traffic on Web applications and blocks attack traffic which has a high probability of exerting a negative impact 7 6 2 Web Application Firewall Feature This feature detects attack traffic on Web applications and blocks attack traffic which has a high probability of exerting a negative impact If NTT Communications judges it necessary we will notify you via email etc regarding the detection and blocking status Enterprise Cloud Functional Description ver2 36 Routing Settings Only communication that goes through the Web Application Firewall WAF is targeted for detection When using Web Application Firewall WAF please use the following routing settings Internet GW VPN Connection GW Internet Transit VPN Transit vFire wall Routing setting for the communication addressed to the server segment targeted for detection dass and a ee Communication route to the Routing setting for the communication from the virtual server segment i targeted for machine Virtual Machine detection Server segment q targeted for detection a Service Interconnectivity GW The communication that is addressed to the IP address block that is assigned for connecting to the Web Application Fire
4. Enterprise Cloud Functional Description Global Standard Services NTT Communications Ver 2 36 March 23th 2015 Edition Enterprise Cloud Functional Description ver2 36 About This Document Structure of This Document The document is composed of three parts Overview part 1 Overview of the Enterprise Cloud Features part 2 Service Management Portal Site 3 Compute Global Standard Menu 4 Backup Global Standard Menu 5 Network Global Standard Menu 6 External Storage Global Standard Menu 7 Security Global Standard Menu 8 Services Specific to Japan Data Centers Local Option Menu Maint part 9 Maintenance and Operation of the Enterprise Cloud Japan Contract Purpose of This Document How to Use This Document This document explains the menus in the Enterprise Cloud and the features in each menu Please note that the information in this document is for users who have signed contracts If anything in the document is unclear please contact an NTT sales representative or Support The contact information for Support is included in this document For instructions on how to use the Customer Portal refer to Enterprise Cloud User s Guide The service may differ from the information in this document as a result of feature additions changes You can download the latest version of this document and user guides from the website below You will need the ID password provided when you
5. Event Information Displays the detailed information of events Report Generation Allows users to generate and download and Download various kinds of report based on required period or host File Download Allows users to download documents and installers Report Download RTMD Email Web Allows users to download reports Access to the Security Web Portal requires authentication using one time password 2 2 2 Important Points 8 The Security Web Portal is accessed through a web browser using the Internet Please prepare an environment in which you have Internet access You cannot use the Security Web Portal Japan DC version to check information such as maintenance and errors for a period during which operations were being run on standby equipment NTT Communications is not responsible for unauthorized use of the Security Web Portal resulting from the loss or leaking of password information issued to the customer This system is different from the Enterprise Cloud Customer Portal Security Web Portal Japan DC version will be intergrated into that of DCs outside Japan WideAngle MSS Customer Portal Enterprise Cloud Functional Description ver2 36 3 Compute Global Standard Menu 3 1 Compute Resource Compute Resource is a service that provides virtual equipment Compute Resources by combining CPUs Memory and Disks to create Virtual Machines Compute Resources are provided by virtualizing physical
6. Public Catalog Private Catalog Service Interconnect Gateway Overview Gateway for connecting to the Internet Connects the Internet GW and the vFirewall A Global IP Address is provided Gateway for connecting to a VPN Connects the VPN Gateway and the vFirewall A feature that provides a firewall between the Internet Transit the VPN Transit and the Server Segment A virtual dedicated load balancer on the Server Segment An L2 segment feature for connecting the following devices Virtual Machine e vFirewall e vLoad Balancer Service Interconnect Gateway Virtual dedicated server e Resources are assigned and created from a Compute Resource Pool Resources for creating a Virtual Machine CPU Memory Disk A Virtual Machine image created by taking a copy of the server You can create a Virtual Machine using a template An area for storing registered templates that can be used by anyone An area for storing templates that are exclusively for you A gateway for connecting Server Segments and other services provided by NTT Communications Name of Service for Which You Need to Apply Internet Connectivity Global IP Address VPN Connectivity vFirewall Integrated Network Appliance vLoad Balancer Integrated Network Appliance Server Segment Compute Resource Compute Resource Dedicated Device Private Catalog Service Interconnectivity Enterprise Cloud Function
7. The following virtualization software is used in Compute Resource VMware vSphere VMware vCloud Director Equivalent successor products Enterprise Cloud Functional Description ver2 36 3 2 Compute Resource Dedicated Device Compute Resource Dedicated Device is a service that provides virtual equipment Compute Resources by combining CPUs Memory and Disks to create Virtual Machines Compute Resources are provided by virtualizing physical servers and storage devices within a physical enclosure dedicated to you You can use multiple dedicated devices in the Data Center that you are using 3 2 1 Available Features You can use the following features in Compute Resource Dedicated Device 1 Provision of Compute You can create and use multiple Compute Resource Pools Resource Pools CPU Memory Disk to create a Virtual Machine However in Compute Resource you use your own dedicated physical servers and storage devices provided by NTT Communications Compute Resource Pool Resources are distributed among each compute resource pool Minimum configuration 1 device Minimum configuration 1 device Maximum configuration 18 devices Maximum configuration 2 devices TEESE RES TEESE EEEH n Minimum configuration 1 device Maximum configuration 1 device Compute Resource Dedicated Device Enterprise Cloud Functional Description ver2 36 Compute Resource Dedicated Device is a service that provide
8. Customercan specify the When the segment is connected Address IP address at the time to INA ActiveIP address is Server Segment is assigned It cannot be changed created When the segment is not Cannot be changed after connected to INA Customer can activation Ifitwasnot specify the IP address It cannot specified vFirewall be changed When the IP AcitveIP address is address is not be specified NTT Communications will be Enterprise Cloud Functional Description ver2 36 assigned specified DNS suffix IP addresses specified by Customer or no value X The IP address that is set for Server Segments that do not connect to the Integrated Network Appliance is the broadcast address of the IP address block for the Server Segment 1 For example if the IP address block is 192 168 0 0 24 the IP address that is the broadcast address of the IP address block for the Server Segment 1 will be 192 168 0 254 You can only specify the DNS and default gateway IP address at the time Server Segment is created If IP addresses have not been specified they will be allocated automatically as shown below DNS Server Primary IP addresses specified by NTT Communications DNS Secondary DNS Restrictions in case of default GW is specified by Customer vFirewall The IP address which is set as a Default Gateway cannot be assigned to the vNIC of the Virtual Machine INA The IP
9. Storage Capacity You can increase or decrease the storage capacity of a single shared External Storage area within the range listed below Storage Capacity 500 GB 4 000 GB 100 GB X 1 GBis 1 024 bytes to the power of 3 If you reduce storage capacity you cannot specify a capacity smaller than the volume of the stored data Enterprise Cloud Functional Description ver2 36 Protocol Used You can choose CIF or NFS as the protocol for connecting to the shared External Storage area Primary Storage Note that the method for limiting the users who can use the primary storage differs according to protocol NFS NFS version 3 The users who can use Primary Storage are limited according to the IP address and Server Segment of the connection source If you use CIFS protocol please set the WORKGROUP user and password permitting use of Primary Storage according to the rules specified by NTT Communications If you use CIFS protocol the shared name will be set automatically You cannot use both NFS protocol and CIFS protocol for a single Primary Storage 6 1 3 Data Replication Feature Burst Feature To manage the remote DC you can use a data replication feature that synchronizes data between Primary Storage and Secondary Storage The data that is transferred using data replication is differential data after the time of the previous data synchronization Virtual Network Used for Replication A virt
10. L2 Data Link Layer are checked Matching is carried out based on protocol violations and signature Packets matching the pattern are identified as attack traffic targeting the vulnerabilities and protective Enterprise Cloud Functional Description ver2 36 action is taken If NTT Communications judges it necessary we will notify you via Email etc of detection status and defense block status 7 8 3 Recommended Scan Feature It periodically scans the Virtual Machine system information checks whether there are vulnerabilities and automatically applies VM Virtual Patch corresponding to those vulnerabilities Selects the interval VM Virtual Patch are automatically applied from Hourly Daily Weekly or Monthly and specifies the targeted time Hourly Specifies X minute every hour Weekly Specifies either X day of the week each week or Yday of Every X Weeks INFO VM Virtual Patch is effective against vulnerabilities in OS and general applications such as apache that are already installed If you have applied a regular patch the VM Virtual Patch will be canceled during the recommended scan 7 8 4 Important Points Virtual Machine System Requirements The system requirements for operating the VM Virtual Patch agent software Memory capacity Disk capacity and OS are shown below Memory Capacity 512 MB or greater OS The OSs listed in Supported OS List of VM Anti Virus VM Virtual Patch and V
11. Please add the IP address blocks of the target server segment to the proxy exception setting of a client browser Otherwise a warning screen will not be displayed Please set vFirewall so that the communication addressed to port 6080 of the proxy server passes through it You cannot use port 6080 for service communication which goes through URL Filtering because port 6080 is used to display a warning screen Packets which break TCP UDP IP protocol rules or abnormal packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle When the Port number is O zero When the TCP flag combination is abnormal and others If devices making up this feature are replaced due to malfunction etc you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal In addition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the log or the event reports for the period during which the switching occurred from the Security Web Portal URL Filtering does not guarantee that the URL filtering feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the URL identification algorithms provided by the developers or distributors of the devices making up the URL Filt
12. Startup Type Manual SSS Service SQL Server Distributed Replay Controller Account Name NT Service SQL Server Distributed Replay efault instance D MSSQLSERVER C Program Files Microsoft SQL Server NT Service SQLSERVERAGENT Startup Type Manual Service SQL Full text Filter Daemon Launcher Startup Type Maal O Service SQL Server Browser Account Name Startup Type Collation Database Engine collation Analysis Services collation Latini_General_CI_AS Enterprise Cloud Functional Description ver2 36 Enterprise Cloud Functional Description ver2 36 Database Engine Configuration Server Configuration Authentication Mode Windows authentication mode pacify SQL Server administrators Administrator Data Directories Data root directory MSSQL11 MSSQLSERVER MSSQL Data MSSQL11 MSSQLSERVER MSSQL Data MSSQL11 MSSQLSERVER MSSQL Data MSSQL11 MSSQLSERVER MSSQL Data Backup directory C Program Files Microsoft SQL Server MSSQL11 MSSQLSERVER MSSQL Backup ke Enable FILESTREAM for Transact SQL access Disabled fs Analysis Services Configuration Server Configuration zz Multidimensional and data mining mode _ Spacify which users have administrative permissions for Administrator Analysis Services Data Directories PY ir 0 MSAS11 MSSQLSERVER OLAP Data Log file directory C Program Files Microsoft SQL Server aa E E MSAS11 MSSQLSERVER OLAP Temp n E MSAS11 MSSQLSERVER
13. Web Anti VirUS sseseeeeeerereerernn 202 Windows Server ssasinineirnnisaras 93 Enterprise Cloud Functional Description ver2 36 Revision History Date Version Revision Details Updated No 04 05 2013 Ver 1 00 Ver 1 00 established 04 26 2013 Ver 1 10 1 Changed the name of a menu New Compute Resource Dedicated Device Old Dedicated Cluster 2 Added a storage class Premium to Compute Resource Dedicated Device 3 Added database license MS SQL 4 Added a menu that can only be used at Japan Data Centers 5 Fixed other notation variations 06 03 2013 Ver 1 11 1 Added a note about the number of vLoad Balancer sessions 2 Fixed typographical errors 06 10 2013 Ver 1 12 1 Fixed the diagram of the equipment environment 2 Fixed the list of features shared between portals 3 Fixed an error in the UKDC name 07 18 2013 Ver 1 2 1 Added On Premises Interconnectivity 2 Added image backup 3 Added the IP address management feature for Server Segments 09 05 2013 Ver 1 21 1 Added Single Sign On 09 25 2013 Ver 1 3 1 Added security 2 Added Remote Client Connection 3 Fixed Data Center availability 4 Other minor corrections 10 07 2013 Ver 1 31 1 Remote Client Connection Fixed terminal type delivered addresses 11 15 2013 Ver 1 4 1 Added the Disk extension feature for Virtual Machines 2 Added the wide band plan for VPN Connectivity and Internet Connectivity 3 Provided the separate releases for vFirewall and v
14. not be able to use the Virtual Machine Windows Server 2012 R2 1000 times Windows Server 2012 1000 times Windows Server 2008 R2 3 times Once the virtual machine is created from the template you will be using up the limited times for Sysprep running Important Points regarding Guest OS Settings When changing the Guest OS network settings do not disable a vNIC that has been recognized in the Customer Portal even if you are not using that vNIC Creating a Virtual Machine from a template in which vNIC is disabled in the Guest OS may result in errors Important Points regarding Serves Segment deletion Server Segment cannot be deleted as long as the templete exist on Private Catalog when Virtual Machine which vNIC connecting the Server Segment is converted When Enterprise Cloud Functional Description ver2 36 there is a schedule which deletes Server Segment please convert Virtual Machine after removing vNIC from the Server Segment in advance 3 4 OS License OS License is a service that provides rights to use an OS license for the Windows Server operating system or a Red Hat Enterprise Linux subscription on Virtual Machines created in Compute Resource NTT Communications provides OS licenses as its own service based on a contract signed under Microsoft s SPLA license agreement and subscriptions as its own service based on an agreement with Red Hat 3 4 1 Available Features You can use the following feature
15. started the service or sent separately to access and use the service Support site for users with an Enterprise Cloud contract http www ntt com bhec data support html Enterprise Cloud Functional Description ver2 36 About THIS IDGCUIMNGNE xiasanciecesspirenss wreedidwenieberscnuietadebeberrnani stir oxnskanseocietes 2 COnNt NtS orro A EO RA E E ed aed 3 1 Overview of the Enterprise Cloud sc 2xe vceissiscanterracesrdetavcoiatiekiicnnmeass 9 1 1 What is Enterprise ClOUd csccccsncteccesscheceeteias iiaa ia 9 1 2 Features that make up Enterprise ClOUC cceceeeeeee te ee eee ee ee eee eaes 10 1 3 Services Available at All Data Centers Global Standard Menu 13 1 3 1 Available Equipment Environment cceceeeeeeeeeee eee eee 17 1 3 2 Available Data Cente Sron ra cdots 21 1 3 3 Service Order Delivery Time and Minimum Usage Period 24 1 3 4 Resource Contract Conditions and Service Combination CONdItIONS risada ina aA aa nunca A a aN aen a 30 1 4 Services That Have Data Center Specific Usage Local Option Menu 32 1 5 Example Usage Model iiscericcrnngresii eiia eae ceed eee 34 1 6 Explanation of COMMON Terms cc cece eee e eee ee ee ee ee ee eee eee teeta eae 36 1 7 Restriction Sisingaan dak iawersaseeeevadscdsasaadsaaaeedsiaaneendsanevanaens 39 2 Service Management Portal Site c ccceceeeseceeeseessoeseeoeereseensneceenees 40 2 1 Enterprise Cloud Customer Portal
16. such as databases and Active Directories If you target them for virus scan the server performance will be reduced We ask you to assume responsibility for monitoring agent software checking to make sure it is activated at all times If you use a Private Catalog to create a template of the Virtual Machine image and store it please do it before installing the VM Anti Virus agent software If a template is created and saved from the Virtual Machine image of a Virtual Machine where VM Anti Virus agent software is installed or installation and activation registration to the Manager administered by NTT Communications is complete when a Virtual Machine is created using that template VM Anti Virus can no longer be used with the Virtual Machine used for creating the template and the newly built Virtual Machine The same applies when used for image backup VM Anti Virus does not guarantee that the provided VM Anti Virus feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the pattern files provided by the developers or distributors of the software that makes up the VM Anti Virus feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the VM Anti Virus feature Configuration information obtained from providing VM Anti Virus Information obtained from VM Anti Virus We cannot guarantee recovery from failures that
17. Customer Portal requires authentication using the ID and password that you have been issued NTT Communications Business Portal Enterprise Cloud is a service that is compatible with the NTT Communications Business Portal You need to submit a separate application to use the service in conjunction with the Business Portal If you are using the service through the Business Portal the authentication methods and user management procedures are different to those explained in this document For details refer to the NTT Communications Business Portal User s Guide available separately 2 1 1 Available Features You can use the following features in the Customer Portal Feature for batch management of You can manage multiple Data Centers as a multiple Data Centers batch Ticket Feature 1 You can share information between you and NTT Communications such as support assistance communication regarding errors and inquiries Enterprise Cloud Functional Description ver2 36 Console Connectivity You can perform a console connection with a Virtual Machine using a web browser X1 In Case of using remote Data Centers without local Data Center Customer Portal Ticket cannot be available Please refer to 9 2 1 Support Center Technical Help Desk X2 Available in Customer Portal function activated Data Center EEJ gt Access to the Customer Portal requires authentication using an ID and password Enterprise Cloud Functi
18. Database Engine collation Japanese CLAS Analysis Services collation Japanese CLAS Enterprise Cloud Functional Description r2 36 Walavass LIKING YUrigurauurt Server Configuration Authentication Mode Windows authentication mode Specify SQL Server administrators Administrator Data Directories Data root directory User database directory C Program Files Microsoft SQL Server C Program Files Microsoft SQL Server MSSQL12 MSSQLSERVER MSSQL Data User databaselog directory C Program Files Microsoft SQL Server MSSQL12 MSSQLSERVER MSSQL Data Temp DB directory C Program Files Microsoft SQL Server MSSQL12 MSSQLSERVER MSSQL Data Temp DB log directory C Program Files Microsoft SQL Server MSSQL12 MSSQLSERVER MSSQL Data Backup directory FILESTREAM C Program Files Microsoft SQL Server MSSQL12 MSSQLSERVER MSSQL Backup Enable FILESTREAM for Transact SQL access Disabled Analysis Services Configuration Server Configuration Server Mode Spacify which users have administrative permissions for Analys Multidimensional and data mining mode Administrator Data Directories Data directory C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Data Log file directory Temp directory C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Log C Program Files Micr
19. GW Internet Transit vLoad Balancer vFire wall Server Segment 1 Service Interconnectivity GW vLoad Balancer Virtual Machine Virtual Machine Compute Resource Pool 5 4 1 Available Features You can use the following features in Service Interconnectivity Feature Overview Enterprise Cloud Functional Description ver2 36 Service Interconnect A feature that uses L3 connectivity to interconnect Server Gateway Segments used for Enterprise Cloud and services targeted for interconnectivity Enterprise Cloud Functional Description ver2 36 5 4 2 Service Interconnect Gateway The Service Interconnect Gateway operates as a router Using an L3 connection it connects Server Segments used for Enterprise Cloud and the networks used by services targeted for interconnectivity You can specify the number of Service Interconnect Gateway that can be used in the same Data Center within the range listed below Lower Limit Upper Limit Units Provided Service Interconnect 1 The number of 1 Gateway Server Segments in use maximum 24 units X With Service Interconnectivity you can install one Service Interconnect Gateway for each Server Segment You can select the IP addresses used for Service Interconnectivity from the available IP Addresses You can only specify them at the time the Service Interconnect Gateway is created based on the application form If IP addresses have no
20. Instance configuration Default instance Instance Instance ID MSSQLSERVER Instance root directory C Program Files Microsoft SQL Server Server configuration Service account Service SQL Server agent Service SQL Server database engine Service SQL Server Analysis Services Service SQL Server Reporting Services Service SQL Server Integration Services 11 0 Service SQL Server Distributed Replay Client Account name NT Service SQL Server Distributed Replay Client Startup type Manual Service SQL Server Distributed Replay Controller Account name NT Service SQL Server Distributed Replay Controller Startup type Service SQL full text filter daemon launcher NT Service MSSQLFDLauncher Account name Startup type Service SQL Server Browser NT AUTHORITY LOCAL SERVICE Account name Startup type Disabled Enterprise Cloud Functional Description ver2 36 Database engine Collation sequence Japanese_CI_AS Analysis Services Collation sequence Japanese_CI_AS Database engine configuration Account provisioning Authentication mode Windows authentication mode Specify SQL Server administrators Administrator MSSQL11 MSSQLSERVER MSSQL Data Temp DB directory C Program Files Microsoft SQL Server re eee EE C Program Files Microsoft SQL Server MSSQL11 MSSQLSERVER MSSQL Data Enable FILESTREAM for Transact SQL access Disabled Analysis Services
21. Interconnectivity NTP 17 UDP Global IP Address 210 137 160 27 123 X 210 137 160 57 210 137 160 87 Enterprise Cloud Functional Description ver2 36 IKE 17 UDP He IP Address 153 128 53 16 28 500 500 SSH 6 TCP oe IP Address 153 128 53 16 28 22 153 128 53 32 28 ESP oe IP Address 153 128 53 16 28 ICMP ae IP Address 153 128 53 16 28 X This is a Global IP Address allocated to the On Premises GW inside the On Premises Environment On Premises GW inside the On Premises Environment There must be four Ethernet cables with the same rating of Category 5 Cat 5 or greater For each On Premises Interconnectivity two physical servers are set up which have the virtual appliances provided by NTT Communications Active Device one unit and Standby Device one unit as On Premises Connection GW inside the On Premises Environment The specifications for physical servers for the On Premises Connection GW inside the On Premises Environment are shown below An air conditioned environment is required to keep the racks and power supplies that can be used under these conditions at a suitable humidity and temperature Height x Width x Depth 8 59 cm x 44 54 cm x 69 98 cm Number of racks required 19 inch rack 2U Number of electrical 1 redundancy not possible connections Enterprise Cloud Functional Description ver2 36 Power supply requirements 1 200 W Networking 100Base TX 1000Base T interface re
22. MB 3 2 5 Important Points You cannot change the storage class Premium or Premium or add one or more storage devices You therefore need to consider your future storage usage plan when selecting a storage class at the time of your application You can change your storage device plan add a Disk resource However you cannot change to a plan that decreases the Disk resource value Ifyou change your storage device plan the date that the change application takes effect becomes the new starting date for calculating the minimum usage period for your contract Enterprise Cloud Functional Description ver2 36 Compute Class Small Medium Large cannot create the same cluster The same class of the physical server can be added within the limit range Compute Class Small Large is only provided in Japan DC Compute Class Medium is provided in US UK SG Please refer to Service Provided in each Data Center Enterprise Cloud Functional Description ver2 36 3 3 Private Catalog Private Catalog is a service that provides Disks for storing templates of Virtual Machines that you have created You can create new Virtual Machines from the templates saved in Private Catalog 3 3 1 Available Features You can use the following features in Private Catalog Provision of a Disk for A feature that provides a Disk region for saving Virtual saving template catalogs Machine templates and adds or reduces the capacity Y
23. Number of data 0 59 1 Disks 1 GB 2 047 GB 1 GB Disk capacity 1 MB 2 097 151 MB 1 MB There is no limit for total disk capacity However the total disk capacity no limit Memory Resource different for each Compute Class must be below the amount of space left in storage resource Understanding resource consumption The capacity totals below are consumed from the Compute Resource Pool Total Disk capacity assigned to a Virtual Machine Capacity of swap regions for each Virtual Machine Same capacity as the Memory capacity vNIC A vVNIC is virtual network adapter hardware that makes up a Virtual Machine The Server Segment service provides an L2 connection to Server Segments in the same Data Center A separate application is required to use the Server Segment service One of the assigned vNICs must be set as the representative vNIC called the Primary vNIC below Some of the initial settings for the Guest OS are affected by the primary vNIC selection For details refer to the Enterprise Cloud User s Guide 2 4 1 4 Initial Settings For Virtual Machines Monitoring of Virtual Machine pings is performed for the primary vNIC You can specify settings for an L2 connection between a primary vNIC and a Server Segment only when creating a Virtual Machine or when the Virtual Machine is powered off Specify the settings from the Customer Portal gt You cannot connect multiple vNICs from the same Virtual Machi
24. OLAP Backup Reporting Services Configuration Reporting Services Native Mode Install only OOO Reporting Services SharePoint Integrated Mode Install only OOo Distributed Replay Controller Spacify which users have permissions for the Distributed Replay Administrator o ontrolle r Distributed Replay Client Controller Name lank _f ee Oe E _ Server DReplayClient WorkingDir Pee E Server DReplayClient ResultDir 3 oO oO 3 3 wv G o o ius ius z a S S Q O 3 lt Enterprise Cloud Functional Description v For SQL Server 2014 Standard Japanese Item Feature Selection Settings Instance Feature Database Engine Service Selected SQL Server replication Selected Full text search and Symantec search Selected Data Quality Services Selected Analysis Services Selected Reporting Services Native Selected Shared Features Reporting Services SharePoint Selected Reporting Services Add in for SharePoint Products Selected Data Quality Client Selected Client Tools Connectivity Selected Integration Services Selected Client Tools Backwards Compatibility Selected Client Tools SDK Selected Documentation Components Selected Management Tools Basic Selected Management Tools Complete Selected Distributed Replay Controller Selected Distributed Replay Client Selected SQL Client Connectivity SDK Selected Instance root di
25. Segment You can use the load balancing feature for communication with Virtual Machines in a Server Segment Load Balancing Methods Round Robin Type distribute to each real server in order Least Connections Type distribute to the real server with the least number of connections HashType Fixes real server to be distributed to based on source IP Address Service Interconnectivity GW Load Balancing Segment f lt Real Server Real Server Virtual IP Proxy IP vLoad Balancer Health Check failure detection Health Check Method 2 Enterprise Cloud Functional Description ver2 36 5 8 1 Available Features You can use the following features in vLoad Balancer Load Balancing Feature A feature that balances the communication load for the Virtual Machine on the Server Segment IP Address Delivery Feature A feature that provides a Virtual IP called VIP below for communication between vLoad Balancer and vFirewall and a feature that provides a Proxy IP for communication between vLoad Balancer and the load balancing destination server called real server below EEJ gt You can install one vLoad Balancer unit to each Server Segment You can change the settings of vLoad Balancer from the Customer Portal 5 8 2 Load Balancing Feature vLoad Balancer Performance You can specify the performance provided by vLoad Balancer using the vLoad Balancer values The performance of one vLoad Balancer
26. Server Segment 2 Server Segment N Virtual Machine When you start using vFirewall it reads the packets that pass through the vFirewall judges the contents and dynamically opens and closes the ports It is effective as a stateful packet inspection feature that blocks unauthorized access You cannot disable this feature It is absolutely necessary to have a contract for either vFirewall or Integrated Network Appliance for one Enterprise Cloud Service However customer cannot have a contract for both vFirewall can connect to the Internet VPN and Server Segment vFirewall is constructed of redundant physical devices equipment and lines 5 7 1 Available Features You can use the following features in vFirewall Feature Routing Feature Firewall Feature Packet Filtering Feature NAT NAPT Feature vFirewall IP Addresses Overview A feature that connects to Internet Transit VPN Transit and Server Segment and performs the routing among them A feature that provides a dedicated vFirewall to the Customer inside the environment provided by Enterprise Cloud A feature that sets whether IP communication is allowed or denied among the routings that can be used by the routing feature A feature that translates IP addresses and ports among Internet Transit VPN Transit and Server Segment The IP addresses used by vFirewall are shown below Device Internet Transit VPN Transit vFirewall Virt
27. Server Segment Y Y Vf Y yY Y Service Interconnectivity Y Vf Y Y Y Interconnectivity Collocation Interconnectivity Y Y Vf N N N On Premises Connectivity N N N N N vFirewall Y Y Y Y Y Y vLoad Balancer Vf Y Vf Y Y Y Integrated Network Appliance Y Y Y Y Y Y Global File Storage Local Storage M Y if Y M Y Global Data Remote Storage Domestic Y Y M Y Y N Backup Remote Storage Global Y Y Y Y Y Y IPS IDS Y Y N Y Y Y Email Anti Virus Y Y N Y Vf Y Web Anti Virus Y Y N Y Y Y URL Filtering Y Y N Y Y Y Application Filtering i Y N Y Y Y Unauthorized Access Prevention Y Y N Y Y Y Web Browsing Security M Y N Y Yf Y Enterprise Cloud Functional Description ver2 36 Internet Gateway Security Y Y N Y M Y Web Application Firewall WAF Y 3 Y 3 N Y 3 Y 3 Y 3 VM Anti Virus Y Y Y Y Y Y VM Virtual Patch Y Y Y Y Y Y VM Firewall Y Y Y Y Y Y VM Security Advanced Package Y Y Y Y Y Y Application Profiling Y x4 Y 4 N Y 4 Yx4 Y 4 Network Profiling Y 4 Y 4 N Y 4 Y 4 Y 4 RTMD Web Y 4 Y 4 Y 4 Y 4 Y 4 Y 4 RTMD Email Y 4 Y 4 Y 4 Y 4 Y 4 Y 4 Name of Menu Feature DE SG HK MY AU TH Guaranteed Y Y Y N Y Y Compute Class Premium N Y Y Y Y Y Standard N Y N N N N Compute Resource Premium Y Y Y Y Y Y Storage Class Standard Y Y N N N N Zone N N N N N N Small N N N N N N Compute Class Medium N N N N N N Compute Resource Ta N N N N N N Dedicated Device 9 Premium N N N N N N Storage Class 7 Premium N N N N N N Private Catalog Y Vf Y Y Y Y Windows Server Y
28. So Customer can use the following amount resource approximately As of February 2015 CPU 27GHz 65GHz 80GHz The processing capacity of a CPU that provides 1 GHz of CPU resource is equivalent to the processing capacity when the physical processor above operates at 1 GHz In Compute Resource Dedicated Device you can set three parameters limit value reserved rate and reserved value for the CPU resources Memory resources and Disk resources in order to effectively utilize the resources that can be assigned to the Virtual Machine For details refer to 3 2 3 Parameter Settings for Resources gt P 82 Enterprise Cloud Functional Description ver2 36 Disk resources provided by the storage device For storage devices you can select the storage class and plan that is appropriate for your intended use The storage devices and resources that can be selected when you start using the equipment are shown below Premium 3 TB 3 072 GB E A F 9 TB 9 216 GB TB 18B 15 TB 15 360 GB TB 8482 GB 21 TB 21 504 GB Enterprise Cloud Functional Description ver2 36 Premium 3 TB 3 072 GB Ps es _ 9 TB 9 216 GB TB 12288 GB 15 TB 15 360 GB EEE Ee 21 TB 21 504 GB Reference Target I O performance for each storage class Premium Equivalent to iSCSI Approx 8 300 IOPS 24 TB approx 1 800 IOPS 3 TB IOPS is one performance measure for Memory devices such as hard Disks It is the number of times that a read write can be perfo
29. Transit Sets the Server Segments called VPN 29 to 24 settings Transit below used for connecting between the VPN Gateway and vFirewall or Integrated Nework Appliance Routing settings Sets up routing to enable communication 29 to 8 X2 between Arcstar Universal One Service and vFirewall or Integrated Nework Appliance X1 It is not necessary in Customer Portal available VPN Connectivity X2 For each route any one of them is specified Enterprise Cloud Functional Description ver2 36 Configuration Diagram Virtual Machine Biz Hosting Enterprise Cloud APGW Connection Segment Your VPN IP Address block called APGW connection segment IP address block below can be allocated to APGW connection segments NTT Communications selects and sets the IP addresses that are allocated to VPN Gateway and APGW from the APGW connection segment IP address block VPN Transit Your VPN IP Address block called IP address block for VPN transit below will be allocated to VPN transit NTT Communications selects and sets the IP addresses that are allocated to VPN Gateway and vFirewall or Integrated Nework Appliance from the VPN Transit IP address block Routing Settings In order to communicate from your VPN to vFirewall or Integrated Nework Appliance routing is set with vFirewall or Integrated Nework Appliance as the destination IP address block not used in Customers VPN is allocated to the des
30. Windows XP Microsoft Office e Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 7 12 3 Traffic Analysis Feature It mirrors customer traffic that passes through vFirewall detects access to fraudulent websites and Web access HTTP communication to C amp C servers that is executed by malware 7 12 4 Report Feature The assessment results of the file analysis and traffic analysis features are provided as daily and monthly reports You can download the reports from the security Web portal as password protected ZIP files Note that the date when downloading can start depends on the report type Report Type Details Date when downloading Enterprise Cloud Functional Description ver2 36 can start Daily report One day s worth of From the afternoon of the assessment results from day after the report target the file analysis feature date Monthly report One month s worth of From 11 business days into assessment results from the month following the the file analysis feature report target month You can set a password for the ZIP files in advance 7 12 5 Important Points The following files are not targeted for analysis Encrypted files Files set with passwords Analysis may be overdue when the device limit of throughput is exceeded RTMD Web cannot always be provided because it is to be inserted into the target communication route Thus network design consideration is required before appli
31. Y M Y M M OS Red Hat Enterprise Y Y Y Y M Y License Linux Database MS SQL Y M M Y Y Y Microsoft SAL RDS SAL Y Y Y Y Y Y Image Backup N N N N N N File Backup N N N N N N 10 Mbps Y Y N Y Y Y Best Effort 100 Mbps Y Y Y Y Y Y 1 Gbps N N N N N N Internet Connectivity 1 to 100 Mbps Y 2 Y 2 N Y 2 Y2 Y 2 Guaranteed 200 Mbps to 1 Gbps N Y N N N N Global IP Address Y M y Y Y Y Best Effort 100 Mbps Y Y Y Y Y Y 100 Mbps N N N N N N VPN Connection Guaranteed 200 Mbps N N N N N N 1 Gbps N N N N N N Server Segment Y Y Y Y Y Vf Service Interconnectivity Y Y Y Y Y M Interconnectivity Collocation Interconnectivity N N N N N N On Premises Connectivity N N N N N N vFirewall N Y Y Y Y Y vLoad Balancer N Y Y Y Y Y Integrated Network Appliance Y N N N N N Global File Storage Local Storage Y v M Y M Y Global Data Remote Storage Domestic N N N N N N Enterprise Cloud Functional Description ver2 36 Backup Remote Storage Global N Y Y Y Y N IPS IDS Y Y Y Y Y Email Anti Virus Y Y Y Y Y M Web Anti Virus Y Y Y Y Y Y URL Filtering Y Vf v Y v Y Application Filtering Y Y Y Y Vf Vf Unauthorized Access Prevention Y N N N N N Web Browsing Security Y N N N N N Internet Gateway Security Y N N N N N Web Application Firewall WAF Wes Nias Yeg Y 3 Yg Y 3 VM Anti Virus Y VM Virtual Patch Y Vf Y Y Vf Y VM Firewall Y Y Y Y Y Y VM Security Advanced Package Y M Y Y Y Y Application Profiling Y 4 Y 4 Y 4 Y 4 Y 4 Y 4 Network Profiling Y 4 Y 4 Y 4 Y 4 Y 4
32. Yokohama No 1 Yokohama No 1 Tokyo No 2 and Tokyo No 3 Tokyo No 5 and Tokyo No 6 and Saitama No 1 Saitama No 1 Yokohama No 1 Tokyo No 2 Tokyo No 3 Tokyo No 5 Tokyo No 6 and Saitama No 1 INFO You can connect to multiple colocations at each Enterprise Cloud Service Data Center Networking According to the rack location that you specify any of the following methods will be provided after the facility is studied by NTT Communications You cannot select the method to be provided UTP x 2 units Media Converter x 2 units The media converter specifications are shown below specifications of Japan Data Center Contact us for specifications of overseas Data Center Height x Width x Depth 4 24 cm x 13 cm x 20cm Power supply type AC100 V Power redundancy Single Linkdown forwarding Yes You must prepare a separate location and power supply for the media converter In order to connect the media converter you must have two Ethernet cables with the same rating that are Enhanced Category 5 Cat 5e or greater Enterprise Cloud Functional Description ver2 36 Customer L2 Switch Please be aware of the following points regarding the Customer L2 switch settings For one colocation connection a maximum of 24 VLANs can be used Please connect the Customer L2 switch VLAN port using tagged settings The range of VLAN IDs where you can specify is from 2 to 4094 The maximum number of
33. all Compute Resources that belong to the same HA cluster cannot exceed the CPU resource provided by that HA cluster Memory Resources You can add or reduce Memory resources within the ranges shown below Lower Limit Upper Limit Setting Unit Limit value 1 GB The resource value 1 GB provided by the HA cluster Reservation rate 20 100 1 Reservation value Determined based on the product of the limit value and the reserved rate The total of the Memory resource reserved rates for all Compute Resources that belong to the same HA cluster cannot exceed the Memory resources provided by that HA cluster Disk Resources You can add or reduce Disk resources within the ranges shown below Lower Limit Upper Limit Setting Unit Reservation value 50GB Disk resources 1 GB provided by the storage device The total of the Disk resource reserved rates for all Compute Resources that belong to the same storage device cannot exceed the Disk resources provided by that storage The Disk resources listed in the Customer Portal may vary slightly from the values in the table Disk performance varies according to the storage class For details refer to Class P 77 3 2 4 Assigning Resources to a Virtual Machine Create a Virtual Machine by assigning resources in a Compute Resource Pool CPUs Memory Disk to the Virtual Machine The amount of resources that can be assigned to a Virtual Machine is different with Customer Po
34. be able to add delete or change a Compute Resource Pool depending on the compute resource usage conditions Enterprise Cloud Functional Description ver2 36 Usage Units You can add or reduce the physical servers regular servers and standby servers and storage devices handled by dedicated devices within the ranges shown below To add delete or change a physical server please submit the application specified separately Regular servers Storage device Deleting and adding real servers within the range of the number of servers that can be configured Dedicated devices In Compute Resource Dedicated Device the physical server is combined with an HA cluster configuration You therefore need a total of two servers one regular server and one standby server as the minimum configuration for one dedicated device You may not be able to add or delete a physical server depending on the compute resource usage conditions The amount of resource that could be distributed to each compute resource pool from the dedicated device is as follows CPU 1 GHz Total amount of CPU resource of HA Cluster 1 GHz Active Server Disk 50 GB Disk resource of Storage Device 50 GB Enterprise Cloud Functional Description ver2 36 There is no limit for total disk capacity However the total disk capacity no limit Memory Resource different for each Compute Class must be below the amount of space left in storage
35. connection between the Server Segment that NTT Communications provides and your system environment inside our colocation via our inter Data Center network Able to change Gretna Poal system settings on demand Customer equipment IF 1000Base T Customer Connectivity L2 switch Redundant Customer equipment Enterprise Cloud Collocation set up By NTT Communications Customer System 5 5 1 Available Features You can use the following features in Colocation Interconnectivity Feature Overview Layer 2 L2 Connection A feature that connects the Server Segment NTT Communications provides and your system environment inside our colocation using the same Server Segment 5 5 2 Layer 2 L2 Connection For one colocation connection you can have L2 connections with Server segments a maximum of 24 Server Segments using tagging VLAN The colocation connection is constructed of redundant physical devices equipment and lines The maximum bandwidth that can be used by one colocation is 1 Gbps After starting use you can start stop using the service by changing the communication bandwidth settings 1000Mbps O0 Mbps and add delete VLAN from the Customer Portal Connectable Colocations The colocations that can be connected differ according to Enterprise Cloud Service Data Center The following are the colocations that can be connected Enterprise Cloud Functional Description ver2 36
36. decrease temporarily Backup of Compute Resource Dedicated Device may not be supported depending on usage of disk I O so please contact us License of the Restored Virtual Server Ifthe Virtual Server targeted for backup was using the OS license provided by NTT Communications the overwritten restored license on the Virtual Server is equivalent to the OS license Therefore no OS license is added to the restored Virtual Server Guest OS Setting When changing the Guest OS network settings do not disable a vNIC that has been recognized even if you are not using that vNIC If Virtual Servers with disabled vNIC are backed up and restored failures might occur Difference between the Setting Time and Chargeable Duration due to Difference of Time Zone Configurable date and time slot are set on the Portal window according to the local time configured time zone However the system operated with the universal time coordinated UTC so that charging is processed with UTC For Japan backup process that takes a maximum of 9 hours is charged as the process for the previous day Example Charging when backup is performed at the end of month in the Japanese time zone To make the explanation easy to understand Japan Standard Time JST is set for time zone backup date is set to 0 00 on April 1 Japan Standard Time and O minute is set for the backup period If the backup retention period is set to one day the data retention period i
37. does not support Virtual Machine which is over 4 000GB for total disk capacity the memory resource different for each Compute Class Restore Backup image is overwritten on and restored from the Virtual Server from which backup is acquired The Virtual Server is restored at the state of Power Off The Virtual Server needs to be manually started The restored Virtual Server is restored with the following settings for vCPU memory disk and vNIC vCPU Restores the configuration of the Virtual Server targeted for backup Disk Restores the configuration of the Virtual Server targeted for backup For various settings of Guest OS settings of the Virtual Server targeted for backup are restored but some setting items including default GW subnet mask and DNS are not backed up For details refer to Guest OS Customization P 66 The change S ID Sysprep that is normally performed while using Windows is not performed Enterprise Cloud Functional Description ver2 36 4 1 3 Backup and Restore Management A feature for referencing the schedule and job history relevant to backup and restore and a feature for managing backup image are provided Job indicates processing related to backup and restore When the image backup job is completed the result is automatically reported via E mail Schedule Management Function This is a feature that manages backup job It is possible to create the backup job by specifying t
38. example if the VLAN ID that is used for the L2 connection inside the On Premises Environment has the number 500 specify numbers from 499 and below for the redundant VLAN ID Enterprise Cloud Functional Description ver2 36 5 6 3 Important Points gt If failures occur the switchover from the active device to the standby device will be performed automatically The time taken from when the reason for the switchover occurs to when the switchover is completed is generally just a few seconds Even when the failure in the active device is solved it does not switch over to the active device Within the On Premises Environment the NTT Communications is only responsible for the On Premises GW On Premises GW inside the On Premises Environment can only be installed address inside Japan They cannot be installed outside of Japan If failures caused by your deliberate act occur to the physical server owned by NTT Communications that features as the On Premises GW inside the On Premises Environment you may be held responsible for restoring it to its original condition You cannot use an NAT feature using a network device for the connection from On Premises GW inside the On Premises Environment to the Internet You cannot use one Server Segment for multiple L2 connections You cannot connect multiple VLANs set inside a single On Premises Environment to the same Server Segment simultaneously To add and use a VLAN ID that is
39. lower than the redundant VLAN ID in the L2 tunnel you need to change the redundant VLAN ID If different IP address blocks or subnet masks are set for the Server Segments and VLAN inside the On Premises Environment that connect via L2 NTT Communications assumes no responsibility whatsoever for issues arising from those settings You are responsible for IP address design in the On Premises Environment and Enterprise Cloud NTT Communications assumes no responsibility for any failures that may occur due to IP design problems In order to prevent adverse effects on shared equipment NTT Communications uses settings that partially restrict multicast and broadcast communications If the MAC address of the Virtual Machine of Enterprise Cloud and the MAC address of the devices inside the On Premises Environment overlap the Customer might be required to change the MAC addresses Also if MAC addresses adversely affect equipment shared with other customers we might restrict the use of On Premises connection without prior permission from you Enterprise Cloud Functional Description ver2 36 5 7 vFirewall vFirewall is a service that as a firewall feature mainly provides routing packet filtering and NAT NAPT features vFirewall provides you with a dedicated vFirewall You can change parameters from the Customer Portal Internet GW VPN Connection GW oo gt Internet Transit vFirewall Server Segment 1
40. might occur due to incompatibility between VM Anti Virus and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 8 VM Virtual Patch VM Virtual Patch is a service that detects and protects the Virtual Machine from attacks on vulnerabilities For OS and application vulnerabilities it is a service that provides signatures that provide solutions equivalent to the security patches provided by application vendors VM Virtual Patch uses a signature based defense against the targeted attack traffic VM Virtual Patch does not affect the performance of applications VM Virtual Patch does not fix issues at the software code level but provides temporary security measures So please apply the regular security patches provided by each application vendor for long term measures 7 8 1 Available Features You can use the following features with VM Virtual Patch VM Virtual Patch A feature that detects or protects against blocks attack traffic directed against vulnerabilities 7 8 2 VM Virtual Patch Feature You can choose the detection mode or the defense mode Detection Attack traffic is detected However traffic is not blocked even though attack traffic is detected The method for detecting attack packets is described below The contents of packets that use kernel mode drivers that are bound to
41. not available in Customer Portal The case where IP address below and routing settings are the same NTT Communications does not support the operation Global IP address VPN transit IP address block Server Segment IP address block Non duplicatable IP Address Bands indicated to Important Point in Server Segmet section 5 9 8 Reference Information Enterprise Cloud Functional Description ver2 36 Various Recommended Values of the Integrated Network Appliance Various recommended values are as follows Item Recommended Details Value Performance Approximately up to Although performance is not restricted 100Mbps approximately up to 100Mbps is expected regardless of plans based on results of verification In addition performance is degraded in inverse proportion to increase of the number of rules set Number of load 3 Although it may be possible to set 3 or balancing rules more rules depending on customer s usage situation we can only support up to 3 rules Number of Approximately 20 Two NAT rules are set for one VM as virtual servers in Global Rules in order to execute VM use monitoring Along with these rules a maximum of 4 NAT rules are consumed if NAT rules are set for communications for Internet therefore using approximately 20 VMs is expected Downtime in Approximately 30 When using the redundant plan recovery case of seconds with downtime of approximately 30 redundancy
42. of the following methods Set the Virtual Machine default gateway to vFirewall Set vFirewall as the static route gateway for communication addressed to the Manager administered by NTT Communications Ifthe Virtual Machine that uses VM Anti Virus is connected to a Server Segment that is not directly connected to vFirewall additional Server Segment is required to directly connect the vFirewall and the Virtual Machine Enterprise Cloud Functional Description ver2 36 DNS name resolution In order to communicate with the Manager administered by NTT Communications name resolution for the manager is required Please use the DNS server inside your environment or the Virtual Machine hosts file to set name resolution for the Manager administered by NTT Communications Restrictions The following files are not targeted for virus scan Encrypted files Files set with passwords Corrupted files Compressed files that have been compressed using unsupported formats Compressed files that have been compressed six or more times in supported formats Files with extracted file sizes of 10 MB or greater real time scan default value Files with extracted file sizes of 30 MB or greater scheduled or manual scan default value You cannot set directories or files inside the network drive as targets for virus scan We recommend that you do not target directories or files for virus scan that have a high write frequency
43. one SNAT rule Targeted network Selects the destination network for communications to which the SNAT rule is applied from Internet Transit VPN Transit and Server Segments that are connected to the Integrated Network Appliance Source IP address after Specifies the IP address that is converted according to this conversion rule DNAT Feature The following items can be set for one DNAT rule Enterprise Cloud Functional Description ver2 36 Targeted network Selects the destination network for communications to which the DNAT rule is applied from Internet Transit VPN Transit and Server Segments that are connected to the Integrated Network Appliance Destination port number If TCP or UDP is specified for protocol specify the port before conversion ICMP number that is not converted according to this rule If ICMP Type is specified for protocol ICMP Type needs to be specified Destination port number If TCP or UDP is specified for protocol specify the port after conversion ICMP Type number that is not converted according to this rule If ICMP is specified for protocol ICMP Type needs to be specified Enable Enables or disables this rule You can translate IP addresses either 1 to 1 or 1 to N The IP addresses that can be set to NAT NAPT differ depending on the network that executes NAT NAPT Internet Transit Global IP Address that is not allocated to Internet GW in global IP addresses that are used f
44. overwriting or newly another space on the same Virtual Server Overwriting is recommended in this service If overwriting is selected same amount of blank disk is needed to restore 4 2 4 Backup and Restore Management A feature for managing the schedule and job history relevant to file backup and restore and a feature for managing backup file are provided After backup job is finished result E mail will be delivered Schedule Management Function A feature that manages the backup job It is possible to create the backup job by specifying the schedule type retention period and start date or change or delete the created backup job Name Description Effective flag It is possible to enable or disable this backup job Schedule Job history It is possible to select the job from the schedule configured in the past or configure a new schedule If the job is selected from Enterprise Cloud Functional Description ver2 36 Scheduled jobs the schedule configured in the past the configured contents are adopted Schedule type It is possible to select the spot One Time daily weekly and monthly backup time Incremental backup If the weekly backup is selected for the schedule type combination with daily incremental backup can be selected Retention period You can decide the retention period for the acquired backup image Retention period varies depending on schedule type You can specify the date from when backup starts
45. period during which the switching occurred from the Security Web Portal Web Anti Virus does not guarantee that the Web Anti Virus feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the virus identification algorithms provided by the developers or distributors of the devices making up the Web Anti Virus feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the Web Anti Virus feature Configuration information obtained from providing Web Anti Virus Information concerning detection etc for Web Anti Virus We cannot guarantee recovery from failures that might occur due to incompatibility between Web Anti Virus and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 4 URL Filtering URL Filtering is a service that controls access to websites in accordance with the policies of the customer gt URL filtering is used via Service Interconnectivity You need to apply separately for Service Interconnectivity URL Filtering filters communication from the client VPN to the Server Segments targeted for protection 7 4 1 Available Features You can use the following features in URL Filtering Feature Overview URL filtering A feature that controls website access by either issuing a warning o
46. plan seconds is expected Recommended Environment for IPsec Termination Function The checking of operations model by our company is as follows ASA5510 Vyatta Core 6 6R1 Integrated Network Appliance this service X NTT Communications does not support about actual connectivity Enterprise Cloud Functional Description ver2 36 6 External Storage Global Standard Menu 6 1 Global File Storage Global Data Backup Global File Storage Global Data Backup is a service that provides shared External Storage areas for storing backup data It provides a feature that stores backup data not only in the Primary Data Center the same Data Center but also stores backup data in a Secondary Data Center remote Data Center Pe ee ere Cr eee eer Virtual Machine Global Data Center Backbone SPCSCP SSS SST SSS SS Tom CESSES SSCS SESS SEES SSS OSS BS SSCS SSC SSCS ESSE ESS eee See See eee eS Backup work done rhc Restore Burst temporary Restore by your operation bandwidth increase is Read only possible if necessary 3 Primary Storage Data Replication Secondary Storage Backup Area t Backup Area Primary Data Center Secondary Data Center Same Data Center Remote Data Center rere ee eee eee ree ee ere rere errr id INFO The shared External Storage area is connected by CIFS Common Internet File System protocol or NFS Network File System protocol We ask you
47. real time Enterprise Cloud Functional Description ver2 36 When Using the Cloud for Multiple Systems Required Features Requests Used Services and Notes e I want to separate network segments o so that I can separate them into multiple systems e Server Segment Add Server Segments and build a complex network Compute Resource Separate and manage Compute Resource Pools by system e I want it to be easy to operate because I will be managing many servers When Outsourcing an Application Server That Demands Performance for Data I O Required Features Requests Used Services and Notes I want to reliably secure Disk I O Compute Resource Dedicated Device The server equipment and storage devices in the cloud infrastructure are used by having a physical server in a physical enclosure dedicated to you I cannot physically accommodate another contractor on the same server so I want to use the cloud on a dedicated physical server When Outsourcing an Infrastructure That Cannot Be Installed on the Same Hardware As Another Business Due to the Security Policy Required Features Requests Used Services and Notes I want to reliably secure Disk I O Compute Resource Dedicated Device I cannot physically accommodate The server equipment and storage so I want to use the cloud used by having a physical server in a on a dedicated physical server physical enclosure dedicated to you When Implementing a BCP Required Featu
48. resource ClassesThe Compute Resource Pool is comprised of two classes a Compute Class CPU and Memory provided by a physical server and a storage class Disks provided by a storage device You can choose from three different service class Small Medium Large that has differenct resource capacity Storage classes are separated into two types of service classes Premium and Premium with different levels of Disk performance You can select the class that is appropriate for your intended use Compute Class CPU Small The Physical Server of Small is the Physical server Memory smallest The physical server of Small provides smaller CPU Reource and Memory Resource than Medium Large The Physical Server of Large is the largest The Physical Server of Large provides the largest CPU Resource and Memory The CPU performance iof Lrge is higher than that of Medium Premium Provides a Disk resource with faster Disk performance than Premium equivalent to FC Physical server performance The physical configuration of one physical server that are provided are shown below Enterprise Cloud Functional Description ver2 36 Number 2 sockets Number of 4 sockets Number of 4 sockets Number of of physical CPU cores physical CPU cores physical CPU cores physical Total of 16 cores Total of 32 cores Total of 32 cores CPU sockets Memory 128 GB 192 GB 768 GB X About 10 15 overhead is required for vitrtualization
49. restore your system to the state it was in when you started using the Enterprise Cloud Ping Monitoring You cannot instruct us to stop ping monitoring on your Virtual Machine Monitoring cannot be performed when the primary vNIC is connected to a Server Segment that is not connected to vFirewall When adding a Server Segment you can perform ping monitoring for each device connected to this Server Segment by connecting this Server Segment to vFirewall Changing the settings on your Guest OS may cause pings to fail if response packets from the primary vNIC are lost This may be interpreted as a ping error Definition of Weekdays Business Days Weekdays business days are based on Japan Standard Time JST They are Monday to Friday except for national holidays stipulated under the laws of Japan and the New Year period as stipulated by NTT Communications December 29 to January 3 Enterprise Cloud Functional Description ver2 36 A Application Filtering ccceeeceeeeseeeeeeeeeees 210 Application Profiling s s s 232 B BACKUP O TE 116 187 C Colocation Interconnectivity seeeeeeeeeee 150 COM PULG assier ro aAa aana 52 Compute RESOUICE vi sssctiiecttctncanineersesteeseeaes 52 Compute Resource Dedicated Device 75 Contact When a Failure Occurs sses 247 Customer Portal 000 eed 41 Customer SUPPOMt cece teen ttteee rere ee eeeeae 245 Customer System Environment 154 D D
50. rule and DNAT rule are added to the virtual server to be monitored for each virtual server to be monitored Number of Configurable Rules For the Integrated Network Appliance the following number of rules can be set regardless of the plan Feature Maximum number of rules that can be set Firewall rule Approximately 90 rules SNAT rule Approximately 190 rules including SNAT rule and DNAT DNAT rule rule Static routing Approximately 90 rules Load balancing rule Approximately 3 rules IPsec termination rules Approximately 50 rules The above maximum number of rules that can be set includes the number of Global Rules The value obtained by subtracting the number of Global Rules from the above values is the number of rules that can be set by customer Performance is likely to be degraded when the number of rules set increases Enterprise Cloud Functional Description ver2 36 Restrictions and Disclaimers Although it is possible to set various communication rules by using this service customers are responsible for setting contents therefore NTT Communications cannot guarantee validity and accuracy of setting contents In addition we cannot compensate damages caused by defects of the setting contents However we are responsible for setting the Global Rules Communication interruptions might occur when you change the settings of the Integrated Network Appliance from the Customer Portal Performance monitor is
51. servers and storage devices shared by multiple users Use the Customer Portal to create change or delete a Virtual Machine 3 1 1 Available Features You can use the following features in Compute Resource 1 Provision of Compute A feature that uses the Compute Resources Resource Pools CPU Memory Disk to create Virtual Machines You can create multiple machines CPU resources Memory resources Enterprise Cloud Functional Description ver2 36 EEJ gt The infrastructure for Compute Resources is comprised of HA High Availability clusters and storage devices that have spare physical servers If a failure is detected on a physical server that contains Compute Resources the server is automatically replaced by a standby server You can select Compute Resources that offer the appropriate performance level Guaranteed Premium Standard for your intended use 3 1 2 Provision of Compute Resource Pools You can create and use multiple Compute Resource Pools CPUs Memory Disk to create a Virtual Machine Use the Customer Portal to add delete and change Compute Resource Pools Compute Resource Pool 1 Compute Resource Pool 2 Adding a second resource pool There must be at least one Compute Resource Pool When using multiple Data Centers there must be a Compute Resource Pool for each Data Center Compute Resources CPU Memory Disk cannot be assigned to multiple Compute Resource Pools Compu
52. steps of a VLAN tag is one step Priority control cannot be performed according to CoS values Please set Interface as 1O00GASE T the connection procedure to Auto Negotiation e The UTP x 2 cables and the media converter x 2 units which are the connection points have a redundant configuration Please set L2 switch as active and standby configuration to avoid frame a loop in Layer 2 and connection braking off 6 Please set the Customer system so that no problems occur if part of the provided network has a communication interruption The minimum frame length is 68 bytes tag and the maximum is 1 522 bytes tag IEEE 802 3x pause and LLDP cannot be used with the Customer L2 switch NOTE To set redundant configuration customer selected please use the VLAN ID between from 2 to 4094 with tagged settings Please confirm beforehand wheater the L2 switch prepared for this service can be available to use tagged settings The checking of operations protocol used by Cisco is as follows PVST and Rapid PVST and Flex Link IOS 12 2 53 SE2 NTT Communications does not support about actual connectivity in all IOS version Untagged control frame defined by Spanning Tree Protocol IEEE 802 1d will be discarded systematically L2 Broadcast L2 Multicast and Unknown Unicast that exceed 10 Mbps may be discarded Even if the communication bandwidth is set to Disabled 0 Mbps the control frames can commu
53. that can be analyzed by RTMD Web is shown below Item Performance Remarks maximum value Traffic Processing Capacity 20 Mbps The total value of uplink and downlink 7 12 2 File Analysis Feature It mirrors customer traffic that passes through vFirewall and detects suspicious communication that might trigger an attack such as downloads of obfuscated Java Script and executable files Enterprise Cloud Functional Description ver2 36 The detected communication is actually reproduced in the RTMD Web virtual environment The content of changes generated inside the virtual environment such as file opening closing creating changing and deleting registry changes and API and addresses that are called is recorded Whether it is malware or not is determined by those results The Virtual Environment that Analyzes Malware By installing operating systems OS Web browsers and Microsoft Office in the Malware Detection Web virtual environment you can reproduce the attacks aimed at the vulnerabilities of each application and detect malware You can choose from the following operating systems OS Web browsers and Microsoft Office versions to install in the virtual environment Item Software Options Operating System OS Windows XP Windows XP SP2 SP3 Windows 7 Windows 7 SP1 Windows 7 x64 SP1 Web Browser Internet Explorer 6 to 10 Firefox 3 5 6 0 17 0 18 0 23 0 Chrome 19 0 25 0 Windows XP Windows 7 Chrome 26 0
54. that provides a Microsoft license for Microsoft SQL Server on Virtual Machines created in Compute Resource 5 In Database License MS SQL NTT Communications provides database licenses as its own service based on a contract signed under Microsoft s SPLA license agreement 3 5 1 Available Features You can use the following features in Database License MS SQL Feature Overview Provision of a Database A feature for using a Database License to run Microsoft SQL License Server on a Virtual Machine in Compute Resource Provision of a Public A feature that uses a template of the Microsoft SQL Catalog Server installed Virtual Machine to provide the above license 3 5 2 Provision of a Database License The following licenses are provided by Database License MS SQL OS Database a an Windows Server 2008 SQL Server 2008 R2 Standard 64bit Japanese English R2 Enterprise SQL Server 2012 Standard 64bit Japanese English r l Windows Server 2012 SQL Server 2012 Standard SP2 64bit Japanese English Standard SQL Server 2014 Standard 64bit Japanese English a a aaa The Database License that are provided with Windows Server 2012 Standard is currently available in Japan Datacenters The service will be available in other Datacenters Provision of a Public Catalog You can use the templates provided by Database License to create a Virtual Machine You can use templates from the Customer Portal when creating a Virtual Machi
55. the user or by NTT Communications X Secondary DNS A value specified by the user or by NTT Communications Host computer name A value specified by NTT Communications X The settings that are specified by NTT Communications are the IP addresses for the vFirewall Integrated Network Appliance for the Server Segments to which the primary vNIC connects However the IP address that is set for Server Segments that do not connect to the vFirewall Integrated Network Appliance is the broadcast address of the IP address block for the Server Segment 1 For example if the IP address block is 192 168 0 0 24 the IP address that is the broadcast address of the IP address block for the Server Segment 1 will be 192 168 0 254 Enterprise Cloud Functional Description ver2 36 E Contents that are automatically changed at the initial start after restoring the Image Backup Net Mask Subnet mask of the the server Applies to all vNICs segment to which the vNIC is connected Primary DNS Value specified by customer or NTT Communications DNS suffix Value specified by customer or no value X 1 The values specified by NTT Communications are the IP addresses for the vFirewall Integrated Network Appliance for the Server Segments to which the primary vNIC connects However the IP address that is set for Server Segments that do not connect to the vFirewall Integrated Network Appliance is the broadcast address of the IP address b
56. trafficand unauthorized access attempts to a protected Server Segment The top pages of the Security Web Portal are shown below Enterprise Cloud Functional Description ver2 36 DCs outside Japan version WideAngle MSS Customer Portal WIDE 3 ANGLE COMPANYNAME PROFLE HELP LOGOUT INFORMATION SECURITY AND RISK MANAGEMENT INCIDENTS n REQUESTS REPORTS DEVICES DOCUMENTS a 7 EMERIO EMERIOCELL MASTER 1 ASAS512X 020 e Dua Posted 2013 noanoa EMERIO EMERIOCELL MASTER 1 FGVM 037 e beatae dc Tuo 10 Sep 2013 Shosulos Netonance tor Eroso EMERIO EMERIOCELL SLAVE 10 ASA5512X 001 e Wed 04 Sop 2013 wd ul pemptiails EMERIO EMERIOCELL MASTER 1 FG100C 025 e acer destin tel Se es eee Mo 19 Aug 2013 noa caton for onerocom 1 7 EMERIO EMERIOCELL MASTER 1 FG100C 027 9 7 EMERIO EMERIOCELL MASTER 1 PA200 047 7 EMERIO EMERIOCELL MASTER 1 SNM290 048 Open Tickets Health and Availability Incider Status All 2 Status 8 Ticket ID Request Type Title Opened Last Activity Ticket 10 Title Opened Last Activity 197378 General inquty A new rogues by Deda Caro 2005 00 01 02 1 2013 10 91 02 1 196005 PROBLEM check neat on ENERIOENERK 201309 10 00 55 42 2013 10 11 07 10 10 197315 Genoma iaguiy 2013 1009 031 20131049 ca 195745 PROBLEM Croce Log Age on EMERIOEM 20130005 12 1109 20131004 0256 10 197314 Toude Twat 2013 1009 O33 20131049 091 194293 ms 20130728 04 17 59 20130304 142229 197313 Toudb Tow 2013 1009 032 20
57. used in the shared External Storage area of Global File Storage Global Data Backup The head unit of the storage used for backup is in a cluster structure and the parity Disks are redundant The connection with Primary Storage is through Service Interconnectivity The transmission speed provided is Best Effort It varies depending on your system environment and the status of line congestion A maximum of 10 Storage units can be used with a single Service Interconnectivity Enterprise Cloud Functional Description ver2 36 Plans You can choose from the following Storage plans Local DC Storage As backup area the plan provides only the shared External Storage area Primary Storage inside the same Data Center Primary Data Center If you are separately using a Compute Resource at a remote Data Center you can retrieve data stored in Secondary Storage from the remote Data Center via Service Interconnectivity To use this service you must submit an application in writing When you connect from the Compute Resource at the remote Data Center Secondary Storage is read only You cannot store newly created data You can save to the remote Data Center by connecting between Data Centers using a virtual network It is possible to temporarily increase the transmission speed of the virtual network with bursts according to the traffic volume The transmission speed for bursts differs according to the service plan S M L
58. versions to install in the virtual environment Item Software Options Operating System OS Windows XP Windows XP SP2 SP3 Windows 7 Windows 7 SP1 Windows 7 x64 SP1 Web Browser Internet Explorer 6 to 10 Firefox 3 5 6 0 17 0 18 0 23 0 Chrome 19 0 25 0 Windows XP Windows Chrome 26 0 Windows XP Enterprise Cloud Functional Description ver2 36 Microsoft Office e Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Report Feature The malware assessment results and the results of detection of URL links to fraudulent sites are provided in daily and monthly reports You can download the reports from the security Web portal as password protected ZIP files Note that the date when downloading can start depends on the report type Daily report One day s worth of From the afternoon of the assessment results from day after the report target the file analysis feature date Analysis Capacity The traffic volume that can be analyzed by RTMD Email is shown below Number of emails 150 000 emails day 6 250 emails per hour Enterprise Cloud Functional Description ver2 36 7 13 3 Important Points The following files are not targeted for analysis Encrypted files Files set with passwords Analysis may be omitted when the device throughput limit is exceeded RTMD Email cannot always be provided because it is to be inserted into the target communication route Thus network design c
59. when turning the power on for the first time after creating a Virtual Machine IP Address A value specified by the user or Applies to all vNICs by NTT Communications Default gateway A value specified by the user or by NTT Communications X Secondary DNS A value specified by the user or by NTT Communications S ID For Windows OS only a Sysprep is performed and the S ID is changed automatically Host computer name A value specified by NTT Communications X The settings that are specified by NTT Communications are the IP addresses for the vFirewall Integrated Network Appliance for the Server Segments to which the primary vNIC connects However the IP address that is set for Server Segments that do not connect to the vFirewall Integrated Network Appliance is the broadcast address of the IP address block for the Server Segment 1 For example if the IP address block is 192 168 0 0 24 the IP address that is the broadcast address of the IP address block for the Server Segment 1 will be 192 168 0 254 Enterprise Cloud Functional Description ver2 36 mSettings that are changed automatically when starting for the first time after changing the Server Segment to which the vNIC connects the primary vNIC or the vNIC IP address IP Address A value specified by the user or Applies to the vNIC for by NTT Communications which the destination Server Segment has changed Default gateway A value specified by
60. 12 Standard SP1 Japanese 64bit version Approximately 13 GB SQL Server 2012 Standard SP2 Japanese 64bit version Approximately 11GB SQL Server 2014 Standard Japanese 64bit version Approximately 6GB SQL Server 2008 R2 Standard SP2 English 64bit version Approximately 7 GB SQL Server 2012 Standard SP1 English 64bit version Approximately 13 GB SQL Server 2012 Standard SP2 English 64bit version Approximately 11GB SQL Sevrver 2014 Standard English 64bit version Approximately 6GB You can use between one and four vCPUs with SQL Server Standard Edition Please do not set more than five vCPUs on Customer Portal ver2 0 If the customer has set more than five vCPUs please contact NTTCom individually You cannot change the SQL Server type for a Virtual Machine created with Database License MS SQL If you reinstall SQL Server create the Virtual Machine again from the template The template specifications may change Prohibited Acts The acts listed below violate the agreement between the user and Microsoft or are considered incorrect usage of NTT Communications services Users engaged in such Enterprise Cloud Functional Description ver2 36 acts may be subject to penalties imposed by NTT Communications such as suspension of service or incorrect usage penalties imposed by Microsoft The following acts are specific examples The acts that may be subject to penalties are not limited to the acts below Using licensed products provided through D
61. 13 1009 Ca 19413 wgusson ss 20130704 10 13 08 20130304 181441 197312 Toude Now 2013 1009 031 2013 1009 cas 195342 eet 1176 201307 01 00 00 30 20130917 101321 197132 Genel isquty A new rogues by Cade Card 2013 1004 07 1 2013 1004 07 1 195005 msi sago pons 20130812 10 02 34 20130812 100234 193050 Genomiisquiy A new quem by Deda Caro 2093 9063 063 2013 1009 Cas 197a Tos HAAA 1046 20130521 0148 51 20130521 01 4851 190053 Genom Inquiry 2013 1001 OFS 2013 1001 OF 194405 ms CoWOr Ue 20130322 00 49 51 20130322 120939 19052 Genera Inquiry 2093 2061 OF 2 2013 1001 Ors Curent tht Event Proceasing Ticket 1O Title Lost Activity 197304 OERDEW Troe Actnty 197338 MS IE COapNede Object Roncie Code Eo 20131011 03 29 08 Logs 6 173 70131007 050857 100779 Sempe Porem heyo 201399 10 197 57 70131003 0544 40 185932 digsigsigaig 20139997 073029 2012 00 07 07 3829 192007 xpereeres 20139997 073042 2013 00407 07 93 43 IRIM Tosteg Securty mecert status serous 20139997 07 9036 2019 00 07 07 0637 195727 CUENOOMERAIOCELL MASTERIPGIOC 2013994900979 2013 07 03 OR 2847 Events 1 770 gt Incidents 608 Validated Incidemts 164 as of 10 11 2013 01 16 19 CMT 185726 hesg sopesar ia cust pote 20139999 07 42 10 2019 07 03 OF SEF 182608 digtigdg 20139026 02 90 24 2013026027025 Copyright 2013 NTT Communications AB rights reserved Privacy Policy amp Terms and Conditions Contact Us Enterprise Cloud Functio
62. 2 type incremental backup period 1 day 31 days Specifying the 0 to 3 3 to 6 6 to 9 9 to 12 12 to 366 days date Calender 15 15 to 18 18 to 21 12 to 24 date 12 3 4 5 6 7 Specifying the and 8 days day of week Calender date 7 14 21 28 35 Specifying the 42 and 56 days date Full backup Full backup 1 Weekly full backup 7 14 21 28 35 Specifying the 42 and 56 days day of week on which backup is acquired 31 62 93 124 The specific day 155 186 217 and is specified 1 248 days Example 2 Weekly full backup daily incremental backup Monthly Full backup Second Wednesday Or the date is Enterprise Cloud Functional Description ver2 36 specified 1st to 31st the last day 1 If the combination between ordinal numbers and day of week is not correct backup does not start Specification of date and time slot is dependent on the preconfigured time zone 4 2 3 Backup File Restore Backup file can be restored on the Virtual Server from which backup is acquired This function cannot be operated from the Customer Portal This process can be executed from the NBU Agent installed on the Virtual Server Refer to the User Guideline for details of how to operate the NBU Agent Restore can be done on the Virtual Server from which backup is acquired Be careful that no file can be restored if the target Virtual Server is deleted Restore can be done on the same file or folder by
63. 216 Zell Available Features irinn ea aaa a aa ia 216 Tala Real Time Scan Feature cisccticmisds eens ana aE an ERE 216 7 7 3 Scheduled Scan Feature s sssssssresrsrrsrrrrerrrrrnrrrrnrnrerrrrenne 217 FAA ACUONSG sisciscticncteressrieaeiannctesaasveseiaeabiarenet steaeenateestadweasssace 217 7 4 9 Scan Exception FCQturesinsiscccssscvcctsiaesescnccesttseesdraeataadesaeasce 219 7 7 6 Pattern File Automatic Update Feature ecerecrrrerer eee ees 219 ZLA AmMpOortant POINTS sriain a a OENE E 219 7 8 VM Virt al Patch eiiis ia AE A TEERAA 222 7 8 1 Available Features is cess ccc eccevecee ete cee ceed a ea 222 7 8 2 VM Virtual Patch Feature cece cece ee ee ee ee eee ee ee eee e ened 222 7 8 3 Recommended Scan Feature ssssssssssssrsrrrrrrrrrinrnrnrnurnrnnnnn 223 7 8 4 Important POINTS iisen nrerin trianae binnen EE e 223 7 9 VM Firewall weiss scctecdedesenies ciate i i a AA a Ea i 226 79 1 Available Feature Sron a 226 7 9 2 VM Firewall csirnaisoasrnnsi ana aaa 226 7 9 3 IMportant POINTS sssrirsiisaisrian nre ii anaha insek 227 7 10 Application Profilni O messener nan aana TORE ANa 230 740 L Avalable FEACUIES rrini ei riten aa aE Ea W 230 Enterprise Cloud Functional Description ver2 36 7 10 2 Application Profiling Report cc ceceeeeeee eee ee eee eee een ed 230 7 10 3 Important POINTS 0 eee ee eens 232 7 AA Network Profiling scesciscueeveca eiece bia eke anaE EEEa atai 233 FAL Available Features smn a aaa T
64. 48 5 5 1 Available Features sicir cceebedaecesbec eeeenuun 148 5 5 2 Layer 2 L2 CONNECTION 0 ccc cece eect eee ee ee ee eee eee e tend 148 55 3 Important PONS sisccsssiccccttecssasecvaraesaacteeaesttseendraeataadessancce 151 5 6 On Premises INterOnnectivity ccceceee cece cece eee ee ee eee eee e eae ee ee ne eens 152 5 6 1 Available Features nuroni riina nna arana aaaea aai 152 5 6 2 Layer 2 L2 COnNectiON sieriem ae i 152 5 6 3 Important POINUS sissssiesrii eects de enii nidie vian a 157 5 7 VFireWall fox ccce cect ites dock niet a ra aa a a i 158 Enterprise Cloud Functional Description ver2 36 5 7 1 Available Feature Sincero eaa ince E 159 5 7 2 Rou ting FOALUIS cicedees dock cian celeisceennav ies dnctvsiad EnS ENEE ERANA 160 5 7 3 Firewall P Ature soci cues sic ekce st aheaenne bb cauet scan sonnei eaesideh eases 160 5 7 4 Packet Filtering Feature ccc ee ceeeeeee ee ee ee ee eee eee eee earned 162 5 7 5 NAT NAPT Feature ccccceeeeeeceeeeeeeeeeeeaeeeeaeaeseceeeeaeensaees 163 5 7 6 Important POINTS sis csccdcseatiene ches dda irinenn binas aD Naana 163 5 8 VEOdGsBalanCer pdos eea a a EA a A E T 164 5 8 1 Avallable Features curren E A AE 165 5 8 2 Load Balancing Feature sssssssssresresrsrrrrserrrrerrrrrrrrerrrrere 165 5 8 3 Routing FOAQLUIe sssicisstsessatecessarstaiianideatsteaseicecsateresiarenadaand 168 5 8 4 IP Address Delivery Feature sssssssesrsrrerrsrrrrerrrrrrirerrrrerne 168 5
65. 8 5 Important POINTS skiss ansasen iiaa E aa a 170 5 9 Integrated Network Appliance ccccee cece eee cece cece een ease eens ee ee ees 171 5 921 Available Feature Suriras h an ea A aa a 171 5 9 2 Firewall PEAtuUre ccc ccd etencetenneseenedheccetecae eae 174 5 9 3 NAT NAPT Feature cccecee cee eee cece teense este eaeeaeeeeneaeeeaees 175 5 9 4 Routing Fetu E sitscctiicseesaictessatsesstanatsasecetsaeneenatat aise nisi 177 5 9 5 Load Balancing Feat re sssrinin ninrena itinn 178 5 9 6 IPsec Termination FUNCTION sorscresatic irsinin aaa 179 5 9 7 Important POINTS srias iarna a ace laadsoatade ERS 182 5 9 8 Reference Information ccccceeeeee cece tees ee ee eee eee eee een ed 184 6 External Storage Global Standard Menu ccccecceeeeeeeeeeeeaeeeeeeeaeeas 185 6 1 Global File Storage Global Data Backup cceeeeeeeeeeeeeeeeeeee teens 185 Gls Available Features decsrcstestenscadavinetcaniterantemtascakeeneiaastaantaas 186 6 1 2 Provides Storage for Saving Data cc ceceeeeeeeee sete teen eee 186 6 1 3 Data Replication Feature Burst Feature eccere 188 6 134 Important PONS siasa ao aE 190 7 Security Features Global Standard Menu ccccceceeceeeeeeeeeeaeeseeeeas 192 7 4 IPS IDS uree ANAE ITRI 192 7 4 1 Available Features ic ci sees eis reei aea aneii 192 ZA IPS IDS FCAture sicsicccsncissensnessatvasetasardeesesveiaceensseantadaeneatias 192 7123 IMPOrtant PONS siscccrs
66. 82 3 2 4 Assigning Resources to a Virtual Machine sssscesrrerecererrec 83 3 29 IMPOrtant POINTS sisccsssesscasrccsesarnicctsnatesesterstasicaeraess iaraaeessance 85 3 3 Private Catalo Girar muninnan A N nes teebe aa E A AN Ea tans 87 3 3 1 Available Features racia a ENEA 87 3 3 2 Provision of a Disk for Saving Template Catalogs 88 3 3 3 Create Template Feature s sssssserserrserresrrerrrerrrrerrrerneenses 88 3 3 4 Import Template Feature ssssssrssrssrrrrerrertrrnrrrrrrrnernrrerenn 89 3 3 5 Export Template Feature irnos naira annin anini 91 3 3 6 Important POMS ssis annans erate adana EEEa a aA 91 3 4 OS MICENSO iinn a a TE aT 92 341 Available Features xastensuschetta citi eunctvennirtienuichehaieesmanwne 92 3 4 2 Provision of an OS LiCENSE ccc cece cece eee ee ee ee eee eee eee ene 92 3 4 3 Provision of a Public Catalog ccececeeeeeee ee ee ee eee eee eee enes 93 3 4 4 Important POINTS iscccssccscasrcesesasssectanasesssac tatannaarstcesatsaeessaaie 93 3 5 Database License MS SQL urnar ia e EnA eens tetas 96 3 5 1 Available Features sistieisusetern ti e a 96 3 5 2 Provision of a Database License cc ceeecee eee eee eee eee eens 96 Provision of a Public Catalog ccceceeece eee eee e eee eee eae a eee eeeaeneneas 96 3 5 3 IMPOrtant POIN S csicscsccscaitcecesarsacctanantsesactataaienersesesdennensaaace 97 3 5 4 Initial State of Microsoft SQL Server ce cccececeeeee sees seen eeeeee
67. AREN 233 7 11 2 Network Profiling Report sssssssssrssrssrsrrrrsnrrrrerrrrnrirerrrrere 233 Z AL 3 ImMport nt POINTS ssa ceswatinne oh see dda aaea binda aA ENEE ie 235 PAZ RMD WO o E 236 ZAZA Available Feature Srna seantaarplanieh AE 236 7 12 2 File Analysis Feature ccccccceceee cence ee ee ee ee ee eset ee nett ea ea ed 236 7 12 3 Traffic Analysis Feature cece cece eee eee ee ee eerste eee teenie 237 712 4 Report Feature ienn sireni ania aaa E n a Ra 237 PAZ Important POINTS nissens rikran iiaa E EE Ea Eaa 238 7 43 RTMD EMail erosiooni renanira eai EAA EENE EEEREN IEE 238 713 1 Available Feature Sirrin ha a a A aa a 239 7 13 2 File Analysis Feature cccccceee eee ence e eee eaaa 239 713 3 IMPOrtant POINTS sicccdesicccsttccsesatecssvatessessnesstateetaraeersadensaiace 241 8 Maintenance and Operation of the Enterprise Cloud Japan Contract 242 8 1 Set of Materials Sent When You Start Using the Service asec 242 G22 CUSTOMER SUPPOML asst ecccicy ga ciate senje K a E a E ARAE weteula EN tian 243 8 2 1 Support Center Technical Help D Sk ccccceeeeeee ee eeeeeeeeees 243 8 2 2 Maintenance and Operations System ccceeeeeeeee teen eee 244 8 3 Contact When a Failure OCCUIS cece eee e eee eee eee eee e eee ee eee ene 245 8 3 2 Remote Monitoring SyStemM ssesssssrrssrrsrrrrrrsrrrnrrserrerrreere 247 8 4 Maintenance Information ccceeeceee eee eee e eee ee eee e eee ee s
68. Addresses Virtual Network Interface for connecting to Internet Transit called the network interface on the Internet Transit side below NTT Communications selects IP addresses from the block for Global IP Addresses that are ordered separately NTT Communications selects IP addresses from the block for IP addresses of customer s VPN called the IP address block for VPN Transit below Virtual Network Interface for connecting to VPN Transit called the network interface on the VPN Transit side below Customers can select the Virtual Network Interface from the available IP addresses in Server Segment You can specify the IP address on the Server Segment side network interface only when the Server Segment is created based on the application form If IP addresses have not been specified they will be allocated automatically Virtual Network Interface for connecting to a Server Segment called the network interface on the Server Segment side below IP addresses allocated to each interface of the Integrated Network Appliance cannot be changed after allocating them Main Features of the Integrated Network Appliance Features and rules that can be set for the Integrated Network Appliance are shown below Features Name of Available Rules Details Firewall feature NAT NAPT feature Routing feature Load balancing feature IPsec termination feature Firewall rule SNAT rule DNAT rule S
69. Effort and I want to keep the cost down as much as possible e Iwant to use a free OS e I want to prepare resources in the shortest time Used Services and Notes Compute Resource Use the Standard with the Compute Class CPU Memory and storage class Disk Internet Connectivity Use 10 Mbps Best Effort Private Catalog Use Private Catalog to upload CentOS Can be prepared in the shortest time of 5 business days When Building an In house File Server Required Features Requests e I want to use it directly with the Arcstar Universal One service the NTT Communications VPN service I want to change the Disk write frequency and request speed by server When Building a New EC Site Required Features Requests e I want to precisely distribute the communication load to servers I want to control resources in real time I want to precisely guarantee the Internet bandwidth e I want to increase the performance of resources according to usage Used Services and Notes Internet Connectivity Do not use VPN Connectivity Use Compute Resource Use the Compute Resource Pools separated by server differentiate between the Compute Resource Pools that use the Standard and Premium Disk capacity Used Services and Notes vLoad Balancer Use distribute the server access load Internet Connectivity Use the guaranteed type Check the Customer Portal performance statistics report and add resources in
70. Features Global Standard Menu cccceeeeeeeee eset eens eee eeaee 130 5 1 Internet CONNECTIVITY 2 0 eee EEs n aan 130 Sel Available Features dracii aa aaa uaaa i 130 5 1 2 An Internet GW Is Provided ssssssssesrsrrsrserrrrerrrrrrirerrrrerne 130 5 1 3 Global IP Addresses Are Provided cceceeeeeeeeeeeeeeeeeeeeeaes 131 5 14 Important PONS secs ccc eese cei eee i 133 5 2 VPN CONNGCUVILY vevsctecastacsesatsceeiananes as iets iadaaa naandaa 134 5 2 1 AVallable FEature S c icscateers a nae aa A aai 134 5 2 2 VPN Gat way ir ar salen p vaste AEE EEA 134 52 3 VPN ROULNG Setting Sirra a a nE 135 5 2 4 Enterprise Cloud and VPN Routing Design sesceccccceeeerere 135 5 2 9 IMPOrant POINS vives ceetecs uecvedi acest eee eneteds steeds vuset nee aTa 136 5 3 Server SEOMENE siirsi aniar nia Aa N T R aE 139 5 3 1 sAVallaBIE FEACUEES arrsa atea a aa aa 139 5 3 2 Server Segments Are Provided s ssessssrssssrrrrererrrrirerrrrenne 139 5 3 3 Important POUMS ss ccatsclsade naea naa a a ea ieee 143 5 4 Service INterCONNeECtiVILY issie ant reirte kinnine kena sia aiei i a 144 5 4 1 Available Features ricirca arnei 144 5 4 2 Service Interconnect Gateway ccceceeeeeeeeeee ee ee ee ee eee teenies 146 5 4 3 Routing SEUINGS cs ccccnccestiene cree cin Eaa a ENEE 146 544 Important POINTS possess velsned ac casietietasnendadeecesednaemeniecrsineanaeneles 146 5 5 Colocation IntercOnnectivity cccceee cece ea aE 1
71. Firewall will not be possible Yokohama No 1 172 22 0 0 17 172 22 128 0 17 10 223 0 0 17 10 223 128 0 17 Hong Kong Tai Po 172 22 128 0 17 172 31 128 0 17 10 223 128 0 17 10 224 128 0 17 San Jose Lundy 172 22 0 0 17 Virginia Sterling 172 22 128 0 17 UK Hemel Hempstead2 10 223 0 0 17 Thailand Bangna 10 223 128 0 17 Malaysia Cyberjaya3 Australia Sydney1 If you use the Internet Connectivity and VPN Connectivity in combination direct back and forth communication between the Internet and VPN via vFirewall or Integrated Network Appliance will not be possible If you started using the VPN Connectivity at Yokohama No 1 Data Center on or before November 15 2013 and have not carried out lease construction for changing bandwidth you should pay attention to the following points To be Customer Portal available VPN Connectivity service termination and new order is needed Enterprise Cloud Functional Description ver2 36 lt Change bandwidth Lease construction is necessary for changing bandwidth Please specify a construction date of at least 17 business days after the date you order it Also on the date of construction there might be multiple communication interruptions that last up to several tens of minutes each If you are connected to a VPN other than Arcstar Universal One Service when the above mentioned leased construction takes place you will need to transfer to Arcstar Universal One Prefix L
72. For spot daily and monthly backup the start date can be configured For the weekly backup the starting day of week can be configured For the monthly backup the third Monday can be configured Time slot 24 hours can be specified in units of 3 hours Backup target path Enter the path of the file or folder targeted for backup Multiple paths can be described simultaneously by starting new lines Example usr local for Linux and c Program Files for Windows etc Although the backup schedule is registered even if the path that does not exist in the Virtual Server is entered please note that backup will not be executed And if file or folder name is changed after backup job was set backup job will not be excuted Backup type Either image backup or file backup can be selected X Full backup is executed once a week and daily incremental backup is executed for backing up images or files added from the previous day With combination of weekly full backup and daily incremental backup usage fee can be saved compared to the fee charged when full backup is executed every day While the effective flag is disabled backup does not start Time slot is the estimate of the time when backup starts so that time is not guaranteed The backup job can be created as one backup job by combining multiple files and folders existing in a single VM or multiple VMs Enterprise Cloud Functional Description ver2 36 Virtual Server Managem
73. Inter connech viky Collocation Connectivity vFirewall Installation Required Network Configuration Resource Level Address or Object Group Service or Object Group Filtering Rules NAT NAPT GIP vFirewall lt lt lt lt lt lt lt lt lt lt lt xK lt lt lt lt lt lt lt lt lt Enterprise Cloud Functional Description ver2 36 Routing Y Y Y Y Performance Information Y vLoad Balancer Installation Y Y Y Network Configuration Y Resource Level Y Y Contract Resources Y Routing Y Y Y Y prea ieslaney Health Check Y Y Y Y Real Server Settings Y M Y Y Server Group Settings Y Y Y Y VIP Y Y Y Y Monitoring Y Y Y Y Global File Storage Disk Capacity Y Global Data Backup Boost Plan S M L Y Remote DC Storage Boost Y Y Yy Y Japan Remote DC Storage Replication Y Y Y Y Overseas X1 File Backup Restore control is provided by the application installed in Virtual Machine X2 The function is available on the Customer Portal the service released Data Center The number of Global IP address can be changed in case of using vFirewall X3 The function is available on the Customer Portal the service released Data Center X4 vApp is a new feature that can be seen on Customer Portal ver2 0 vApp for Enterprise Cloud can only support one single Virtual Machine For information about Virtual Machines refer to 3 Compute Resource P 51 For information about Customer Portal features and how to use them refe
74. L below One RDS SAL and one OS license are provided as a set for one Virtual Machine created using Microsoft SAL RDS SAL The OS that is provided in the set is Windows Server 2008 R2 Enterprise Japanese English 64 bit version For details regarding the conditions for providing an OS license refer to 3 4 OS License gt P 92 Templates exist for each Data Center and are stored in the Public Catalog which can be accessed by all users of that Data Center Enterprise Cloud Functional Description ver2 36 3 6 4 Important Points The required number of licenses is the number of total users that might connect not the number that will connect at the same time Failure to purchase enough licenses is a license violation We recommend use in a domain environment with the specifications formulated by Microsoft To increase or decrease RDS SALs add or delete servers Please add or delete the servers yourself NTT Communications cannot perform these features The system requirements number of vCPUs Memory capacity and Disk capacity for the Virtual Machine remote desktop license server are listed below Item Quantity vCPU 1 or more Memory capacity 2 GB or greater Disk capacity 100 GB or greater For information on settings for the remote desktop session host server refer to the user s manual provided by NTT Communications Setting up a remote desktop session host server in an On Premises Environment t
75. Linux Server 5 8 6 2 NTT Communications does not support the Guest OS described below http www symantec com ja jp netbackup system requirements The Virtual Server in which NBU Agent is installed requires approximately 1 5GB of free disk capacity and a memory with a minimum of 512MB Backup File Storage The backup image storage capacity is the size of the file targeted for backup It is different from the data capacity written into the backup storage The backup job can be created as one backup job by combining multiple files and folders existing in a single Virtual Server or multiple Virtual Servers The total size of the Virtual Server targeted for one backup job this is not the size of the file folder is up to 1500GB If multiple Virtual Servers exceeding 1500GB are selected 2 or more backup jobs need to be provided The Backup File acquisition process is performed only if the Virtual Server targeted for backup is powered on Enterprise Cloud Functional Description ver2 36 During backups the performance of the Disk I O of the Virtual Server that is being backed up might be reduced The backup begins within the time slot you specify The backup start time cannot be specified in units of minutes and seconds Backup cannot be configured in the last 5 minutes 55 minutes to 0 minute of the 3 hour time slot for backup The alert message appears Ifthe number of backup jobs that are perfo
76. Load Balancer 4 Added Colocation Interconnectivity 5 Added global file storage Global Data Backup and the feature for restoring from secondary storage 12 10 2013 Ver 1 5 1 Added RDS SAL 2 Fixed Colocation Interconnectivity 7 1 2014 8 1 2014 8 20 2014 9 1 2014 9 5 2014 9 12 2014 10 1 2014 11 12 2014 12 9 2014 Ver 2 12 Ver 2 13 Ver 2 14 Ver 2 15 Ver 2 16 Ver 2 17 Ver 2 18 Ver 2 19 Ver2 20 3 1 2 3 4 5 6 1 2 3 4 5 6 1 2 Fixed security Added Integrated Network appliance Added Colocation Interconnectivity Added Guaranteed Compute Added Dedicated Compute S M L Updated Security Option Menu Updated the table Service Provided by Each Data Center Delete Important Point about OS License activation in case of using Integrated Network Appliance Updated service menu list in each Data Center Updated Security Service Delete Important Point about contract in Colocation Connectivity Updated OS Lisence Windows Server 2012 Updated important point in Internet Connectivity The DNS resolver is not offered with this service Updated Image Backup Added File Backup Updated service menu list in each Data Center Updated IPsec parameters in Integrated Network Appliance Updated Security Updated service menu list in each Data Center Updated Security Added OS Lisence Windows Server 2012 in US MY Updated File Backup Up
77. M Anti Virus Enterprise Cloud Functional Description ver2 36 Software Agent Installation In order to use VM Anti Virus upload and install agent software on the Virtual Machine For details refer to the agent software installation guide You cannot use the VM Anti Virus at the same time as other anti virus software Before installing VM Anti Virus agent software always make sure to uninstall other antivirus software Do not upload agents by mounting ISO image files or CD DVD drives when uploading it to the VMs Agent Software Default Install Location The agent software default install location differs depending on the Virtual Machine OSs Os Default Install Location Windows C Program Files Trend Micro Deep Security Agent Linux System files opt ds_agent var opt ds_agent Startup scripts etc init d ds_agent etc init d ds_filter Communication channel between user and kernel mode components dev dsa dev dsa_ssl proc driver dsa You can change where it is installed Also the install location might change due to agent software version updates etc Communication with the Manager Administered by NTT Communications The Virtual Machine that uses the VM Anti Virus must have communication with the Manager administered by NTT Communications Please set the routing and the DNS name resolution setting Routing Settings Please set the routing from the Virtual Machine to vFirewall using either
78. M Firewall of the available OSs in Enterprise Cloud Enterprise Cloud Functional Description ver2 36 Please set IPv6 to ON or OFF correctly when using VM Virtual Patch Agent Software Installation In order to use VM Virtual Patch upload and install agent software on the Virtual Machine For details refer to the agent software installation guide You cannot use the VM Virtual Patch at the same time as other anti virus software than VM Anti Virus Before installing VM Virtual Patch agent software always make sure to uninstall other virus protection software Do not upload agents by mounting ISO image files or CD DVD drives when uploading it to the VMs We ask you to install the agent software on the Virtual Machine Agent Software Default Install Location The agent software default install location differs depending on the Virtual Machine OSs Os Default Install Location Windows C Program Files Trend Micro Deep Security Agent Linux System files opt ds_agent var opt ds_agent Startup scripts etc init d ds_agent etc init d ds_filter Communication channel between user and kernel mode components dev dsa dev dsa_ssl proc driver dsa You can change where it is installed Also the install location might change due to agent software version updates etc Communication with the Manager Administered by NTT Communications The Virtual Machine that uses the VM Virtual Patches must have commu
79. Premises Interconnectivity vFirewall vLoad Balancer Integrated Network Appliance Application Customer Portal Customer Portal Customer Portal Customer Portal Customer Portal Customer Portal Application Customer Portal Application Application Customer Portal Application Application Application Application Application Customer Portal Application Customer Portal Customer Portal Application Customer Portal Application X2 Customer Portal Application Application Application Application Customer Portal Customer Portal x3 Application X1 Customer Portal Customer Portal Customer Portal Customer Portal Customer Portal Customer Portal Application Customer Portal Application Application Customer Portal Application Application Application Application Customer Portal Enterprise Cloud Functional Description ver2 36 Global File Storage Application Application oe ann Global Data Backup X1 The only possible change in the storage capacity is an increase X2 The Global IP Address can be added or deleted when using vFirewall However Global IP Address can not be added or deleted when using Integrated Network Appliance X3 Plan change can be done from Single to Redundant However plan change from Compact to Large is not possible X4 Configuration change requests are called PCRs Poli
80. We ask you to assume responsibility for monitoring agent software checking to make sure it is activated at all times G If you use a Private Catalog to create a template of the Virtual Machine image and store it please do it before installing the VM Firewall agent software If a template is created and saved from the Virtual Machine image of a Virtual Machine where VM Firewall agent software is installed or installation and activation registration to the Manager administered by NTT Communications is Enterprise Cloud Functional Description ver2 36 complete when a Virtual Machine is created using that template VM Firewall can no longer be used with the Virtual Machine used for creating the template and the newly built Virtual Machine The same applies when used for image backup VM Firewall does not guarantee that the provided VM Firewall feature has integrity or accuracy or is suitable for your use The following information might be provided to the developers or distributors of the devices making up the VM Firewall feature Configuration information obtained from providing VM Firewall Configuration information obtained from controlling VM Firewall We cannot guarantee recovery from failures that might occur due to incompatibility between the VM Firewall feature and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Des
81. Y 5 RTMD Web Y 4 Y 4 Y 4 Y 4 Y 4 Y 4 RTMD Email Y 4 Y 4 Y 4 Y 4 Y 4 Y 4 Please contact directly for service description X1 Zone function is provided for Guaranteed Compute Premium Storage Zone function in other Data Center is scheduled to be provided in the near future X2 10Mbps Guaranteed and 100Mbps Guaranteed are available X3 Device individually procured Please inquire for service specification X4 Device procurement and or network design and so on are individually required Please inquire for service specification X5 Need to use Order form X6 1Gbps Guraranteed is not be available in Customer Portal available VPN Connectivity Service 1 3 3 Service Order Delivery Time and Minimum Usage Period Service Order The service order for each service is shown below An application is required to use each Data Center Service Name New Changes Addition Termi Deletion nation Compute Compute Class Application Customer Customer Application Resource Portal Portal Storage Class Application Customer Customer Portal Portal Compute Compute Class Application Application Application Resource Storage Class Dedicated Device Private Catalog License OS Windows Server Red Hat Enterprise Linux Database MS SQL Microsoft RDS SAL SAL Image Backup File Backup Internet Connectivity 5 VPN Connectivity x6 Server Segment X5 Service Interconnectivity Inter connectivity Colocation Interconnectivity On
82. You can quickly create new Virtual Machines from the saved templates Provides a Microsoft Windows gt P 92 Server license for Virtual Machines Provides a Red Hat Enterprise gt P 92 Linux subscription for Virtual Machines Provides a Microsoft SQL P 96 Server license for Virtual Machines Provides a Microsoft Remote gt P 111 Desktop Service Subscriber Access License Provides a feature for backing P 114 up the current state of an entire Virtual Machine Enterprise Cloud Functional Description ver2 36 File Backup Provides a feature for backing P 110 up files and folder in Virtual Machine Networking External Storage Internet Connectivity VPN Connectivity Server Segment Inter Service connectivity Inter connectivity Colocation Inter connectivity On Premises Inter connectivity vFirewall vLoad Balancer Integrated Network Appliance Global File Storage Global Data Backup Provides redundant Internet Connectivity A Global IP Address is not normally included in Internet Connectivity Provides a connection with the Arcstar Universal One Service NTT Communications VPN service Provides an L2 segment that extends the Server Segment and interconnects the services that make up a Virtual Machine Provides Service Interconnect Gateways when using interconnectivity services such as global file storage Global Data Backups and other options Provides a
83. address which is set as a Default Gateway cannot be assigned to the vNIC of the Virtual Machine and Service Interconnectivity Gateway X DNS IP address auto assigned by Guest OS Custmization is not available for resolver It is dummy IP address Customer prepare DNS please 5 3 3 Important Points To add delete or set a Server Segment you must submit an application form in Germany Frankfurt2 Data Center The one Server Segment that is provided as standard when you start using the Data Center are always connected to vFirewall or Integrated Network Appliance Server Segment cannot be deleted as long as the templete exist on Private Catalog when Virtual Machine which vNIC connecting the Server Segment is converted The IP Addresses in the IP Address bands listed below cannot be specified as IP address blocks for Server Segments Be aware that the IP address bands that cannot be specified differ according to Data Center Data Center Non duplicatable IP Address Bands Yokohama No 1 172 22 0 0 17 172 22 128 0 17 10 223 0 0 17 10 223 128 0 17 Kansai 1 172 23 0 0 17 10 233 0 0 17 172 23 128 0 17 10 233 128 0 17 Saitama No 1 172 27 0 0 16 10 237 0 0 16 10 238 0 0 16 Hong Kong Tai Po 172 22 128 0 17 172 31 128 0 17 10 223 128 0 17 10 224 128 0 17 Singapore Serangoon 172 20 0 0 17 10 200 0 0 17 172 20 128 0 17 10 200 128 0 17 San Jose Lundy Virginia Sterling UK Hemel Hempstead2 Thailand Bangna Malaysia Cyberj
84. al Description ver2 36 On Premises GW A gateway that provides an L2 On Premises connection to Server Segments in Interconnectivity your system environment called the On Premises Environment below within your own operating system environment Other Service Unique services offered by each Data Local Option Menu Environment Center They can be used in conjunction with Enterprise Cloud 1 3 Services Available at All Data Centers Global Standard Menu In Enterprise Cloud you can use the following menus at all Data Centers Category Service Name Compute Compute Resource Compute Resource Dedicated Device Private Catalog OS asuadly Database Microsoft SAL Image Backup Compute Class Storage Class Compute Class Storage Class Windows Server Red Hat Enterprise Linux RDS SAL Overview Reference Provides the CPUs and Memory P 51 for creating a Virtual Machine by virtualizing a physical server shared by multiple users Provides the Disks for creating gt P 51 a Virtual Machine by virtualizing storage devices shared by multiple users Provides the CPUs and Memory gt P 74 for creating a Virtual Machine by virtualizing a physical server dedicated to you Provides the Disks for creating gt P 74 a Virtual Machine by virtualizing a storage device dedicated to you Provides a Disk for storing gt P 87 templates of the Virtual Machines that you create
85. ally Enterprise Cloud Functional Description ver2 36 You can use one RTMD Email for every Data Center The following specification is Japan DC version For specification of other DCs please contact each NTT Communications affiliate 7 13 1 Available Features You can use the following features with RTMD Email Feature Overview File Analysis Feature A feature that inspects attachments to emails SMTP communication and URL links and analyzes the content suspected of containing malware and determines whether it is malware inside the virtual environment 7 13 2 File Analysis Feature It mirrors the customer trafficthat passes through the vFirewall and detects suspicious files attached to email and URL links to fraudulent sites The attachments are actually reproduced in the RTMD Email virtual environment The content of changes generated inside the virtual environment such as file opening closing creating changing and deleting registry changes and API and addresses that are called is recorded Whether it is malware or not is determined by those results The Virtual Environment That Analyzes Malware By installing operating systems OS Web browsers and Microsoft Office in the Malware Detection Email virtual environment you can reproduce the attacks aimed at the vulnerabilities of each application and detect malware You can choose from the following operating systems OS Web browsers and Microsoft Office
86. amount of false positive detections If staging is implemented a staging time period is set approximately 1 4 weeks after you start using IPS mode during which only detection of attack traffic is performed and traffic is not blocked After the staging time period please check to see whether the traffic that the Web Application Firewall WAF detects as being targeted for blocking is normal traffic Based on the results of the confirmation the Web Application Firewall WAF settings will be adjusted Policy The policy is the defense rules in Web Application Firewall WAF By default one policy is operated in Web Application Firewall WAF Please contact us if you would like to run more than one policy Enterprise Cloud Functional Description ver2 36 7 6 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with the Web Application Firewall WAF you must have two IP address blocks available NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them When using Web Application Firewall WAF the following address bands cannot be used in customer networks that connect to Server Segments and Enterprise Cloud to communicate 172 17 62 0 24 Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded a The following health check communication is sent
87. ancing source and vLoad Balancer communicate It is provided as an alias IP to the Server Segment side interface of vLoad Balancer You can register multiple VIPs for one interface You can set the maximum number of VIP using VIP setting number in vLoad Balancer resource You can select VIPs from the available IP addresses in the Server Segment where the vLoad Balancer is installed You can specify them from the Customer Portal when adding VIPs VIPs are set as alias active or standby Unspecified VIPs will be allocated automatically Enterprise Cloud Functional Description ver2 36 Service Interconnectivity GW Communication Server Segment Real Server Real Server Real Server Proxy IP vLoad Balancer Uses communication with the load balancing source VIP can be specified from the Customer Portal Proxy IP Proxy IP is a virtual IP address that is used when the real server and vLoad Balancer communicate It is provided as an alias IP to the Server Segment side interface of vLoad Balancer You can register multiple Proxy IPs for one interface You can select Proxy IPs from the available IP addresses in the Server Segment where the vLoad Balancer is installed You can specify them from the Customer Portal when adding Proxy IPs Proxy IPs are set as alias active or standby Unspecified Proxy IPs will be allocated automatically The numb
88. are detected If transfer to the isolation folder or deletion of the original file fails notification is made If Pass or Deny access is selected and the process fails the secondary process is not executed Enterprise Cloud Functional Description ver2 36 7 7 5 Scan Exception Feature By specifying directories files and extensions you can specify files that will not be scanned for viruses 7 7 6 Pattern File Automatic Update Feature This feature checks periodically for pattern file update information on NTT Communications administration server and updates pattern files automatically if there are updates available Time Periods When Pattern File Automatic Updates will be run Selects the schedule for the pattern file automatic updates from Daily Weekly or Monthly and specifies the targeted time Hourly Specifies X minute every hour Weekly Specifies either X day of the week each week or Yday of every X weeks 7 7 7 Important Points Virtual Machine System Requirements The system requirements Memory capacity Disk capacity and OS for the software agent that uses VM Anti Virus are shown below Memory capacity 512 MB or greater OS The OSs listed in Supported OS List of VM Anti Virus VM Virtual Patch and VM Firewall of the available OSs in Enterprise Cloud When using Linux OS it is necessary to confirm the kernel version Please set IPv6 to ON or OFF correctly when using V
89. at occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 12 RTMD Web RTMD Web is a service that detects unauthorized malware intrusions makes unknown threats and latent risks visible and reports them Principally it provides a file analysis feature and a traffic analysis feature It not only performs signature based analysis on the Customer traffic that passes through vFirewall by mirroring it but also it actually reproduces suspicious traffic in the RTMD Web virtual environment and analyzes malware dynamically gt You can use one RTMD Web for every Data Center The following specification is Japan DC version For specification of other DCs please contact each NTT Communications affiliate 7 12 1 Available Features You can use the following features with RTMD Web Feature Overview File Analysis A feature that inspects Web content that is sent and received by Web access HTTP communication and analyzes the content suspected of containing malware and determines whether it is malware inside the virtual environment Traffic Analysis A feature that detects access to fraudulent websites and Web access HTTP communication to C amp C servers that is executed by malware Report A feature that provides the assessment results of the file analysis and traffic analysis as daily and monthly reports Analysis Capacity The traffic volume
90. atabase LICENSC ccceceeeeeeeeeeeeeeeeeeeeeeees 98 Database License MS SQL 98 Detection and blocking of attack traffic 194 224 Detection and blocking of unauthorized access194 E EMmall AMU WiNUS esiseina 198 Enterprise Cloud Customer Portal 41 Equipment Environment 18 Example Usage Model n 35 External Storage Feature scere 187 F Firewall Leseren 160 214 228 G Global Data Backup 187 Global File Storage eeenenen 187 Global IP AddresS eeeeerirrrrerrrrr 132 Global Standard Menu ccccceeeeseeseeeeees 14 Guest OS Customization s c 67 68 I Image BACKUP issih ivcsesseenedestsiieres dees density 116 Internet Connectivity 2 eee eee ee tree teen eee 132 TPS UDS rania eina a aan 194 Items Monitored Remotely and Procedures for Notifying USES seenen 248 L Load B l nCe sanai 166 Load Distribution sssssssrrrrrrrrrrrrrnrnrnrenns 166 Local Option Menu sssssssssrrrrrrririririrrrnrenns 33 M Maintenance and Operation Japan Contract 244 Maintenance and Operations cee 252 Maintenance and Operations System 246 Maintenance Information s 251 Malware Detection Email 240 Malware Detection Web 238 Microsoft SAL wercienstunciectorctecini ienis 113 Microsoft SQL Server LICENSE ccceeeeeeeeees 98 N NAT NAPT Feature cccccscseseseseeeeesseeeeenes 160 Network Features sssssssirrrirrrrririrerirnrenns 132 Network profiling
91. atabase License MS SQL outside of the cloud environment specified by NTT Communications Using the Customer Portal features to create and save another template of the Virtual Machine image using the export feature to store the template outside of the NTT Communications cloud environment creating a new Virtual Machine based on that file and running licensed products that have been provided by NTT Communications Duplicating and using the software without notifying NTT Communications Using Database License MS SQL to duplicate the image of the Virtual Machine that you are running and then running it as another Virtual Machine without notifying NTT Communications Enterprise Cloud Functional Description ver2 36 3 5 4 Initial State of Microsoft SQL Server For SQL Server 2008 R2 Standard Japanese Settings Information Remark Feature selection Instance feature Database engine service Reporting Services Shared features SQL Client Connection SDK Instance configuration Instance Instance root directory Server configuration Service account Service SQL Server Agent Startup type Manual S Service SQL Server Database Engine SQL Server Analysis Services NT AUTHORITY NETWORK SERVICE Startup type SQL Server Reporting Services SQL Server Integration Services SQL Full text filter Daemon Launcher Startup type Manual o O SQL Server Browser NT AUTHORITY LOCAL SERVICE Collation sequence Database engine Collation seque
92. ation due to Difference of Time Zone Configurable date and time slot are set on the Portal window according to the local time configured time zone However fee is charged based on the universal time coordinated UTC in consideration of specifications of the service For Japan backup process that takes a maximum of 9 hours is charged as the process for the previous day due to a time difference Example Charging when backup is performed at the end of month in the Japanese time zone Japan Standard Time JST is set for time zone backup date is set to 0 00 on April 1 Japan Standard Time and 0 minute is set for the backup period Enterprise Cloud Functional Description ver2 36 If the backup retention period is set to one day the data retention period is set from 0 00 to 23 59 on April 1 in Japan Standard Time However if the period is converted with UTC the period is converted to 1 15 00 to 23 59 on March 31 and 2 00 00 to 14 59 on April 1 Therefore 1 is processed as the fee for March and 2 is processed as the fee for April A half width kana character cannot be specified in backup and restore Japan only The file and folder using a half width kana character cannot be backed up Enterprise Cloud Functional Description ver2 36 5 Network Features Global Standard Menu 5 1 Internet Connectivity Internet Connectivity is a service that provides customers using Enterprise Cloud with Internet Connectivity constr
93. aya3 Australia Sydney1 Frankfult 2 Data Center 172 22 0 0 17 172 22 128 0 17 10 223 0 0 17 10 223 128 0 17 172 22 0 0 16 10 223 0 0 16 Customer s carried in Global IP Address can be assigned to Server Segment However please note that there are folowing restrictions Enterprise Cloud Functional Description ver2 36 Please apply via Service Order Form when adding Server Segment with Customer s carried in Global IP Address The direct Internet transmission is not possible via vFirewall or Integrated Network Appliance when using the Customer s carried in Global IP Address NAT setting is necessary for the Global IP Address provided by NTT Communications If the registered name for IP Address under NIC orgnization and the representative contractor name of Enterprise Cloud service does not match the carried in IP address would be considered as illegal Global IP Address and it cannot be supported Also we cannot guarantee the sustainability of the carried in Global IP Address 5 4 Service Interconnectivity Service Interconnectivity provides a Service Interconnect Gateway called Service Interconnect Gateway below which connects services targeted for interconnectivity such as Server Segment and Global File Storage Global Data Backup that are used for Enterprise Cloud Note that at the Japan Data Centers you can also connect to Network Storage Service and systems inside colocation etc Internet GW VPN Connection
94. cation The devices that make up RTMD Web are provided in a single configuration If the devices fail you cannot use the RTMD Web feature Note that there will be no effect on your usual communication RTMD Web does not guarantee that the RTMD Web feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the signatures algorithms that assess the degree of danger and malware provided by the developers or distributors of the devices making up the RTMD Web feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the RTMD Web feature Configuration information obtained from providing RTMD Web Configuration information obtained from RTMD Web detection etc gt We cannot guarantee recovery from failures that might occur due to incompatibility between the RTMD Web and your environment or failures that occur due to your operations other than those specified by NTT Communications 7 13 RTMD Email RTMD Email is a service that detects unauthorized malware intrusions via Email makes unknown threats and latent risks visible and reports them Principally it provides a file analysis feature It not only performs signature based analysis on the Customer traffic that passes through vFirewall by mirroring it but also it actually reproduces suspicious traffic in the RTMD Email virtual environment and analyzes malware dynamic
95. ce logs or event reports from prior to the replacement via the Security Web Portal In addition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the log or the event reports for the period during which the switching occurred from the Security Web Portal IPS IDS does not guarantee that the IPS IDS feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the unauthorized attack traffic Enterprise Cloud Functional Description ver2 36 detection algorithms provided by the developers or distributors of the devices making up the IPS IDS feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the IPS IDS feature Configuration information obtained from providing IPS IDS Information concerning controls etc for IPS IDS We cannot guarantee recovery from failures that might occur due to incompatibility between IPS IDS and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 2 Email Anti Virus Email Anti Virus is a service that detects and blocks viruses that invade via Email STMP communication Email Anti Virus is used via Service Interconnectivity You need to apply separately for Serv
96. cessed by all users of that Data Center 3 4 4 Important Points OS License does not include monitoring and operating services for the OS NTT Communications does not provide support investigations assistance or advice for requests from users regarding troubleshooting procedures for errors relating to installation setup or basic functionality that you encounter for licensed products that you are using in OS License When using programs provided in OS License it is assumed that you agree with the Services Provider Use Rights SPUR when using Microsoft products or the Red Hat Enterprise Agreement when using Red Hat products For details refer to the following URLs Microsoft Services Provider Use Rights SPUR http www microsoftvolumelicensing com userights DocumentSearch aspx Mode 3 amp DocumentTypeld 2 X Refer to the latest version of the Services Provider Use Rights Worldwide Japanese Red Hat Enterprise Agreement http www jp redhat com licenses Enterprise_Agr_Japan pdf Information required for installation such as an activation key or subscription number cannot be disclosed directly to users in writing or by any other means Enterprise Cloud Functional Description ver2 36 Windows Restrictions You can install the following Microsoft products on a Virtual Machine created with OS License Products that you have permission to use on a shared server When using Compl
97. configuration 1 device Dedicated devices 2 To delete a dedicated device first delete all Virtual Machines that use Compute Resources on the dedicated device that you are deleting 3 2 3 Parameter Settings for Resources In Compute Resource Dedicated Device you can set three parameters limit value reserved rate and reserved value for the CPU resources Memory resources and Disk resources in order to effectively utilize the resources that can be assigned to the Virtual Machine Service Order form is needed for setting The items marked with a Y are items that can be set For example a limit value can be set for CPU resources and Memory resources Item Description CPU Memory Disk Limit value Sets the upper limit of the resources that a Y Y Compute Resource Pool can use Reservation Sets the percentage value of the Y Y rate reservation value for the limit value Reservation Sets the resource value that the Compute Y Y Y value Resource Pool can definitely use CPU Resources You can add or reduce CPU resources within the ranges shown below Lower Limit Upper Limit Setting Unit Limit value 1 GHz The resource value 1 GHz provided by the HA cluster Reservation rate 0 100 1 Reservation value Determined based on the product of the limit value and the reserved rate Enterprise Cloud Functional Description ver2 36 The total of the CPU resource reserved rates for
98. configuration Server configuration Multidimensional and data mining mode Analysis Services administrator Administrator Data directory MSAS11 MSSQLSERVER OLAP Data Log file directory C Program Files Microsoft SQL Server fee ase SS QUSERVERLOLAPLLog MSAS11 MSSQLSERVER OLAP Temp C Program Files Microsoft SQL Server MSAS11 MSSQLSERVER OLAP Backup Reporting Services configuration Reporting Services native mode nstall only Reporting Services SharePoint Integrated mode nstall only Distributed replay controller Administrator Distributed replay client Server DReplayClient WorkingDir Server DReplayClient ResultDir Enterprise Cloud Functional Description ver2 36 For SQL Server 2008 R2 Standard English Settings Information Remark Feature Selection Instance Features Database Engine Services _ 7 Se Shared Features Business Intelligence Development Studio Selected OO S e Client Tools Connectivity Selected ooo e ntegration Services Selected ooo o lient Tools Backwards Compatibility Selected Eoo J Client Tools SDK Selected QL Server Books Online Selected ooo o Management Tools Basic Selected CT Management Tools Complete QL Client Connectivity SDK Selected o o Microsoft Sync Framework Selected o o Shared Feature directory CN Program Files Microsoft SQLServer Shared Feature directory x86 C Program Files x86 Microsoft SQL Instance Configuration Instance o Default
99. cription ver2 36 7 10 Application Profiling Application Profiling is a service that monitors the communication that applications are using and provides reports that make latent risks to the applications suspected information leaks and communication hypothesized to be unrelated to work visible Application Profiling is used via Service Interconnectivity You need to apply separately for Service Interconnectivity 7 10 1 Available Features You can use the following features with Application Profiling Feature Overview Application Profiling Report A feature that monitors the communication that applications are using and provides reports that make latent risks to the applications suspected information leaks and communication hypothesized to be unrelated to work visible 7 10 2 Application Profiling Report Application Profiling Report feature raises conceivable application communication that supposedly have high risk from actual application usage displays explanations of hypothetical risks and advice for safely using the application Please check the following website for the applications that can be monitored http apps paloaltonetworks com applipedia Reports are provided once a month Enterprise Cloud Functional Description ver2 36 Routing Settings Only communication that goes through Application Profiling can be analyzed When using Application Profiling please use the following routing se
100. cy Change Requests The upper limit of the number of PCRs is 15 times per menu per year X5 Order in Customer Portal is available in Kansail and Saitama No 1 Data Center X6 Customer Portal for VPN Connectivity is available in Yokohama No 1 Data Center and Saitama No 1 Data Center Enterprise Cloud Functional Description ver2 36 Standard Delivery Time for Each Service which needs order form The standard delivery times for each service which needs ordr form are shown below Service Name Compute Compute Class Resource X1 Storage Class Compute Resource Dedicated Device Private Catalog License OS Windows X1 Server Red Hat Enterprise Linux Database MS SQL Microsoft RDS SAL SAL Image Backup X1 File Backup Internet Connectivity X1 X2 VPN Connectivity X5 VPN Connectivity Customer Portal Availavle Server Segment X1 X2 New 5 business days 5 business days Please inquire Please inquire 17 business days X3 9 business days Changes Please inquire Please inquire 17 business days 3 X6 x1 Addition Termi Deletion nation Service 1 to 15 business days Please inquire Please inquire 17 business days X3 9 business days Inter connectivity vFirewall Service Interconnectivity Colocation Interconnectivity On Premises Interconnectivity X7 vLoad Balancer X 1 Integrated Network Appliance Global File Storage Gl
101. d an On Premises Environment through the internet Installation of your system at a Data Center A service that provides a secure L2 connection between the Server Segments in Enterprise Cloud and your system environment within NTT Communications Colocation via our inter Data Center network A device for connecting between an NTT Communications Data Center and the Internet for On premises Connectivity A device for connecting between your On Premises Environment and the Internet in order to establish On premises Connectivity A system for preventing intrusions A system for detecting intrusions A list in which known attack patterns and malware patterns are converted into data Rules for detecting and interrupting communication The number of requests that are processed per second X The numerical value when the server makes one connection when using One Connect on the server side for multiple connections to a client Enterprise Cloud Functional Description ver2 36 C amp C Server Command and The server that sends commands and becomes the Control Server center of control for a computer infected with malware Active Device A device that has priority of use vApp A container for Virtual Machines managed by VMware Enterprise Cloud Functional Description ver2 36 1 7 Restrictions Customers cannot enter the hosting room in which the servers and other equipment provided by Enterprise Cloud are housed All sys
102. dated service menu list in each Data Center Updated Japanese local service menu Updated Customer Portal function Updated VPN Connectivity and Server Segment Updated Colocation Connectivity Updated service menu list in each Data Center INA US UK Kansai Security Option Updated Image Backup Updated Server Segment Updated Database License OS template version for Windows Server 2012 Updated Security Option URL Filtering Updated Ticket Function Updated the All Service Specifications related to Germany DC as it is now aligned with other DCs Revised Compute Resource Dedicated Deleted the description regarding the Customer Portal 12 26 2014 Ver2 21 1 7 2015 1 19 2015 2 27 2015 Ver2 211 Ver2 23 Ver2 34 management of the Compute Resource 3 Updated OS Licence Added Windows Server R2 template 4 Updated Image Backup VNIC bugfixed in restore for Windows Server 2012 5 Updated File Backup Corrected the job slot time 6 Updated Server Segment Added description on Customer s carried in Global IP 1 Updated service menu list in each Data Center Guaranteed Compute TH 2 Updated OS License Windows Server R2 template available in JP DC Yokohama MY TH 3 Updated Image Backup 4 Updated 8 3 1 Items Monitored Remotely and Procedures for Notifying Users Ping Monitoring is available in Integrated Network Appliance 1 Revision in Integrated Network Appliance IPsec Termination Parameter Key mana
103. ddition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the log or the event reports for the period during which the switching occurred from the Security Web Portal gt Application Filtering does not guarantee that the Application Filtering feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the Enterprise Cloud Functional Description ver2 36 application identification algorithms provided by the developers or distributors of the devices making up the Application Filtering feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the Application Filtering feature Configuration information obtained from providing application filtering Information concerning controls etc for Application Filtering We cannot guarantee recovery from failures that might occur due to incompatibility between Application Filtering and your environment or failures that occur due to your operations other than those specified by NTT Communications 7 6 Web Application Firewall WAF The Web Application Firewall WAF is a service that blocks attack traffic on Web applications INFO Web Application Firewall WAF is used via Service Interconnectivity You need to apply separately for Service Interconnectivity
104. ding to the usage of other customers and infrastructure status The service does not guarantee transmission speed The Guaranteed type does not provide transmission speed higher than the specified bandwidth The Internet GW is constructed of redundant physical devices equipment and lines It supports Internet protocol version IPv4 5 1 3 Global IP Addresses Are Provided You can use Global IP Addresses that are required for Internet communication You can specify the following numbers of Global IP Addresses Global IP Address is provided to customer differently whether they select vFirewall or Integrated Network Appliances Customer cannot assign the provided Global IP Address Also customer cannot change the provided Global IP Address Enterprise Cloud Functional Description ver2 36 Global IP Address will be assigned according to NTTCom s Global IP Address Block For Customer using vFirewall If the customer is using vFirewall Global IP would be provided as follows The distributed Global IP Address can be set as the IP Address for NAT NAPT rule in the vFirewall Global IP Address 4 64 4 If you order 8 or more Global IP Addresses the IP Addresses might not be sequential If you use 65 or more IP Addresses please consult with us separately For Customer using Integrated Network Appliance If the Customer is using the Integrated Network appliance Global IP can be purchased accordi
105. e Virtual Machine image It does not include the Memory capacity Enterprise Cloud Functional Description ver2 36 3 3 5 Export Template Feature You can convert a Private Catalog template to a Virtual Machine image and export it from the Customer Portal to your own environment using a Web browser If NTT Communications owns the licenses for software included in the exported Virtual Machine image such as the Guest OS and applications the continued use of those licenses on your local computer is a license violation and is therefore not permitted In this situation you are responsible for appropriately managing licenses by replacing the licenses for such software with licenses that you own Download sessions established while logged in to the Customer Portal can be continued after logging out of the Customer Portal However the download session may be terminated after downloading continuously for more than 48 hours A template is not deleted even if you export it 3 3 6 Important Points Important Points regarding the Windows Server Guest OS When creating a Virtual Machine from a template that uses Windows Server as the Guest OS Sysprep will automatically run the first time that you start the Virtual Machine Sysprep is a tool that configures Windows OS system settings in advance Microsoft product specifications and license terms allow you to run Sysprep up to the limit listed below If you exceed this limit you may
106. e Cloud Functional Description ver2 36 Application Profiling 10 10 10 business business business days X3 days X3 days RTMD Web 25 5 business 25 10 business days X3 business business days X3 days X3 days Unauthorized Access Prevention 10 10 10 10 business business business business days X3 days X3 days X3 days Internet Gateway Security 10 10 10 10 business business business business days X3 days X3 days X3 days X1 Available to apply through the Customer Portal X2 5 business days is needed except for Kansail and Saitama No 1 Data Center Because the funciton is not available in other Data Center X3 The standard delivery time for Japan Data Centers Please check The delivery times are different for each Data Center Delivery times may vary depending on the status of NTT Communications equipment X4 The number of Global IP Address cannot be changed in Integrated Network Appliance Global IP Addess parameter cannot be changed in both vFirewall and Integrated Network Appliance X5 The guaranteed type requires individual adjustment X6 Customers who started using the VPN Connectivity at the Yokohama No 1 Data Center before November 15 2013 and have not changed the bandwidth in the past will require loan work to change the bandwidth Please be advised that you will be asked to specify the work days beyond the 17 business days X7 When replacing GW equipment on premises due to failure it will
107. e of the original menus Internet Gateway Consists of IPS IDS Security Web Anti Virus and URL Filtering Features comply with those of the original menus VM Security Consists of VM Anti virus Advanced VM Virtual Patch and VM Package Firewall Features comply with those of the original menus Product availability depends on the Data Center For details refer to 1 3 2 Available Data Centers P 21 1 3 1 Available Equipment Environment The equipment environment and performance guarantee for each menu are shown below For shared equipment your contracted environment is logically independent by using server virtualization technology and VLAN technology Service Name Physical Performance Guarantee Equipment Environme nt Compute Compute Guaranteed Shared Contracted value for Resource Class CPU Memory resources Guaranteed Premium Shared Contracted value for CPU Memory resources Guaranteed Standard Shared Contracted value for Storage Premium Class Standard Compute Resource Dedicated Device Private Catalog License Internet Connectivity VPN Connectivity OS Windows Server Red Hat Enterprise Linux Database MS SQL Microsoft RDS SAL SAL Best Effort Guaranteed Global IP Address Best Effort Guaranteed Server Segment Interconnectivity Service Inter connectivity Colocation Inter connectivity On Premises Inter S
108. e that can be analyzed by URL Application Filtering is shown below Item Performance Remarks Per Maximum service 5 services used Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink Number of 40 000 200 000 The number of sessions concurrent that can be connected sessions simultaneously You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services used by applying additional services 7 5 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with Application Filtering you must have two IP address blocks available If the IP address block is already being used we might ask you to change it gt NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded Packets which break TCP UDP IP protocol rules or abnormal packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle When the Port number is O zero When the TCP flag combination is abnormal and others gt If devices making up this feature are replaced due to malfunction etc you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal In a
109. e use from 00 00 5e 00 01 fc onward for the Customer system Enterprise Cloud Functional Description ver2 36 5 6 On Premises Interonnectivity On Premises Interconnectivity is a service that provides a secure L2 connection between the Server Segment NTT Communications provides and your system environment inside the environment that you operate yourself called On Premises Environment below via the Internet For On Premises Interconnectivity the On Premises GW is installed in the Data Center and the On Premises Environment The On Premises Interconnectivity gateway is constructed of redundant physical devices 5 6 1 Available Features You can use the following features in On Premises Interconnectivity Layer 2 L2 Connection A feature that connects the Server Segment NTT Communications provides and the On Premises Environment using the same Server Segment 5 6 2 Layer 2 L2 Connection On Premises Interconnectivity is composed of the following devices 2 On Premises GW inside the On Premises Environment Bandwidth The total of both sides is a maximum of 100 Mbps Inside the On Premises Inside Data Center Ee On Premises Py Environment On Premises Connectivity GW Connectivity GW Servers Segment Servers Segment Biz Hosting Enterprise Cloud On Premises Environment Enterprise Cloud Functional Description ver2 36 Adding and Reducing L2 Connections You can add chan
110. ecessarily included in the notification details Ifa partial failure occurs that does not affect your use of the system we may perform maintenance work without sending you a notification Enterprise Cloud Functional Description ver2 36 8 4 Maintenance Information In the Enterprise Cloud we perform the maintenance necessary for continuous use of your system as required The primary maintenance is described below Taking countermeasures against security vulnerability Maintenance work and improvements on server and network devices Advance Notice If there are plans to perform maintenance the Technical Help Desk will typically post maintenance information on the Customer Portal two weeks in advance unless the work is urgent The maintenance information may include a request to borrow your system If a partial failure occurs that does not affect your use of the system we may perform maintenance work without sending you a notification The switching behavior for devices in a redundant configuration at the time of a failure of active device or the interface for the active device is an automatic switch to a standby device However you may need to manually switch from the standby device back to the active device when the active device recovers Enterprise Cloud Functional Description ver2 36 8 5 Limitations to Maintenance Operations Support for Failures When handling failures we may have no choice but to
111. ed The standard is for two Server Segments to be provided You can specify Server Segments within the ranges listed below for each Data Center Enterprise Cloud Functional Description ver2 36 When using vFirewall Xx Maximum Server Segments which can connect to INA are up to 7 Features that can be Interconnected The following features can be connected using Server Segment Virtual machines provided by Compute Resource Virtual machines provided by Compute Resource Dedicated Device vFirewall that is provided by vFirewall vLoad Balancer that is provided by vLoad Balancer Service Interconnect Gateway that is provided by Service Interconnectivity Colocation Interconnectivity Gateway provided by On Premises Interconnectivity Settings When Adding Server Segment When you ask for Server Segment you must specify the following settings Network Appliance Specify whether or not to connect to vFirewall or Integrated Network Appliance You cannot change whether or not to connect to vFirewall or Integrated Network Appliance and the IP address block for Server Segment after the Server Segment has been created If you do not connect the Server Segment to vFirewall NTT Communications cannot perform Ping monitoring on any device connected to that Server Segment Enterprise Cloud Functional Description ver2 36 Types of IP Address Blocks The IP address blocks used for Server Segment are divided into the followi
112. ee oo MSSQL10_50 MSSQLSERVER MSSQL Data MSSQL10_50 MSSQLSERVER MSSQL Backup zy zz i i i i Enable FILESTREAM for Transact SQL access Disabled Analysis Services Configuration Account Provisioning Spacify which users have administrative permissions for AnjAdministrator Data Directories MSAS10_50 MSSQLSERVER OLAP Data MSAS10 50 M Q R R OLAP Log MSAS10_50 MSSQLSERVER OLAP Temp MSAS10_50 MSSQLSERVER OLAP Backup Reporting Services Configuration Reporting Services Configuration Install but do not configure the report server For SQL Server 2012 Standard English Item Remark Settings Information Feature Selection Instance Features Database Engine Services QL Server Replication Full Text and Semantic Extractions for Search Data Quality Services Analysis Services Reporting Services Native Shared Features v Management Tools Basic Instance Configuration Instance Instance ID Instance root directory Server Configuration Service Accounts Service SQL Server Agent Account Name Startup Type Manua Cid Service SQL Server Database Engine Account Name tartup Type Service SQL Server Analysis Services Account Name Startup Type Service SQL Server Reporting Services Account Name tartup Type Service SQL Server Integration Services 11 0 Account Name Startup Type Service SQL Server Distributed Replay Client Account Name NT Service SQL Server Distributed Replay Client
113. eein 249 8 5 Limitations to Maintenance Operations cccceeeeeee cece teeter ee ee ee eeeee 250 UN aisne etna colon ndenueseaiecetense tera ted a E 251 Revision HIStOFY ccxcvierscanedencuinavaustaiexesatenavabsatnacetseivaussceanaescoienckarncauees 253 Enterprise Cloud Functional Description ver2 36 1 Overview of the Enterprise Cloud 1 1 What is Enterprise Cloud The Enterprise Cloud uses the cloud infrastructure at the NTT Communications robust Data Centers to provide ICT resources such as Compute Resources firewalls load balancers Internet Connectivity and VPN Connectivity The characteristics of Enterprise Cloud are described below Connectivity J a Required cen E emet gt bandwidth Required bandwidth Resources dii Load balance feature Firewall feature lt Internet Compute resources Required gt tna resources gt a CPUs 1 GHz units Memory 1 GB units CPUs Memory Disk Disks 50 GB units Groupware Internal ree Customer Portal Platform In addition to server virtualization technology network virtualization technology is also used within Data Centers and for networks between Data Centers allowing flexibility when providing resources and a high degree of self management You can also specify and use cloud infrastructure from Data Centers located in Japan America Europe Singapore and Hong Kong Customer Portal From the Custo
114. ees 99 3 6 Microsoft SAL RDS SAL ccccceceeeee cence eee e eter cee seer een eae snes ee eea een enees 111 3 6 1 Available Features ccs teas ciitet sonatas E 111 3 6 2 Provision Of an RDS SAL 0 cece eee eee eee eee ee ee eee aeai 112 3 6 3 Provision of a Public Catalog cccececeeeee tees ee eeeeee eee en ed 112 3 6 4 Important POUMS siicccsstsccstisecssassetarartdaassnee satsecadranataadeasazace 113 4 Backup Global Standard Menu sc cssciisahewes iancediicerialsdcne ie otiedida needs 114 Aad image BACKUP i eiis ncesaeaii ianvsae citeeded ana E a EA 114 4 1 1 Available FeatureS ssssssssssssnnnnnnnnnunnnnnnnnnnnnnnnnnannnnnnnnnnnn 114 4 1 2 Backup and Restore ss sssssssssnnnnnnnnnunnnnnnnnnnnannnnnnnnnnnunnnnnn 114 4 1 3 Backup and Restore Management ssssssssrrrrrerrrrnrrrrerrrrrrnrrene 116 421 4 Important PONS ts veccieietedeied Siceiads aublaueh e NAA SE NA 118 AD Fie BACKUP ascee stich entire cc ek gies nEaN EET EAEE EN 122 Enterprise Cloud Functional Description ver2 36 4 2 1 Available FeatureS sssssssrrssrrsrnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnann 122 4 2 2 Backup File Stora gEsiicrrrinarer irrena Eaa 123 4 2 3 Backup File ReStore cceceeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeeeeeeeeeegeees 124 4 2 4 Backup and Restore Management ceceeeeeeeeeeeeeeeeeeeeeeneeaenes 124 4 2 5 Important PONS scsccscssescciissentescarenecienaceasearciectaananese sana snare 126 5 Network
115. ement Tools Basic Selected Management Tools Complete Selected Distributed Replay Controller Selected Distributed Replay Client Selected SQL Client Connectivity SDK Selected Instance root directory C Program Files Microsoft SQL Server Shared Feature directory Shared Feature directory x86 C Program Files Microsoft SQL Server C Program Files x86 Microsoft SQL Server Instance Configuration Instance Default instance Instance ID MSSQLSERVER Server Configuration Service Accounts Service SQL Server Agent Account Name NT Service SQLSERVERAGENT Startup Type Manual Service SQL Server Database Engine Account Name Startup Type NT Service MSSQLSERVER Automatic Service SQL Server Analysis Services Account Name NT Service MSSQLServerOLAPService Startup Type Automatic Service SQL Server Reporting Services Account Name NT Service ReportServer Startup Type Automatic Service SQL Server Integration Services 12 0 Account Name NT Service MsDtsServer120 Startup Type Automatic Service SQL Server Distributed Replay Client Account Name NT Service SQL Server Distributed Replay Client Startup Type Manual Service SQL Server Distributed Replay Controller Account Name Zz Service SQL Server Distributed Replay Controller Startup Type Manual Service SQL Full text Filter Daemo
116. ength of IP Address Blocks 29 8 are availeable If you started using the VPN Connectivity at Yokohama No 1 Data Center after November 15 2013 you should pay attention to the following points To be Custome Portal Available VPN Connectivity service termination and new order is needed Change bandwidth in order form Lease construction is not necessary 17 business days is needed to change APGW Connectivity segment setting is not necessary in Customer Portal available VPN Conectivity And 1Gbps Guaranteed plan is not available Enterprise Cloud Functional Description ver2 36 5 3 Server Segment Server segment is a service that extends Server Segments We provide L2 segments called Server Segment below to interconnect the multiple services that make up Enterprise Cloud You can connect the Virtual Machines vLoad Balancers and Service Interconnect Gateways over the Server Segment and also construct systems with complex network structures vFirewall H Service Interconnectivity Gateway Server Segment 1 Service Interconnectivity vLoad Balancer Gateway Server Segment 2 Server Segment N Virtual Machine 5 3 1 Available Features The following features are available for Server Segment Feature Overview Server Segments are A feature that uses L2 segments to interconnect the provided multiple services which make up Enterprise Cloud 5 3 2 Server Segments Are Provid
117. ent For details please check the description of features for each service In the IP address block for the Server Segment you cannot specify overlapping IP addresses across the following address bands Yokohama No 1 172 22 0 0 17 172 22 128 0 17 10 223 0 0 17 10 223 128 0 17 Saitama No 1 172 27 0 0 16 10 237 0 0 16 10 238 0 0 16 Singapore Serangoon 172 20 0 0 17 172 20 128 0 17 10 200 0 0 17 10 200 128 0 17 San Jose Lundy 172 22 0 0 17 Virginia Sterling 172 22 128 0 17 UK Hemel Hempstead2 10 223 0 0 17 Thailand Bangna 10 223 128 0 17 Malaysia Cyberjaya3 Australia Sydney1 The IP address block for the Server Segment cannot be changed after it is allocated Enterprise Cloud Functional Description ver2 36 Restrictions on the Hardware Configuration for Compute Resource If multiple Virtual Machines with the same role are created for one physical server and that physical server fails the applications on those Virtual Machines may stop at the same time You cannot select a physical server that runs a specific Virtual Machine The network equipment and physical server interface provided by Compute Resource has redundancy If the interface fails it automatically switches from the regular interface to the standby interface The Guest OS on the Virtual Machine and the applications that are running on the Guest OS may be affected when switching interfaces If the zone is the same resourc
118. ent Function For the Virtual Server registered as the target of file backup it is possible to check the configurations to confirm whether the backup job is enabled It is possible to move from this feature to the schedule management feature and then set a new schedule Backup History History of execution of backup is displayed History is displayed in order of time when job starts job type backup status Success Failed execution time and target file folder Following 2 display methods history display for the latest 7 days and all history display Restore can be executed only from the NBU Agent installed on the Virtual Server Restore history can be displayed by NBU Agent Restore Management The backup file list start time end time disk type all disks can be checked and restored from the NBU Agent Restore is immediately executed It is also possible to delete the backup file immediately 4 2 5 Important Points About Application for this Service To use this service you must provide information about ID password with administrator right or root right for the Virtual Server containing file and folder targeted for file backup to NTT Communications NTT Communications use this information for installing and configuring NBU Agent Be sure to delete ID or change password immediately after NBU Agent becomes available In addition to installation and configuration of NBU Agent the work for registering information of the targ
119. ent targeted for analysis to the Service Interconnect Gateway used for Network Profiling If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for analysis directly to vFirewall Analysis Capacity The traffic volume that can be analyzed by Network Profiling is shown below Item Performance Remarks Per Maximum service 5 services used Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink amp Enterprise Cloud Functional Description ver2 36 Number of 40 000 200 000 The number of sessions concurrent that can be connected sessions simultaneously You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services used by applying additional services 7 11 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with Network Profiling you must have two IP address blocks available If the IP address block is already being used we might ask you to change it NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded Packets which break TCP UDP IP protocol rules or abnorma
120. ents 1 GB Cannot be changed Enterprise Cloud Functional Description ver2 36 Resources that can be assigned to a Virtual Machine Customer Portal ver2 0 The amount of resources that can be assigned to Virtual Machine differ according to the Compute Class vCPU Memory Virtual Memory Hardware Virtual CPU Hardware Memory Capacity Number of vCPUs 1 32 vCPUs 1 128GB Virtual Increments 1GB Machine peer Virtual Storage Devices Root Disk R 2 Storage area on the quest OS Number of disks 1 Cannot be changed Virtual Network Adaptor Hardware Quantity 8 Cannot be changed Primary NIC Data Disk Data Storage Area Number of disks 0 to 59 Disk Capacity 1 to 2 047 Increments 1 GB Disk Capacity 1 to 2 097 151 Increments 1MB The vNIC that functions as therepresertative vNIC Quantity 1 Cannot be changed Total disk no limit Total disk capacity no limit Memory capacity different for each Compute Class must be less than the amount of space left in storage vCPU A vCPU is virtual CPU hardware that makes up a Virtual Machine From the Compute Resource Pool you can specify the number of vCPUs and assign it to a Virtual Machine Enterprise Cloud Functional Description ver2 36 How many can be assigned The quantities of vCPUs that can be assigned to one Virtual Machine are shown below The configurable setting of Customer Portal ver1 0 are different from th
121. er of Proxy IPs used differs according to the vLoad Balancer resource value that is used When you change the vLoad Balancer resource value Proxy IP will automatically be added or reduced by the system Enterprise Cloud Functional Description ver2 36 Balancer resource values Service Interconnectivity W Communication Segment Real Server Real Server Real Server VIP Proxy IP Used for communication with the load balancing destination server real server vLoad Balancer 5 8 5 Important Points In order to increase the vLoad Balancer resources available IP addresses in the Server Segment are required Communication interruptions might occur when you change vLoad Balancer settings from the Customer Portal Enterprise Cloud Functional Description ver2 36 5 9 Integrated Network Appliance Integrated Network Appliance service is the service where the virtual network devices equipped with the firewall function NAT NAPT function routing function load balancing function and IPsec termination function are provided With the Integrated Network Appliance service one virtual network device dedicated for customers called Integrated Network Appliance below is provided Various parameters can be changed from Customer Port When starting to use the Integrated Network Appliance service the stateful packet inspection function used for blocking illegal access by reading data of packets that pass
122. ere is some inconvenience When disk of Virtual Server under operation is deleted after backup and the disk contract of Compute Resource is being reduced please perfrom restoration after cheking wheter the amount of disks required for restoration is secured in Compute Resource Please exexute the VM restoration one by one within same Compute Resource Pool It is necessary to have free memory on Compute Resource Pool for overhead only when restoring The overhead is recommended to be max 20 of the memory assigned to the Virtual Machine Enterprise Cloud Functional Description ver2 36 Ifthe IP Address for Virtual Machine is assigned either on vFirewall or vLloadBalancer please release the settings of vFirewall or vLoadbalancer temporarily and restore Please contact the Support Center via Customer Portal ticket if the restoration does not complete Please do not assign the IP Address of the Virtual Machine used during the Backup to other Virtual Machines Restoration will fail due to IP Address duplication Backup of Compute Resource Dedicated Device Be careful with the following points when backing up the Virtual Server used by Compute Resource Dedicated Device For the backup work area 10 of the Storage Device that is used by Compute Resource Dedicated Device will be used During the backup the performance of the Disk I O of the Storage Device that is used by Compute Resource Dedicated Device may
123. ering feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the URL Filtering feature Configuration information obtained from providing URL filtering Information concerning controls etc for URL filtering We cannot guarantee recovery from failures that might occur due to incompatibility between URL Filtering and your environment or failures that occur due to your operations other than those specified by NTT Communications 7 5 Application Filtering Application Filtering is a service that blocks communication from applications that are not necessary for work in accordance with your policies INFO Application Filtering is used via Service Interconnectivity You need to apply separately for Service Interconnectivity 7 5 1 Available Features You can use the following features in Application Filtering Feature Overview Application Filtering A feature that categorizes applications and blocks communication from specified applications 7 5 2 Application Filtering Feature This feature categorizes applications by communication content and blocks communication from specified applications You can select applications to be blocked from among the applications that can be controlled by Application Filtering Please check the following website for the controllable applications http apps paloaltonetworks com applipedia E
124. erver targeted for backup is powered on or off During backups the performance of the Disk I O of the Virtual Server that is being backed up might be reduced The backup begins within the Time Window you specify The backup start time cannot be specified in units of minutes and seconds Backup cannot be configured in the last 5 minutes 55 minutes to 0 minute of the 1 hour time slot for backup The alert message appears Ifthe number of backup jobs that are performed at the same time in each time slot exceeds the maximum value we recommend using the closest available time slot within the same day or the closest date in the same time slot Ifthe Virtual Server targeted for backup has been deleted at the backup start time the backup will not be performed Disk of the target Virtual Server cannot be extended while performing the backup process Enterprise Cloud Functional Description ver2 36 To ensure consistency of the file system during backup we recommend setting rest points such as turning OFF the Virtual Server and performing the backup When Virtual Server is shut down by Cutomer Portal or in Guest OS status is change to Partially Powered Off So please push Power Off button by Customer Portal mandatory in order to complete to be powered off If the target Virtual Server is restored during the backup inconsistency in backup data may occur so do not perform the restore operation duri
125. es connectivity gateway on premise Primary Storage Notification Procedure L4 X1 L4 L4 L4 L4 L4 L3 X2 L3 X2 X1 Customer Portal features can be used to send an alarms from ping monitoring infrastructure to a pre specified email address X2 This is an email notification only It is not displayed in the Customer Portal Enterprise Cloud Functional Description ver2 36 8 3 2 Remote Monitoring System In the Enterprise Cloud the NTT Communications monitoring infrastructure monitors your contracted resources 24 hours 365 days A diagram of the Enterprise Cloud monitoring is shown below Alert appears in the Customer Portal Alert email service Interconnectivity GW Virtual Machine Biz Hosting Ping monitoring Enterprise Cloud NTT Com monitoring infrastructure Always monitored Support for Failures Virtualization infrastructure Ping Monitoring for Compute Resource Ping monitoring settings If you set up monitoring notifications from the Customer Portal you can perform Ping monitoring on Compute Resource Also using the Customer Portal you can set the alarm notification setting On Off for each virtual server whenever the Virtual Machine is powered on Ping monitoring contents The primary vNICs of Virtual Machines created in a Compute Resource Pool are pinged by the NTT Communications monitoring infrastructure every 60 seconds Enterprise Cloud Functio
126. es Environment On Premises GW inside the Data Center The connection line from the On Premises GW inside the Data Center to the Internet is provided by dedicated On Premises Interconnectivity lines An Internet Connectivity service is not necessary For details on Internet Connectivity refer to 5 Internet Connectivity P 130 Enterprise Cloud Functional Description ver2 36 Between the devices inside the Data Center and the On Premises GW inside the On Premises Environment The communication infrastructure that is used for the On Premises Interconnectivity between the devices inside the Data Center and the On Premises GW inside the On Premises Environment is shown below External Environment NTP UDP IP Addresses 210 137 160 27 210 137 160 57 210 137 160 87 Port 123 Port 500 IKE UDP Port 500 On Premises On Premises Connectivity GW Connectivity GW Port 4500 IPSec NAT T UDP Port 4500 nests On inside Data Center _IP Address Subnet Mask 153 128 53 16 28 Environment SSH TCP ICMP Protocol No 1 NTT C Monitoring ee Monitoring SSH TCP Servers IP Address Subnet Mask 153 128 53 32 28 Biz Hosting Enterprise Cloud On Premises Environment We recommend using a firewall to connect securely to the Internet You need to set up your own firewalls Please allow the following protocol communication in order to implement On Premises
127. es may be kept on the same physical server or storage device even if the service class Premium or Standard is different Restrictions on the Settings for Compute Resource Application Resources The performance of each resource may vary by Data Center When changing Compute Resources you need to create the Virtual Machines and configure the resource settings for Virtual Machines yourself NTT Communications is not responsible for errors that occur as a result of these settings such as abnormal operation of your applications NOTE When changing Compute Resources we may ask you to create a new Compute Resource Pool to ensure that a stable service is provided even if the compute resource that you are changing has not reached the resource upper limits Restrictions on Virtual Machine Disks To use the Disk capacity expansion feature you need to install and enable VMware Tools Version 8 6 0 or higher in the Guest OS on the Virtual Machine The Disk capacity expansion feature cannot be used while a backup image is being obtained You cannot reduce the Disk capacity Restrictions on Virtual Hardware You cannot change MAC addresses that have been set on virtual hardware such as VNIC You cannot use your own MAC addresses that are not administered by NTT Communications If we become aware that you have changed a MAC address or are using your own MAC address we may stop that Virtual Machine w
128. esources resources resources Compute Resources Regular servers Standby server Regular servers Standby server Enterprise Cloud Functional Description ver2 36 The HA Cluster feature does not detect any failures and perform an automatic recovery on a Virtual Machine that you have created The HA Cluster feature does not guarantee the recovery of a Guest OS or applications running on a Guest OS on a Virtual Machine that you have created Zones When a failure is detected on a regular server the Virtual Machine restarts on a standby server The Virtual Machine that you created may temporarily stop until it restarts on the standby server As a result if you have created a redundant configuration between multiple Virtual Machines but you have added the Virtual Machines to the same Compute Resource Pool the redundant configuration may not behave as expected Zones are used to deal with this problem A zone is a group of physical equipment physical servers and storage devices that accommodates a Compute Resource Pool You can choose either Zone A or Zone B for each Compute Resource Pool Virtual machines created from Compute Resource Pools with different zones run on different physical equipment as shown below Example When zones are set on Compute Resource Pools 1 to 3 Compute Resource Pool Zone Virtual Machine Physical Equipment Running the Virtual Machine Compute Resource Pool 1 Zone A Virtual Machine i Physical E
129. ete Memory Dump you need at least the Memory assigned to the Virtual Machine 300 MB of available space on the drive on which the dump files are created Regarding the License Certification for Windows Server 2012 Standard and Windows Server 2012 R2 Standard Customer needs to adjust the time by using NTP server License will not be activated if there is a lag between the Server time and the actual time The default gateway of the Virtual Machine needs to be set on the vFirewall If customer will set the default gateway on other than vFirewall they would have to set by static routing Global IP Address is being used as a host for license activation but the transmission itself is closed with NTT Com platform and it will never go out to the Internet For more details on the static routing please contact the techinical help desk individually Red Hat Enterprise Linux Restrictions Virtual machines created with OS License must be registered in the Red Hat network and all registrations must be up to date OS license does not provide users with RHN login ID information for logging in to the Red Hat Customer Portal formerly known as the Red Hat Network If you want to install optional software that includes a Red Hat Enterprise Linux subscription please use the yum interface for installation NTT Communications can also install the software for a fee Prohibited Acts The acts listed below violate the agreement betwee
130. eted Virtual Server into the NTT Communications backup infrastructure is necessary Even if the customer configures NBU Agent this service is not available until NTT Communications completes the above registration work NTT Communications set up Server Segment for File Backup If Customer have already used IP address range below this service cannot be provided 10 223 112 0 20 Please permit port 1556 for this servce Please refer to following site in case of Windows Firewall settings http windows microsoft com ja jp windows understanding firewall settings 1T C windows 7 Please do not change any Server Segment parameter for Filebackup by Customer Portal In Windows Server Registry Key will be added for this service Please confirm whether there isn t influence to the system beforehand REQESTED_INTERFACE Host Name for backup Server Segment CRYPT_OPTION REQIRED Fixed CRYPT_KIND STANDARD Fixed CRYPT_CIPHER AES 256 CFB Fixed On the derivery process reboot and Guest OS Customization are needed Some parameters will be changed For details refer to Guest OS Customization P 66 Server Segment for this service is reserved Please do not use for other uses Recommended Environment File backup supports following Guest OS license Virtual Server Templates provided by NTT Communications Windows Server 2008 R2 Enterprise Windows Server 2012 Standard Red Hat Enterprise
131. fa Virtual Machine is deleted the root Disk and data Disks are deleted at the same time The data from a deleted Disk is erased according to the appropriate method specified by NTT Communications A data erasure certificate is not issued You cannot remove detach a data Disk that is connected to a Virtual Machine and connect attach it to another Virtual Machine You can add and delete data Disks and expand the Disk capacity from the Customer Portal regardless of whether the Virtual Machine is powered on or off But please do not change in Partially Powered Off state If you add or delete a data Disk or expand the Disk capacity while the Virtual Machine is powered on the Disk may not be recognized properly by the Guest OS However it will be recognized properly if the Guest OS is compatible with hot swap The Disk capacity of the root Disk depends on the template that was selected when creating the Virtual Machine How many can be assigned You can add or reduce the Disk capacity and the number of data Disks connected to one Virtual Machine within the ranges shown below The configurable settings of Customer Portal ver1 0 are different from those of Customer Portal ver2 0 Customer Portal ver1 0 Lower Limit Upper Limit Setting Unit Number of data 0 6 1 Disks Enterprise Cloud Functional Description ver2 36 Disk capacity 1 GB 2 000 GB 1 GB Customer Portal ver2 0 Lower Limit Upper Limit Setting Unit
132. feature for having a secure L2 connection between the Server Segments in Enterprise Cloud and your system environment within NTT Communications Colocation Provides a feature for having a secure L2 connection between Server Segments in the Enterprise Cloud and an On Premises Environment through the Internet The main firewall features that are provided are a routing feature packet filtering feature and NAT NAPT feature Provides a virtual load balancer device on a Server Segment You can use the load balancing feature for communication with Virtual Machines in a Server Segment Provides Firewall NAT NAPT Routing Load Balancing and IPSec termination function Provides a feature for storing desired data in a remote Japan or overseas Data Center gt P 130 gt P 134 gt P 139 gt P 144 P 148 P 152 gt P 158 gt P 164 gt P 171 gt P 185 Security IPS IDS Email Anti Virus Web Anti Virus URL Filtering Application Filtering WAF Web Application Firewall VM Anti Virus VM Virtual Patch VM Firewall Application Profiling Network Profiling RTMD Web Provides a feature for detecting and blocking unauthorized access and cyber attacks ona Virtual Machine Provides a feature for inspecting for viruses in SMTP communication such as files attached to emails and detecting and blocking viruses Provides a feature for inspecting for viruses in HTTP comm
133. from devices that provide the Web Application Firewall WAF feature to a Virtual Machine In the Virtual Machine settings allow communication ICMP Health check to L4 establishing a 3 way handshake Web Application Firewall WAF does not guarantee that the feature that detects and blocks attack traffic on Web applications has integrity or accuracy or is suitable for your use Furthermore the suitability of the signatures algorithms that judge the degree of danger and attack traffic provided by the developers or distributors of the devices making up the Web Application Firewall WAF feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the Web Application Firewall WAF feature Configuration information obtained from providing Web Application Firewall WAF Information obtained from Web Application Firewall WAF controls etc We cannot guarantee recovery from failures that might occur due to incompatibility between Web Application Firewall WAF and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 7 VM Anti Virus VM Anti Virus is a service that defends the Virtual Machine from virus contagion and threats 7 7 1 Available Features You can use the following features in VM Anti Virus Real Time scan A feature
134. g Disk region within the ranges shown below Item Lower Limit Upper Limit Setting Unit Disk Resources 10 GB 4 000 GB 10 GB Guest OS license usage fees are incurred if you create a template of a Virtual Machine that contains an OS license provided by Compute Resource and then create a Virtual Machine based on the template For details regarding the applicable types of Guest OSes refer to 3 4 OS License P 92 If the Virtual Machine is over 4 000GB for total disk capacity memory resource different for each Compute Class the template cannot be created 3 3 3 Create Template Feature You can convert a created Virtual Machine and save it as a template in a Private Catalog You can also delete stored templates When creating a template confirm that the following requirements have been met The Virtual Machine is powered off The Private Catalog Disk region has more available space than the total value of the Disk capacity and Memory capacity of the Virtual Machine The Virtual Machine is not deleted by creating and deleting templates The configuration of the root Disk and data Disks for the Virtual Machine and the data are preserved Enterprise Cloud Functional Description ver2 36 Understanding the Consumption of Private Catalog Disk Resources When creating a template the following capacity is consumed from the Private Catalog Disk resources Total value of all of the Disk capacity mounted in the Virt
135. ge and delete L2 connections between NTT Communications s Server Segments and On Premises Environment within the ranges listed below for one On Premises Interconnectivity Lower Limit Upper Limit Setting Unit Number of L2 connections 1 24 1 You can connect to multiple On Premises Environments at each Data Center The bandwidth that can be used for one On Premises Interconnectivity is a maximum of 100 Mbps for the total communication going both ways The connection network is provided via the Internet so quality cannot be guaranteed Use Conditions for On Premises Interconnectivity The following shows an example of general On Premises Environment structure Here is an explanation of the required conditions for the On Premises Environment for connecting between Server Segment and the On Premises Environment WAN side LAN side Inside the On Premises Environment On Premises Connectivity GW i J Link i Inside Data Center On Premises Connectivity GW Servers Segment L3 Switch Firewall L2 Switch IEEE802 1Q Customer Tag VLAN equipment Area used by the Customer Global IP Address Ethernet Cable Virtual Machine On Premises Biz Hosting Enterprise Cloud iz Hosting Enterprise Clou Environment Area provided by NTT Communications i Area used by the Customer e You are responsible for the design and settings of your own area within the On Premis
136. gement protocol P 181 wrong IKEv2 ISAKMP Oakley correct IKEvi ISAKMP Oakley 1 Updated Customer Portal ver2 0 2 Updated service menu list in each Data Center Added Saitama No 1 Datacenter 3 Updated Compute Resource Updated Assigning Resources to a Virtual Machine Both Shared and Dedicated Compute 4 Updated Private Catalog Added restrictions of VM size for creating template 5 Updated Database License Added restrictions for configurable value 6 Updated Image Backup Added description for Supported VM size 1 Updated service menu list in each Data Center 2 Updated Compute Resource Memory overhead parameters for vCPUs Guest OS Customization period from 10 minutes to 30 minutes 3 Updated OS License Added Windows Server 2012 R2 in SG Enterprise Cloud Functional Description ver2 36 4 Updated Server Segment 24 can be available in INA Maximum Server Segments which can connect to INA are up to 7 DNS suffix can be specified by Customer 5 Updated vLoad balancer Updated restriction for using Cookie Insert Method or x forwarded for header addtion 3 23 2015 Ver2 36 1 Updated OS License Windows Server 2012 R2 is available in AU 2 Updated Customer Portal Version List Ver2 0 is available in UK 3 Updated service menu list in each Data Center Guaranteed Compute is available in AU 4 Updated Colocation Connectivity Kyoto No 2 Data Center is available in Kansai1 Data Center
137. hared Shared Dedicated Shared Shared Shared Shared Shared Shared Shared Shared Devices in the Data CPU Memory resources Best Effort Contracted value for Disk resources Guaranteed Contracted value for Disk resources Guaranteed Resources that provide dedicated devices Guaranteed X Any value can be set for the CPU Memory Disk resources Contracted value for Disk resources Guaranteed Contracted bandwidth Best Effort Contracted bandwidth Guaranteed Contracted bandwidth Best Effort Contracted bandwidth Guaranteed Bandwidth for traffic usage Best Effort Bandwidth for traffic usage Best Effort Bandwidth for traffic usage Best Effort Contracted bandwidth Best Effort connectivity vFirewall vLoad Balancer Integrated Network Appliance Global File Storage Global Data Backup IPS IDS Email Anti Virus Web Anti Virus URL Filtering Application Filtering Web Application Firewall WAF VM Anti Virus VM Virtual Patch VM Firewall Application Profiling Network Profiling RTMD Web RTMD Email Center Shared Devices in the On Premises Environment Dedicated Shared Shared Shared Shared Shared Shared Shared Shared Shared Dedicated Shared Shared Dedicated Dedicated Resource processing capacity Maximum value guaranteed Resource processing capacity Maximum value guaranteed Resource processing capacity Bes
138. hat provides features to acquire and store Virtual Server images called Backup Images below and features to restore the Virtual Server from the stored backup images Customer s Work Customer Portal Overwriting to the Virtual Server Network for i Storage Virtual Server You can use image backup at a Data Center that provides Compute Resource or Compute Resource Dedicated Device The products provided differ depending on the Data Center For details refer to 1 3 2 Available Data Centers P 21 4 1 1 Available Features Customer can use the following features in Image Backup Function Outline Backup and Restore A feature that acquires stores and restores backup images for the purpose of backup Backup images are stored in a storage device provided by the NTT Communications called Backup Storage below For restoration backup images are directly overwritten on the Virtual Server Backup and Restore A feature that manages backup of the Virtual Server It is Management possible to manage the schedule and check the history of backup and restore 4 1 2 Backup and Restore Backup A feature that acquires and stores backup images for the purpose of backup of the Virtual Server Disk images for backup are acquired and stored in backup storage after the backup starts Following are disks for backup All disks for the Virtual Server Enterprise Cloud Functional Description ver2 36 Image Backup
139. he schedule type retention period and start date or change or delete the created backup job Description Effective flag It is possible to enable or disable this backup job Schedule Job history It is possible to select the job from the schedule configured in Scheduled jobs the past or configure a new schedule If the job is selected from the schedule configured in the past the configured contents are adopted Schedule type It is possible to select the spot One Time daily weekly and monthly backup time Retention period You can decide the retention period for the acquired backup image Retention period varies depending on schedule type You can specify the date from when backup starts For spot daily and monthly backup the start date can be configured For the weekly backup the starting day of week can be configured For the monthly backup the third Monday can be configured Time slot 24 hours can be specified in units of 1 hour Backup time Either image backup or file backup can be selected While the effective flag is disabled backup does not start Time slot is the estimate of the time when backup starts so that time is not guaranteed The backup job can be created in units of Virtual Server and it is possible to create one backup job after combining multiple Virtual Servers Enterprise Cloud Functional Description ver2 36 Backup Schedule With the schedule management function retention ti
140. hen job starts job type backup or restore status Success Failed execution time and target Virtual Server Following 2 display methods history display for the latest 7 days and all history display Backup Image Management and Restore List of backup image is displayed The list displays start time end time image size and disk type all disks Restore can be executed from the list Restore is Enterprise Cloud Functional Description ver2 36 immediately executed It is also possible to delete the backup image immediately 4 1 4 Important Points Backup Image Store Image backup supports following Guest OS license Virtua Server templetes provided by NTT Communications Windows Server 2008 R2 Enterprise Windows Server 2012 Standard Red Hat Enterprise Linux Server 5 8 6 2 The backup image storage capacity is the size of the Disk of the Virtual Server targeted for backup It is different from the data capacity written into the backup storage When Virtual Server is deployed from Virtual Server template backup jobs cannot be set immadiately From a first power on please wait for about 2 hours and set The Virtual Server is charged according to disk size The starting point of the retention period for backup storage is the start time of the backup Charging starts from that point No fee is charged if backup fails The Backup Image acquisition process is performed independently of whether the Virtual S
141. hown below Item Performance Remarks Per Maximum service 5 services used Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink Number of 40 000 200 000 The number of sessions concurrent that can be connected sessions simultaneously You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services used by applying additional services 7 4 3 Important Points Used IP Addresses gt In order to connect the Service Interconnect Gateway with URL Filtering you must have two IP address blocks available If the IP address block is already being used we might ask you to change it NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded When the URL in Common Name of the server certificate matches the URL categorized as Block Continue the blocking warning screen is not displayed it is displayed as a browser error Enterprise Cloud Functional Description ver2 36 When you use a proxy server the Continue action is applied only to the communication from the client VPN to the proxy server It is not applied to the communication from the proxy server to the Internet from security standpoint When you select Continue as an action for a web site categories
142. ice Interconnect Gateway IP address storage only Secondary Storage IP address Remote DC 3 storage when using stored data at a remote DC Primary storage IP address e IP address of the same Data Center s Service Interconnect Gateway e IP address of the remote Data Center s Service Interconnect Gateway Secondary Storage IP address You cannot change the address block or IP addresses used for the connection Restrictions Not just Customer created data is saved in the shared External Storage area of Primary Storage Metafiles used for administration are also saved The data size of these administration metafiles is also included in the available capacity of Primary Storage and this size increases according to the size of your data and other factors You cannot link to a directory service The paths for the Primary Storage name and mount are set automatically Enterprise Cloud Functional Description ver2 36 If you delete the existing volume the administered data is also deleted and you will be unable to restore it The default gateway IP address for Primary Storage is the IP address for the Service Interconnect Gateway You cannot replace Service Interconnectivity once it has been set You cannot set the storage capacity and connection protocol separately for Primary Storage and Secondary Storage They are automatically set to be the same You can specify only one Sec
143. ice Interconnectivity 7 2 1 Available Features You can use the following features in Email Anti Virus Virus scan A feature that monitors email STMP communication and executes specified processes when viruses are detected 7 2 2 Virus Scan Feature SMTP is the protocol that is targeted for inspection by Email Anti Virus You can choose the detection and blocking operations The detection and blocking processes are shown below Allow Allows communication None Block Monitors email SMTP and detects viruses Blocking status Note that communication is blocked when viruses are detected and the SMTP Reply Code 541 is returned to the sender If NTT Communications judges it necessary we will notify you via email etc of the detection and blocking status for blocking only Enterprise Cloud Functional Description ver2 36 Routing Settings Only communication via Email Anti Virus is targeted for detection When you use Email Anti Virus please set the following routing Internet GW VPN Connection GW i g ip I I ANS VPN Internet arene Transit vFire wall z ER Routing setting for the communication addressed to the server segment Added Server Segment targeted for detection ee ee Communication route to the server segment targeted for detection Routing setting for the communication from the virtual machine Virtual Machine wan i Serve
144. il browser discards cookie No timeout in 60 seconds Server Group Specifies the server groups to which to apply these load balancing rules Selects the health check method from any one of the following TCP Port Enterprise Cloud Functional Description ver2 36 ICMP Ping Selects the load balancing method from any one of the following Round Robin Distributes to each real server load balancing destination server in order Hash Fixes the real server that is distribution destination based on the hash value of the source IP address Least Connections Distributes to the real server with the least number of connections Backup Server Group If the health check feature detects failures in all the real servers in the server group a server group can be specified to receive distribution as backup devices standby devices Header Addition Feature gt x Specifies whether to enable or disable the feature that adds the x forwarded for header to HTTP communication X HTTP header packet more than 4096bytes can not be available gt You can set the load balancing method when you add server groups and you can also change them after that Health Check Feature The health check feature detects real server failures It sends pings or ICMP pings to the TCP port of the real server at 2 second intervals If they fail 4 times in a row it is judged that the relevant real server is experiencing communication interrupti
145. instance o o ooo o Instance ID o O JMSSOLSERVER o e Instance root directory Server Configuration Service Accounts Service SQL Server Agent z NT AUTHORITY NETWORK SERVICE Startuptype Mama S Service SQL Server Database Engine Account Name SC INTAUTHORITY NETWORK SERVICE Startup Type Automatic S e Service SQL Server Analysis Services Account Name INT AUTHORITY NETWORK SERVICE Startup Type ooo ifAutomatic SS S Service SQL Server Reporting Services PY NT AUTHORITY NETWORK SERVICE Startup Type Automatic S S Service SQL Server Integration Services 10 0 PY Account Name INT AUTHORITY NetworkService Startup Type Automatic S e Service SQL Full text filter Daemon Launcher Account Name INT AUTHORITY LOCAL SERVICE J Startup Type Manat o S Service SQL Server Browser oo NT AUTHORITY LOCAL SERVICE Startup Type Disabled o d fd Database Engine collation CC CSCC4dSQL_Lttin d_Gernerral_CP1_CI_AS Analysis Services Latin1_General_CI_AS Enterprise Cloud Functional Description ver2 36 Database Engine Configuration Account Provisioning Authentication Mode Windows authentication mode Spacify SQL Server administrators Administrator Data Directories i i i Data root directory C Program Files Microsoft SQL Server Ce MSSQL10_50 MSSQLSERVER MSSQL Data a MSSQL10_50 MSSQLSERVER MSSQL Data sid A ce MSSQL10_50 MSSQLSERVER MSSQL Data eee e
146. is on but the Guest OS is stopped Powered On The power for the Virtual Y Y Y Machine is on Suspended The operation of the Virtual Y Machine has been stopped temporarily using the cloud infrastructure The suspend state and sleep state for the Guest OS is different to hibernation X1 The following overhead regions are required based on the number of vCPUs Memory resource overheads reference values Memory set on VM GB 1 2 4 8 16 32 64 128 256 512 1 27 01 33 55 46 68 69 79 122 31 230 52 443 3 860 93 1699 84 3389 44 2 33 63 40 16 53 29 75 28 1126 39 237 113 447 23 870 77 11710108 3389 44 4 4686 53 4 66 53 92 79 145 32 250 37 460 46 880 67 1730 56 3409 92 8 61 33 79 87 93 119 26 171 79 276 84 486 93 907 16 1751 04 3440 64 16 102 27 108 8 145 93 172 2 224 72 279 75 539 87 960 13 1802 24 3491 84 3200150550 el oS 7 4 k16999F 222538 S00 20m A40ISS MOlEOSm MR I6G104 04 64 eSa5S 25 X2 The capacity of Disk resources consumed as the swap region is the same as the used Memory capacity Used IP Addresses Allocate one Server Segment IP address block to one Server Segment and specify the prefix length Specify a prefix length of 29 to 24 for each Server Segment NTT Communications manages the allocated IP address block for the Server Segment and assigns the IP address selected from the IP address block to each Enterprise Cloud Functional Description ver2 36 device that connects to that Server Segm
147. isccsttieessatestaraetdsasseaesttabendreataadesaaanes 194 7 2 Email Anti ViruS ca rete cree pwd sh cht ens ee pasted an eah ancien as 196 7i2e1 Available Features xcs bass cititat eaa aE 196 72 2 NAPUS SCAN Feat re rroia eaaa a tes n eaS 196 Enterprise Cloud Functional Description ver2 36 7223 IMPOrtAN POMS sitara eraa aae aa E AEA 198 7 3 WeD ANU VIPUS siose arn are ra ar A EES a EENI ENEKEN 200 7 3 1 Available Features siriene rennin n Ea 200 72352 Vir s SCAN FeatUre iis siscecticeessatettaraetdsassnessttseeadraeataaiesaannce 200 7i353 IMPOPtant POINTS wisicesscscasrccessarsenstanadecta ananira 202 7A URE FISHING sacsc00 Mavi a a a tala isa vindabtadtaxesneats 204 F amp T Available Feature Seriana a 204 74 2 URL Filtering Feature serons anA 204 74 3 Important POIN S issis cssc aE ERRE 206 7 5 Application Filtering srosiisinsisreriitiniieate inaaianei iaai eani 208 7 971 Availabe FEatures niasa n aa a EE a 208 7 5 2 Application Filtering Feature ssssssssesssrrsrssrrrrerrrrrrirerrrrere 208 7 93 39 Important POINTS asasina a a EERE 210 7 6 Web Application Firewall WAF sssssesssssssssrssrerrsrrrirernrrerrerrrrerrerrr 212 7 6 1 Available Features ois ccccccce cee sse dence cee ccetecae eaaa 212 7 6 2 Web Application Firewall Feature ccceceeeeeeee cece eee eee eee 212 7 6 3 Important POINTS 3 cicccscseisarccessatsesstanassasscetsaeneenatat aise nika 215 Fond NMGAQUENVIFUS ic ngenani n a a N ea etwhiebad EE A NE
148. ission speed Provides maximum uplink speed of 100 Mbps and maximum downlink speed of 100 Mbps The Best Effort Type is a best effort type service that changes the transmission speed according to your system environment and line congestion The actual transmission speed varies according to the usage of other customers and infrastructure status The service does not guarantee transmission speed The Guaranteed type does not provide transmission speed higher than Enterprise Cloud Functional Description ver2 36 the specified bandwidth The VPN Gateway is constructed of redundant physical devices equipment and lines It supports Internet protocol version IPv4 5 2 3 VPN Routing Settings You can set up routing for communication between Enterprise Cloud IP Addresses and Customer location or another Enterprise Cloud Data Center or other application services via VPN Routing can be set up for a maximum of 128 routes other than the default routes But 24 routes are a maximum in Customer Portal available VPN Connectivity 5 2 4 Enterprise Cloud and VPN Routing Design When you order the service you must specify the following VPN Connectivity settings Item Overview Prefix Length of IP Address Blocks APGW connection Sets the Server Segments called APGW 27 segment connection segments below used for settings 1 connecting between the VPN Gateway and the application gateway called APGW below VPN
149. ithout advance notice Enterprise Cloud Functional Description ver2 36 Restrictions on the Guest OS and Applications When installing a Guest OS on a Virtual Machine you need to verify the system requirements for the Guest OS number of vCPUs Memory capacity Disk capacity and so on licenses and terms of support with your Guest OS vendor yourself When installing applications on a Guest OS you need to verify the system requirements for the application number of vCPUs the CPU processing capacity of the vCPU Memory capacity number and capacity of Disks number of vNICs and so on licenses and terms of support with your application vendor yourself When you install a Guest OS or application NTT Communications is not responsible for checking or reporting whether operations can be guaranteed in your system configuration or whether there are any licensing issues The Guest OS will recognize a vNIC as a NIC even if it is not connected to a Server Segment When changing the Guest OS network settings do not disable a vNIC that has been recognized even if you are not using that vNIC If you do disable it errors may occur in services such as Private Catalog and Image Backup Other Compute Resource uses software that NTT Communications has licensed from VMWare Inc The VMware features provided in Compute Resource have been selected based on Compute Resource specifications Not all VMware features are included
150. l Inquiries and requests notified to the Support Center or Technical Help Desk If the matter is outside of the threshold of monitored items stipulated for each service the failure will be handled promptly as required 8 2 2 Maintenance and Operations System An overall diagram of maintenance and operations at NTT Communications is shown below As a standard feature you can set up CUStOMEF Ping monitoring from the Customer Portal Confirm failure Notify Request work Request support Respond Inquire Report Tier1 1 5 Respond to inquiry Report completion Inquiry Notification of maintenance Confirm usage status Confirm history amp Customer Portal Manage ticket Usage status etc lt Monitor pings Support Center Monitor systems Failure desk Local office Maintenance system Technical Help Desk Receive work requests Inquiries desk Respond to Level 1 failures Monitor systems Respond to failures Engineering Group Respond to Level 2 failures Fundamental treatment of failures etc Vendor Repair HIW Replacements and maintenance S W maintenance Enterprise Cloud Functional Description ver2 36 8 3 Contact When a Failure Occurs When a failure is detected or an alert is generated in the Enterprise Cloud you will be notified by the Support Center You
151. l packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle When the Port number is O zero When the TCP flag combination is abnormal and others gt If devices making up this feature are replaced due to malfunction etc you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal In addition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the log or the event reports for the period during which the switching occurred from the Security Web Portal Network Profiling does not guarantee that the Network Profiling feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the application virus and URL identification algorithms provided by the developers or distributors of the devices making up the Network Profiling feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the Network Profiling feature Configuration information obtained from providing network profiling Information relating to Network Profiling processing We cannot guarantee recovery from failures that might occur due to incompatibility between Network Profiling and your environment or failures th
152. lication Filtering Web Application Firewall WAF Application Profiling Network Profiling X You need to apply separately for the Service Enterprise Cloud Functional Description ver2 36 1 4 Services That Have Data Center Specific Usage Local Option Menu The services available through the local option menu vary depending on which Data Center you are using vLoad Balancer Service Interconnectivi GW Virtual Machine Compute Resource Pool Spe lI ens Global Standard Menu You need to apply separately to use the local option menu For details please contact your NTT Communications sales representative INFO You can only use Global File Storage Global Data Backup Self through Service Interconnect Gateway Enterprise Cloud Functional Description ver2 36 The local option menu for Japan Data Centers is shown below OS License Switch License Oracle Database Standard Edition RAC License HULFT External Storage Block Storage System OS Management rien Service Management Configuration Change Maintenance Work Proxy Hybrid Option Cloudn Enterprise Cloud Functional Description ver2 36 1 5 Example Usage Model This section provides examples of service combinations used for different usage applications When Used As a Test Environment Development Environment Required Features Requests e I want the performance of the servers and networks to be Best
153. lock for the Server Segment 1 For example if the IP address block is 192 168 0 0 24 the IP address that is the broadcast address of the IP address block for the Server Segment 1 will be 192 168 0 254 IP address root Admin password mac address are restored with values upon backup Other parameters are changed to the setting values described in the above table Note that parameters which changed in Guest OS are not recovered S ID is not changed 3 1 6 Important Points Resources Consumed by the Memory And Disk Overhead Regions In Connection With Server Virtualization Virtual machines have four types of power states The consumption of resources in the overhead regions for server virtualization depends on the power state The overheads therefore need to be taken into account when designing the system designing resources Each power state and the overhead regions required for each power state are shown in the table below Memory OH MB vCPU The items marked with a Y are items that consume resources in overhead regions For example if the power state is Powered Off resources from the overhead are not consumed for the CPU and Memory On the other hand the overhead portion consumes resources for the Disks Power State Meaning of Power State CPU Memory Disk x1 X2 Powered Off The power for the Virtual Y Machine is off Partially Powered Off The power for the Virtual Y Machine
154. log or the event reports for the period during which the switching occurred from the Security Web Portal Email Anti Virus does not guarantee that the Email Anti Virus feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the virus identification algorithms provided by the developers or distributors of the devices making up the Email Anti Virus feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the Email Anti Virus feature Configuration information obtained from providing Email Anti Virus Information concerning inspections etc for Email Anti Virus We cannot guarantee recovery from failures that might occur due to incompatibility between Email Anti Virus and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 3 Web Anti Virus Web Anti Virus is a service that detects and blocks viruses that invade via Web access HTTP communication and FTP communication Web Anti Virus is used via Service Interconnectivity You need to apply separately for Service Interconnectivity 7 3 1 Available Features You can use the following features in Web Anti Virus Virus scan A feature that monitors Web access HTTP communication and FTP communication and executes specified processes when viruses are detec
155. m of 100 URLs can be registered Routing Settings Only communication via URL Filtering is targeted for detection When you use URL Filtering please set the following routing Internet GW VPN Connection GW j wy I oe ia Internet VPN Transit r Transit vFire wall Routing setting for the communication addressed to the server segment targeted for detection Added Server Segment Routing setting for r Communication the communication route to the from the virtual server segment machine targeted for Virtual Machine detection a y Server segment a m targeted for detection Service Interconnectivity GW Enterprise Cloud Functional Description ver2 36 The communication addressed to Server Segments targeted for detection is set so that it is routed by vFirewall to the Service Interconnect Gateway used for URL Filtering The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for detection to the Service Interconnect Gateway used for URL Filtering If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for detection directly to vFirewall Analysis Capacity The traffic volume that can be analyzed by URL Filtering is s
156. m the Internet A virtual dedicated load balancer for allocating requests to multiple servers A service that provides interconnectivity between Enterprise Cloud and other services A service that provides VPN Connectivity through an application connection service for customers of the Arcstar Universal One service NTT Communications VPN service A device required to communicate by connecting networks together A device for connecting a VPN to Enterprise Cloud A device for connecting between VPN Gateway and vFirewall A service that provides Internet Connectivity for customers of Enterprise Cloud A device for connecting the internet to Enterprise Cloud A device for connecting between the Internet GW and the vFirewall Private Catalog Global File Storage Global Data Backup On Premises Environment On Premises Interconnectivity Colocation Colocation Interconnectivity On Premises GW in a Data Center On Premises GW in Your On Premises Environment IPS Intrusion Prevention Protection System IDS Intrusion Detection System Signature Policy RPS Requests Per Second A service that provides an area where customers can store their own templates for creating Virtual Machines A service that provides an External Storage area for storing backup data Your operational system environment at your company A service that provides a secure L2 connection between Server Segments in Enterprise Cloud an
157. ma No 1 Data Center UK UK Hemel Hempstead2 Data Center Singapore SG Singapore Serangoon Data Center Hong Kong HK Hong Kong Tai Po Data Center Malaysia MY Malaysia Cyberjaya3 Data Center Thailand TH Thailand Bangna Data Center Australa AU Australia Sydney1 Data Center Germany DE Germany Frankfurt2 Data Center Enterprise Cloud Functional Description ver2 36 Services Provided by Each Data Center The services that can be used at each Data Center are shown below JP US Name of Menu Feature Yoko Kan Sai ans Serie UK hama sail tama N TY Guaranteed Y Y Y Y Y Y Compute Class Premium X Y N Y Y Y Standard Y Y N Y Y Y Compute Resource z Premium Y Y Y Y Y Y Storage Class Standard Y Y Vf Y Y Y Zone 1 M Y Y N N N Small Y Y Y N N N C on Compute Class Medium N N N N N N ompute Resource Large Y Y Y N N N Dedicated Device rg x Premium Y Y Y N N N Storage Class z Premium Y Y Y N N N Private Catalog Y Y M Y Y Y Windows Server Y Y Y Y Y Y OS i Red Hat Enterprise y y y y y y License Linux Database MS SQL Y Y Y Y Y Y Microsoft SAL RDS SAL Y Y Y Y Y Y Image Backup Y Y5 Y N M N File Backup Y N Y N N N 10 Mbps Y Y Y Y Y Y Best Effort 100 Mbps Y Y Y Y Y Y ah 1 Gbps Y Y Y Y Y Y Internet Connectivity 1 to 100 Mbps Y Y V2 2 YD M2 Guaranteed 200 Mbps to 1 Gbps Y Y Y Y Y Y Global IP Address Y Y Vf Y Y Y Best Effort 100 Mbps Y Y Y Y Y Y 100 Mbps Y Y Y N N N VPN Connection Guaranteed 200 Mbps M Y Y N N N 1 Gbps Y 6 Y Y 6 N N N
158. me date and time slot can be specified for each schedule type For backup only the method that starts the backup at the specified time slot is available Time can be specified at the local time when backup is acquired Setting the retention period date and time slot for each schedule type Schedule Retention time Date 4 Time slot 2 type 1 day 31 days Specifying the date Otoi1 1to2 2to3 3to4 4to 366 days Calendar date 5 5to6 6to7 7to8 8to9 9 to 10 10 to 11 11 to 12 12 to 13 13 to 14 14to 15 15 to 16 16 to 17 17 to 18 18 to 7 14 21 28 35 Specifying the date 19 42 49 and 56 days Specifying the day 19 to 20 20 to 21 21 to 22 22 of week on which to 23 23 to 24 backup is acquired 1 2 3 4 5 6 7 Specifying the date and 8 days Calendar date Monthly 31 62 93 124 The specific day is 155 186 217 and specified 1 248 days Example Second Wednesday Or the date is specified ist to 31st the last day 1 If the combination between ordinal numbers and day of week is not correct backup does not start Specification of date and time slot is dependent on the preconfigured time zone Virtual Server Management Function For the registered Virtual Server it is possible to check the configuration to confirm whether the backup job is enabled Displaying the History of Backup and Restore History of execution of backup and restoration is displayed History is displayed in order of time w
159. mer Portal you can add and delete Virtual Machines edit the settings policy for vFirewall and vLoad Balancer and increase or decrease each resource in real time You can control all Data Center resources through one user interface Enterprise Cloud Functional Description ver2 36 1 2 Features that make up Enterprise Cloud The available menus can be grouped into the following two main categories Global Standard Menu This is a standard menu that is available for all Data Centers in the Enterprise Cloud X For information on availability at each Data Center refer to 1 3 2 Available Data Centers P 21 The configuration of the Enterprise Cloud is shown below Internet GW VPN Connection GW oo Internet VPN Transit Transit vFire wall Virtual Machine Virtual Machine Virtual Machine Virtual Machine Compute Resource Pool Compute Resource Pool s 6 ef Template s amplate 4 ta ear Virtual Machine Template Template Template Template Template Template aa Virtual Machine amp V f Create Virtual Machine Ll m Gm On Premises i Connectivity GW Template Public Catalog To use each feature included in the service you need to apply for the services shown in the table below Component Internet GW Internet Transit VPN Gateway VPN Transit Firewall Load Balancer Server Segment Virtual Machine Compute Resource Pool Template
160. mmunications that are terminated with the specific IP address allocated to the Integrated Network Appliance You can set the following items for each load balancing rule Item Load balancing rule name Explanation IP address Pool Protocol Session Maintenance Method Enable Details Customer can set arbitrary rule name Customer can arbitrarily input the explanation of this rule This is the IP address disclosed to client This rule is applied to communications in which this IP address is set for the destination IP address Specified the destination server pool in this rule server pool is described later Specifies the protocol to which this rule is applied Selects the method for maintaining sessions according to this rule Enables or disables this rule Server Pool of Load Balancing Multiple servers to which load are distributed according to the load balancing rules can be registered as server pool You can set the following items for each server pool Item Server pool name Explanation Member Protocol Port Protocol for monitoring Load balancing method Details Customer can set arbitrary pool name Customer can arbitrarily input the explanation of this server pool Registers one server or multiple servers in this server pool Specifies the protocol of communication to be distributed and transmitted to each server Specifies the port number of communication to be distributed and tra
161. munications Backup and A feature that manages backup A feature for Customer Portal Restore realizing management of files and folders Management targeted for backup schedule management and history management Enterprise Cloud Functional Description ver2 36 4 2 2 Backup File Storage Backup files are stored in backup storage at the time of start time Backup file is stored in the storage for backup during the retention period specified by customer and the file is automatically deleted when the retention period expires Specifying Backup File When specifying the backup file Virtual Server needs to be selected and the path of the file or folder targeted for backup needs to be entered when configuring the backup job in the Customer Portal Encrypting Backup File The backup file is automatically encrypted by using NBU Agent and the file is stored in the storage for backup The encryption key needs to be generated by using NBU Agent Encryption cannot be disabled If the encryption key is lost the same encryption needs to be generated again when restoring the backup file In this case the encryption key needs to be generated by using the same pass phrase as that of the original encryption key Keep the pass phrase with care because the backup file cannot be restored if you forget the pass phrase Setting the retention period date and time slot for each schedule type Schedule Full backup Retention Time slot
162. n Launcher Account Name z Service MSSQLFDLauncher Startup Type Service SQL Server Browser Manual Account Name NT AUTHORITY LOCAL SERVICE Startup Type Disabled Collation Database Engine collation SQL Latin1_General_CP1_CIl_AS Analysis Services collation Latin1_General_CLAS Enterprise Cloud Functional Description ver2 36 Valavase Crpine Vormigurauor Analysis Server Configuration Authentication Mode Spacify SQL Server administrators Windows authentication mode Administrator Data Directories Data root directory C Program Files Microsoft SAL Server User database directory User databaselog directory C Program Files Microsoft SQL Server MSSQL12MSSQLSERVER MSSQL Data C Program Files Microsoft SQL Server MSSQL12MSSQLSERVER MSSQL Data Temp DB directory Temp DB log directory C Program Files Microsoft SQL Server MSSQL12MSSQLSERVER MSSQL Data C Program Files Microsoft SQL Server MSSQL12MSSQLSERVER MSSQL Data Backup directory FILESTREAM C Program Files Microsoft SQL Server MSSQL12MSSQLSERVER MSSQL Backup Enable FILESTREAM for Transact SQL access Services Configuration Disabled Server Configuration Server Mode Multidimensional and data mining mode Spacify which users have administrative permissions for Analysis Services Data Directories Administrat
163. n the user and Microsoft or the Enterprise Agreement with Red Hat or are considered incorrect usage as stipulated in the NTT Communications Service Feature Overview or Conditions For Providing Services Users engaged in such acts may be subject to penalties imposed by NTT Communications such as suspension of service or incorrect usage penalties imposed by Microsoft The following acts are specific examples The acts that may be subject to penalties are not limited to the acts below Using licensed products or subscription products provided through OS License outside of the cloud environment specified by NTT Communications Using the Customer Portal features to create and save another template of the Virtual Machine image using the export feature to store the template outside of the NTT Communications cloud environment creating a new Virtual Machine based on Enterprise Cloud Functional Description ver2 36 that file and running licensed products or subscription products that have been provided by NTT Communications Duplicating and using the software without notifying NTT Communications Using OS License to duplicate the image of the Virtual Machine that you are running and then running it as another Virtual Machine without changing the registration information and without notifying NTT Communications Enterprise Cloud Functional Description ver2 36 3 5 Database License MS SQL Database License MS SQL is a service
164. nal Description ver2 36 If the ping fails three times in a row a notification is sent to the registered email address and displayed in the Customer Portal If after that Ping succeeds even one time it is judged to be recovered and the alarm notification is stopped Ping Monitoring of the vFirewall vLoad Balancer Service Interconnectivity VPN Connectivity and Internet Connectivity The network interface for monitored devices is pinged by the NTT Communications monitoring infrastructure every 60 seconds If the ping fails three times in a row a notification is displayed in the Customer Portal If after that Ping succeeds even one time it is judged to be recovered and the alarm notification is stopped Ping Monitoring of On Premises Interconnectivity The monitored network interfaces are pinged by the NTT Communications monitoring infrastructure every 60 seconds If the ping fails three times in a row a notification is sent to the registered email address If after that Ping succeeds even one time it is judged to be recovered and the alarm notification is stopped Monitoring Infrastructure Equipment NTT Communications will monitor the infrastructure equipment making up the Enterprise Cloud If a failure occurs on your dedicated infrastructure equipment or infrastructure equipment for NTT Communications services that affect multiple customers a notification is sent to all customers that may be affected A detailed report is not n
165. nal Description ver2 36 Japan DC version Correo Application Command Center Application web browsing ssl http proxy google analytics google maps dns adobe update soap twitter base smtp rtmpt ocsp flash yahoo douga facebook base youtube base ftp ms update facebook social plugin mixi base ntp taku file bin google plus base apple update google talk base o cw H E B ola asala aan A uN e w o EE EE i oi 2 2 2 EE 2 EE EE EE EE 5 EE i 2 EE EE Bahagnaaentanganwal o fey o fey o IS o fay o fe o fay o IS o fe o fa A URL Filtering URL Categories v No matching record vsysddappuser2 Active Tas 2 2 1 Available Features Features in DCs outside Japan You can use the following features in the Security Web Portal Service status Displays devices status Open Tickets Displays request tickets Service Displays service status devices open requests Health amp Availability Incident tickets and open requests Requests Reports Device Information Log Viewer Documents Displays request tickets and creates a new request Displays Device Management Service Management and Security Management reports Displays device and service information of the selected device Displays request tickets and creates a new request Allows users to view devices and logs Also allows searching and downloading of logs Allows users to download user docume
166. nce Japanese_CI_AS Analysis Services Collation sequence Japanese_CI_AS Enterprise Cloud Functional Description ver2 36 Database engine configuration Account provisioning Authentication mode Windows authentication mode Specify SQL Server administrators Administrator Data directory a i a Data root directory C Program Files Microsoft SQL Server a 2 MSSQL10_50 MSSQLSERVER MSSQL Data a MSSQL10_50 MSSQLSERVER MSSQL Data SS a MSSQL10_50 MSSQLSERVER MSSQL Data _ a MSSQL10_50 MSSQLSERVER MSSQL Data i Ee MSSQL10_50 MSSQLSERVER MSSQL Backup enable FLESTREAN Yor Wancael SOU oes pwaned Analysis Services configuration Account provisioning PY Specify SQL Server administrators Administrator PY Data directory PY a ee cr a MSAS10_50 MSSQLSERVER OLAP Data Pon O E MSAS10_50 MSSQLSERVER OLAP Log MSAS10_50 MSSQLSERVER OLAP Temp oen OA MSAS10_50 MSSQLSERVER OLAP Backup Reporting Services configuration Reporting Services configuration Install but do not configure the report server Enterprise Cloud Functional Description ver2 36 For SQL Server 2012 Standard Japanese Item Settings Information Remark Feature selection Instance feature Database engine service Selected SQL Server replication Selected Full text and semantic extractions for search Selected Shared features O II tools basic C Program Files x86 Microsoft SQL
167. nd Directory List Selects the targeted files from All Files File types scanned by IntelliScan and Specified file extensions Selects the interval the scheduled scan runs from Daily Weekly or Monthly and specifies the targeted time Daily Specifies either Every Day Weekdays or Every X Days Weekly Specifies either X day of the week each week or Yday of every X Weeks Monthly Specifies either X day of each month or Every month Y day of the week on X week For details refer to 7 7 4 Actions gt P 217 For details refer to 7 7 5 Scan Exception Feature P 219 You can set the processing method for the case where files that are infected by viruses are detected You can specify Recommended Setting or Custom Setting Item Recommended setting Use action determined by ActiveAction Custom setting Details The virus processing method recommended by the developers and distributors of the devices making up the VM Anti Virus feature The first process primary process when viruses are detected is specified from Delete Clean Pass Deny access and Quarantine The recommended setting virus processing method might be modified according to day to day operation and the information concerning the handling method is not disclosed Custom Setting Any of the following can be specified as the first process primary process when
168. ne in Compute Resource or Compute Resource Dedicated Device A Database license is only provided for a Virtual Machine created using the provided template called a Virtual Machine created with Database License MS SQL below One Database License and one OS License are provided as a set for one Enterprise Cloud Functional Description ver2 36 Virtual Machine created using Database License MS SQL For details regarding the conditions for providing an OS license refer to 3 4 OS License P 92 SQL Server is installed the first time that you start a Virtual Machine created with Database License MS SQL It will therefore take approximately two hours before the login screen is displayed for the first time Do not perform operations that suspend processing power off reset shutdown suspend or restart the Virtual Machine while you are waiting for the login screen to appear Templates exist for each Data Center and are stored in the Public Catalog which can be accessed by all users of that Data Center 3 5 3 Important Points gt You cannot save a Virtual Machine created with Database License MS SQL to the Private Catalog in Data Centers where the service for creating a Virtual Machine from a Private Catalog is not provided The Disk capacity required to SQL Server is shown below SQL Server Type Required Disk Capacity SQL Server 2008 R2 Standard SP2 Japanese 64bit version Approximately 7 GB SQL Server 20
169. ne to one Server Segment Enterprise Cloud Functional Description ver2 36 How many can be assigned Eight vNICs can be used on one Virtual Machine This cannot be changed The configurable settings of Customer Portal ver1 0 and Customer Portal ver2 0 are the same You can assign IP addresses to vNICs when creating a Virtual Machine You can also change the IP address that is assigned to a vNIC The system can automatically assign an IP address to a vNIC To use this option select Auto Assign The system can automatically assign the IP address to vNIC from the available IP addresses in the IP address block specified by the Server Segment You can also set an IP address from the Customer Portal Sub interface settings other than the IP addresses assigned to vNICs are specified on the Guest OS To change an IP address in the sub interface settings you must first register the IP address that you want to assign as a reserved IP Enterprise Cloud Functional Description ver2 36 Virtual CD DVD Drive A virtual CD DVD drive is virtual CD DVD ROM drive hardware that makes up a Virtual Machine You can connect only one virtual CD DVD drive to one Virtual Machine The number of virtual CD DVD drives cannot be changed Guest OS Only Guest OSes that are supported by vCloud Director can be used with Virtual Machines The Guest OSes that are supported by vCloud Director are the Guest OSes marked as Automatic in the Cus
170. ng above route And there will be blocking resulting from the shortage of compute resource If you use a Private Catalog to create a template of the Virtual Machine image and store it please do it before installing the VM Virtual Patch agent software If a template is created and saved from the Virtual Machine image of a Virtual Machine where VM Virtual Patch agent software is installed or installation and activation registration to the Manager administered by NTT Communications is complete when a Virtual Machine is created using that template VM Virtual Patch can no longer be used with the Virtual Machine used for creating the template and the newly built Virtual Machine The same applies when used for image backup gt VM Virtual Patch does not guarantee that the provided VM Virtual Patch feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the signatures algorithms that judge the degree of danger and attack traffic provided by the developers or distributors of the devices making up the VM Virtual Patch feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the VM Virtual Patch feature Configuration information obtained from providing VM Virtual Patch Information obtained from controlling VM Virtual Patch etc Enterprise Cloud Functional Description ver2 36 We cannot guarantee rec
171. ng categories Please check the explanation of the features of each service for the connection interfaces Category Overview Available IP address IP addresses that can be allocated to interfaces that connect to a Server Segment Allocated IP address IP addresses that have been allocated to interfaces that connect to a Server Segment Reserved IP address IP addresses that cannot be allocated to interfaces that connect to a Server Segment X These are excluded from the candidates for allocation when IP addresses are allocated automatically by the system or they are allocated at your discretion Reserved IP addresses are set by the Customer Portal Setting DNS and Default Gateway IP Addresses You can specify the following Parameters when creating Server Segment This setting is referenced when the Virtual Machine is created and when vNIC is reconstructed and each IP address that is set for the Server Segment that is the connection destination for Primary vNIC is given the initial settings by the Guest OS of the Virtual Machine DNS Server Primary DNS and Secondary DNS IP addresses Default gateway IP addresses DNS suffix The parameter setting for each address differs depending on whether customer uses vFirewall or Integrated Network Appliance vFirewall Integrated Network Appliance DNS Server Primary IP addresses specified by Customer or NTTCommunications DNS Secondary DNS IP Address Default gateway IP
172. ng the backup When restoring the backup old root Admin passwords used when performing the backup are enabled Be careful not to forget old passwords because you cannot log in to the Virtual Server if you do not know these old passwords Backup image is stored in the storage for backup during the retention period specified by customer and the image is deleted when the retention period expires The retention period cannot be extended Backup image cannot be acquired while External Storage is being mounted Please make sure to backup after the unmount When restoring please remount again Backup Image Restore For restore backup image is overwritten on and restored from the Virtual Server from which backup is acquired It may take some time for Guest OS Customization at the initial start up after the restore Please start the operation after 15 minutes once you have confirmed the status as Successful on the Backup Report for the Customer Portal or received the Restore Completion Mail If the mail receive setting is valid Restore operation cannot be performed if the target Virtual Server is deleted gt Please do not operate the Virtual Machine such as changing SID etc before the initial power on when restoring Performance and Statistic Report from the past will be deleted After a restore NIC parameter in Guest OS may be chanded It cannot affect the communication but please contact support desk when th
173. ng to the following subnet units The Global IPs will be assigned to the Internet Transit and will be used for transmission between each devices connected to the Internet Transit Also Global IPs can be utilized for the NAT Load Balancing and IPsec termination rules Global IP Address 29 3 A single subnet contract can be made for a single Internet Connectivity contract Customer can assign either one of the subnet when making a contract for Internet Connectivity service The Global IP subnet cannot be changed after the Internet Connectivity installation Enterprise Cloud Functional Description ver2 36 5 1 4 Important Points Restrictions When Connecting to the Internet Internet Connectivity is a service in which multiple customers share the Internet lines that are made available by NTT Communications Internet lines that are provided by the customer cannot be used Bandwidths specified with the Guaranteed type are guaranteed for all the Global IP Addresses provided You cannot specify IP Addresses and guarantee the bandwidth The Guaranteed type only guarantees the communication bandwidths that pass through the Internet GW In order to guarantee the communication bandwidth that the vFirewall and vLoad Balancer pass through it is necessary to have separate contracts for a suitable number of firewall resources and load balancer resources Communication interruptions might occur when Internet Connectivity setti
174. ngs are changed This service does not provide DNS resolver Please prepare DNS by Customer The DNS resolver is not offered with this service Customer needs to prepare Restrictions on Placing Orders If you are using DDoS Solution Service J030801 at Yokohama No 1 Data Center you cannot use a plan higher than 1 Gbps Best Effort type or 200 Mbps Guaranteed Band type X DDos Solution Service is a service that is unique to Japan Data Centers Local Option Menu Enterprise Cloud Functional Description ver2 36 5 2 VPN Connectivity VPN Connectivity provides a connection to Arcstar Universal One Service NTT Communications VPN service The function of plan change and routing setting and Ping is available on the Customer Portal the service released Data Center 5 2 1 Available Features The following features are available for VPN Connectivity VPN Gateway A gateway feature called VPN Gateway below that connects Arcstar Universal One Service to vFirewall or I ntegrated Nework Appliance Ping Ping function in VPN Gateway X Arcstar IP VPN Service can be available via Universal One using Arcster Universal One Connectivity Service 5 2 2 VPN Gateway The VPN Connectivity GW is a gateway that connects Arcstar Universal One Service to vFirewall or Integrated Nework Appliance You can choose from the following connection plans to match your required transmission speed 100 Mbps Best Effort Transm
175. nicate at approximately 100kbps and other frames can communicate at a few kbps Enterprise Cloud Functional Description ver2 36 5 5 3 Important Points Please set acitive and standby redundant configuration in Customer L2 switch interface Communication cutting by operation of a Cusotmer s redundant control becomes the outside of SLA Ifa failure occurs on the communication path of this service the communication path is automatically switched to another route and communications are restored in approximately 30 seconds Within the Customer system environment that is connected by colocation interconnectivity one MAC address can be used for one IP address The MAC addresses used by Enterprise Cloud are shown below For the Customer system please use MAC addresses that do not duplicate the following MAC addresses Note that the following MAC addresses may be changed We apologize in advance for this MAC addresses that begin with 00 50 56 VMWare MAC addresses that begin with a2 MAC addresses that begin with 00 Ob fc fe 1b MAC addresses that begin with 00 00 0c 07 ac 00 00 0c 9f f0 00 00 00 0c 9f ff 9Ff X1 00 00 5e 00 01 00 00 00 5e 00 01 fb 2 Multiple Links two or more contracts can be increased connection bandwidth between Enterprise Cloud and Colocation But one Server Segment can be connected to one link X1 Please use from 00 00 0c 9f ff aO onward for the Customer system X2 Pleas
176. nication with the Manager administered by NTT Communications Please set the routing and the DNS name resolution setting Routing Settings Please set the routing from the Virtual Machine to vFirewall using either of the following methods Set the Virtual Machine default gateway to vFirewall Set vFirewall as the static route gateway for communication addressed to the Manager administered by NTT Communications Enterprise Cloud Functional Description ver2 36 If the Virtual Machine that uses VM Virtual Patch is connected to a Server Segment that is not directly connected to vFirewall additional Server Segment is required to directly connect the vFirewall and the Virtual Machine DNS Name Resolution In order to communicate with the Manager administered by NTT Communications name resolution for the manager is required Please use the DNS server inside your environment or the Virtual Machine hosts file to set name resolution for the Manager administered by NTT Communications Restrictions We ask you to assume responsibility for monitoring agent software checking to make sure it is activated at all times Traffic below is blocked in any mode settings TCP connections over 100 000 UDP connections over 100 000 Unusual traffic which is not based on RFC or suspected to be inaccurate No IP header Source IP and Destination IP are the same Text which is not available for URI Using character over 100 Usi
177. nsmitted to each server Selects the protocol for executing the health check for servers registered in the server pool Selects the load balancing method when load is distributed to this server pool Enterprise Cloud Functional Description ver2 36 IP addresses that can be specified for the load balancing rule differ depending on the network in which communication is established Internet Transit Global IP Address that is not allocated to Internet GW in global IP addresses that are used for Internet Connectivity Server Segment Any IP address Health check is executed for each server that is registered as a member in the server pool with the following settings Intervals Health check intervals 5 seconds Threshold Number of times of success for 2 times value for determining as it is recovered healthiness The source IP of communication in which the load balancing rule is applied and delivered to each server in the server pool is the IP address allocated to the Server Segment side interface in the Integrated Network Appliance However x forwarded for setting is enabled in default setting therefore the source IP address in which SNAT is not applied can be checked by checking the http header 5 9 6 IPsec Termination Function It is possible to configure settings for terminating the IPsec communication in the Integrated Network Appliance IPsec communication which is the target of this function is the IPSec communication
178. nterprise Cloud Functional Description ver2 36 Routing Settings Only communication via Application Filtering is targeted for detection When using Application Filtering please use the following routing settings Internet GW VPN Connection GW r l I iou Internet J 7 VPN ranei r Transit vFire wall Routing setting for the communication addressed to the server segment Added Server Segment targeted for detection Routing setting for H Communication the communication route to the from the virtual server segment machine targeted for Virtual Machine detection i Server segment a targeted for detection Service Interconnectivity GW The communication addressed to Server Segments targeted for detection is set so that it is routed by vFirewall to the Service Interconnect Gateway used for Application Filtering The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for detection to the Service Interconnect Gateway used for Application Filtering If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for detection directly to vFirewall Enterprise Cloud Functional Description ver2 36 Analysis Capacity The traffic volum
179. nts Features in Japan DC Feature ACC Application Command Center Monitor Policies Objects Configuration Status Report Generation and and Display Information of Signatures in staging Report Download Policies Event Alert Menu IPS IDS Anti Virus E mail Web Filtering App NW Profiling App NW WAF VM Security VM Anti Virus VM Virtual Patch VM Firewall Overview Displays the communication types and the status of use e g bandwidth and sessions Displays various kinds of logs and allows the user to download them Displays configured security policies Displays configured Address objects host and network Address object group Displays application list Antivirus profile list anti spyware profile list vulnerability profile list URL filitering profile list configurable security policy Displays status of Web service registered as the target and Web server used by the Web service Displays device status allows user to generate and display various kinds of charts based on statistical information accumulated in the device Displays the unauthorized access list Displays the staging status and the list of signatures in staging Allows users to download reports Displays Security Policies Displays configuration information Displays the events which VM security detected and allows the user to delete alerts Enterprise Cloud Functional Description ver2 36
180. o ask a Virtual Machine remote desktop license server created using Microsoft SAL RDS SAL for a RDS SAL is prohibited based on the license restrictions Prohibited Acts The acts listed below violate the agreement between the user and Microsoft or are considered incorrect usage of NTT Communications services Users engaged in such acts may be subject to penalties imposed by NTT Communications such as suspension of service or incorrect usage penalties imposed by Microsoft The following acts are specific examples The acts that may be subject to penalties are not limited to the acts below Using licensed products provided through Microsoft SAL RDS SAL outside of the cloud environment specified by NTT Communications Using the Customer Portal features to create and save another template of the Virtual Machine image using the export feature to store the template outside of the NTT Communications cloud environment creating a new Virtual Machine based on that file and running licensed products that have been provided by NTT Communications Duplicating and using the software without notifying NTT Communications Using Microsoft SAL RDS SAL to duplicate the image of the Virtual Machine that you are running and then running it as another Virtual Machine without notifying NTT Communications Enterprise Cloud Functional Description ver2 36 4 Backup Global Standard Menu 4 1 Image Backup Image Backup is a service t
181. obal Data Backup IPS IDS Email Anti Virus Web Anti Virus URL Filtering Application Filtering Web Application Firewall WAF VM Anti Virus x9 VM Virtual Patch x9 VM Firewall x9 5 business days X3 18 business days X3 17 business days X3 5 business days 5 business days 15 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 55 business days X3 7 business days X3 7 business days X3 7 business days X3 5 business days X3 18 business days X3 1 business day X3 x1 x8 15 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 7 business days X3 7 business days X3 7 business days X3 5 business days X3 18 business days X3 1 business day X3 15 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 10 business days X3 55 business days X3 7 business days X3 7 business days X3 7 business days X3 10 business days 10 business days 10 business days 10 business days 10 business days 10 business days 5 business days 5 business days 5 business days Enterpris
182. ommunication from the virtual machine Virtual Machine Server segment a targeted for detection Service Interconnectivity GW The communication addressed to Server Segments targeted for detection is set so that it is routed by vFirewall to the Service Interconnect Gateway used for IPS IDS The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for detection to the Service Interconnect Gateway used for IPS IDS If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for detection directly to vFirewall Analysis Capacity The traffic volume that can be analyzed by IPS IDS is shown below Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink Enterprise Cloud Functional Description ver2 36 You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services are used by applying additional services IPS Mode Simulation Japan local feature Simulation is a process for improving the accuracy of IPS mode for detecting and blocking unauthorized access and cyber attacks You can choose whether to implement a simulation at the time of application for IPS IDS We recommend implementing it in order to reduce
183. onal Description ver2 36 2 1 2 List of Items That Can Be Controlled You can use the following operations in the Customer Portal Create Name of Menu Feature Execute P Compute CPU Resource Heman Compute Resource Pool Storage Resource Pool Y Monitoring Virtual Machine Template vApp Template Resource Storage Capacity Private Catalog Template Download Template Display Change Delete lt lt lt lt Public Catalog lt lt lt lt lt lt lt lt Take a Virtual Machine Template OVA File Ualeete lt E Private Catalog Use a Template Public Catalog Use a Template vCPU Memory Number of Disks Disk Capacity Virtual Machine vApp gt X vNIC Select the Layout Segment 4 Powered On Powered Off Reset Shutdown Suspend Restart Console Connectivity ISO Image Mount Feature Install UpdateVMware Guest Tools Set Guest Customization Enabled Enable Windows OS SID Modification Feature Monitoring Log Create a Virtual Machine vApp lt Resource lt Extension lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt Image Backup File Backup YX Internet Connectivity x2 lt x lt lt lt lt lt lt lt lt lt lt lt lt lt lt Bandwidth VPN Connectivity gt x3 Ping Routing Information Segment Management x2 IP Address Management Service Interconnectivity Server Segment lt lt lt lt Link Speed lt lt lt lt lt lt
184. onal Description ver2 36 Number of 40 000 200 000 The number of sessions concurrent that can be connected sessions simultaneously You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services used by applying additional services 7 10 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with Application Profiling you must have two IP address blocks available If the IP address block is already being used we might ask you to change it NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded Packets which break TCP UDP IP protocol rules or abnormal packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle When the Port number is O zero When the TCP flag combination is abnormal and others gt If devices making up this feature are replaced due to malfunction etc you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal In addition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the log or the event repor
185. ondary Storage for one Primary Storage You cannot specify multiple secondary storages Enterprise Cloud Functional Description ver2 36 7 Security Features Global Standard Menu 7 1 IPS IDS IPS IDS is a service that detects and blocks unauthorized access and attack traffic IPS IDS is used via Service Interconnectivity You need to apply separately for Service Interconnectivity 7 1 1 Available Features The following features are available for IPS IDS IPS IDS A feature that detects and blocks unauthorized access and cyber attacksc on the Virtual Machine 7 1 2 IPS IDS Feature You can choose either IPS mode or IDS mode IPS Unauthorized access and cyber attacks are detected When unauthorized access and cyber attacks are detected traffic is blocked If NTT Communications judges it necessary we will notify you via email etc of detection and blocking status for IPS mode only Enterprise Cloud Functional Description ver2 36 Routing Settings Only communication via IPS IDS is targeted for detection When you use IPS IDS please set the following routing VPN Connection GW NS Internet GW Transit Internet Transit vFire wall Routing setting for the communication addressed to the server segment targeted for detection Added Server Segment sat i wet Communication route to the server segment targeted for detection Routing setting for the c
186. ons If it is determined that the real server s communication is interrupted the relevant real server is excluded from the load balancing destination server and packets are no longer transferred Instead packets are sent to a different real server within the same server group After it has been determined that the real server s communication is interrupted it sends pings or ICMP pings to the TCP port of the real server at 30 second intervals If the ping succeeds twice in a row it is determined that the communication has been recovered The real server is automatically reset into the load balancing destination server and packet transmission resumes You can set the health check method from the Customer Portal You can set health check methods for each server group You can set the same health check method to multiple server groups You can set TCP or ICMP as protocols for performing health checks The operations are shown below Item ICMP TCP Monitoring Content Performs ICMP Specifies the Dina moanitarina narte tra ha Enterprise Cloud Functional Description ver2 36 monitored and performs TCP port monitoring Heath check intervals during 30 seconds downtime Number of times before it is 2 times seen as recovered 583 Routing Feature This is a feature that can set static routing to vLoad Balancer 5 8 4 IP Address Delivery Feature VIP VIP is a virtual IP address that is used when the load bal
187. onse Provided in Microsoft SAL RDS SAL provided in Remote desktop license server Remote desktop session host server eueceneeucseeeeceaat In Microsoft SAL RDS SAL NTT Communications provides RDS SALs as its own service based on a contract signed under Microsoft s SPLA license agreement 3 6 1 Available Features You can use the following features in Microsoft SAL RDS SAL Provided Feature Feature Overview Provision of an RDS SAL A feature that uses an RDS SAL to allow a remote desktop connection for three or more users for a specific Virtual Machine Windows Server in Compute Resource Provision of a Public A feature that uses a template of the Virtual Machine to Catalog provide the above license Enterprise Cloud Functional Description ver2 36 3 6 2 Provision of an RDS SAL The RDS SALs provided by Microsoft SAL RDS SAL are shown below Item Details Version Windows Server 2008 R2 Remote Desktop Services SAL Quantity 10 30 50 or 100 Type User SAL 3 6 3 Provision of a Public Catalog You can use the templates provided by the RDS SAL to create a Virtual Machine remote desktop license server You can use templates from the Customer Portal when creating a Virtual Machine in Compute Resource or Compute Resource Dedicated Device An RDS SAL is only provided for a Virtual Machine created using the provided template called a Virtual Machine created with Microsoft SAL RDS SA
188. onsideration before application is required The devices that make up RTMD Email are provided in a single configuration If the devices fail you cannot use the RTMD Email feature Note that there will be no effect on your usual communication RTMD Email does not guarantee that the RTMD Email feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the signatures algorithms that assess the degree of danger and malware provided by the developers or distributors of the devices making up the RTMD Email feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the RTMD Email feature Configuration information obtained from providing RTMD Email Configuration information obtained from RTMD Email detection etc We cannot guarantee recovery from failures that might occur due to incompatibility between the Real Time Malware Detection Email and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 8 Maintenance and Operation of the Enterprise Cloud Japan Contract At the NTT Communications Support Center our highly skilled staff support stable operations 24 hours 365 days 8 1 Set of Materials Sent When You Start Using the Service When you start using Enterprise Cloud we will send you the follo
189. or Data directory Log file directory C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Data C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Log Temp directory Backup directory C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Temp C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Backup Reporting Services Configuration Reporting Services Native Mode Install only Reporting Services SharePoint Integrated Mode Install only Distributed Replay Controller Spacify which users have permissions for the Distributed Replay Controller service Administrator Distributed Replay Client Controller Name Blank Working Directory C Program Files x86 Microsoft SQL Server DReplayClient WorkingDir Result Directory C Program Files x86 Microsoft SQL Server DReplayClient ResultDir Enterprise Cloud Functional Description ver2 36 3 6 Microsoft SAL RDS SAL Microsoft SAL RDS SAL is a service that provides a Microsoft Remote Desktop Service Subscriber Access License called an RDS SAL below on Virtual Machines created in Compute Resource This makes it possible for three or more users to connect to a remote desktop Remote desktop session host server Windows Server for a specific Virtual Machine in Compute Resource Connect to the remote desktop for the VM RDS SAL request resp
190. or Internet Connectivity Server Segment Any IP address in the IP address block allocated to the Server Segment Enterprise Cloud Functional Description ver2 36 5 9 4 Routing Feature The Integrated Network Appliance is equipped with the feature that establishes connection of Internet Transit VPN Transit and Server Segment and executes the routing among them In addition the static routing can be set Static Routing Static routing can be set to the Integrated Network Appliance Following are routing conditions that can be configured for each routing setting Static routing name Customer can set arbitrary rule name Next hop Specifies the next hop GD gt If Internet Connectivity and VPN Connectivity are used simultaneously communications that directly relay back between Internet and VPN If NTT Communications detect the settings that execute such communications we may delete settings or restrict communications without advanced notice The routing in which the same interface is used for the input interface and output interface cannot be set Default Route Default route of the Integrated Network Appliance can be set Following are items that can be set for the default route Internet Transit When using the Internet Connectivity Internet Transit can be selected for the default route 5 9 5 Load Balancing Feature You can set load balancing rules that realize distribution of communication load by distributing co
191. ore than the purchased Compute Resource Pool CPU resources The load condition of the Guest OS on the Virtual Machine Understanding resource consumption The CPU resources that are consumed from the Compute Resource Pool are the resources that are actually used by the Virtual Machine for computational processing If avCPU assigned to a Virtual Machine is not running CPU resources are not consumed from the Compute Resources If computational processing by a vCPU reaches the CPU upper limit for the Compute Resource Pool for each Virtual Machine the processing Capacity is averaged between the Virtual Machines and operations continue Memory Memory is virtual Memory hardware that makes up a Virtual Machine From the Compute Resource Pool you can specify the Memory capacity and assign capacity to a Virtual Machine Enterprise Cloud Functional Description ver2 36 How many can be assigned You can add or reduce the Memory capacity that is assigned to one Virtual Machine within the ranges shown below The configurable settings of Customer Portal ver1 0 are different from those of Customer Portal ver2 0 Customer Portal ver1 0 Service Menu Compute Class Min Max Step Guaranteed il 8 il Compute i RESOUS Premium 1 8 1 Shared Device Standard 1 8 1 Customer Portal ver2 0 Service Menu Compute Class Min Max Step Guaranteed 1 128 1 Compute Resource Premium 1 32 1 Shared Device Standard 1 32 1 Yo
192. ose of Customer Portal ver2 0 Customer Portal ver1 0 Guaranteed Compute Shared Device Sendari X Configurable value of vCPUs are 1 2 4 6 or 8 Odd number vCPUs cannot be configured on Customer Portal ver1 0 Customer Portal ver2 0 Guaranteed Compute Shared Device erandard You can only change the number of vCPUs when the Virtual Machine is powered off Please do not change configuration in Partially Powered Off state vCPU processing capacity The vCPU processing capacity is different for each Data Center The processing capacity is the same as the physical processors listed in the table below Yokohama No 1 2010 Intel Xeon Processor equivalent to a maximum of 2 5 GHz Saitama No 1 2012 Intel Xeon Processor equivalent to a maximum of 2 2GHz Enterprise Cloud Functional Description ver2 36 Singapore Serangoon 2012 Intel Xeon Processor equivalent to a maximum of 2 2 GHz Virginia Sterling 2012 Intel Xeon Processor equivalent to a maximum of 2 2 GHz Thailand Bangna 2012 Intel Xeon Processor equivalent to a maximum of 2 0 GHz Australia Sydney1 2012 Intel Xeon Processor equivalent to a maximum of 2 2 GHz The vCPU processing power varies depending on the following conditions There is no guarantee that a vCPU will always operate at the maximum processing capacity When the total vCPU processing capacity for Virtual Machines running in one Compute Resource Pool is m
193. osoft SQL Server MSAS12 MSSQLSERVER OLAP Temp Backup directory C Program Files Microsoft SQL Server MSAS12 MSSQLSERVER OLAP Backup Reporting Services Configuration Reporting Services Native Mode Install only Reporting Services SharePoint Integrated Mode Distributed Replay Controller Install only Spacify which users have permissions for the Distributed Replay Ci Administrator Distributed Replay Client Controller Name Blank Working Directory Result Directory C Program Files x86 Microsoft SQL Server DReplayClient WorkingDir C Program Files x86 Microsoft SQL Server DReplayClient ResultDir Enterprise Cloud Functional Description v For SOL Server 2014 Standard English Item Feature Selection Settings Information Remark Instance Features Database Engine Services Selected SQL Server Replication Selected Full Text and Semantic Extractions for Search Selected Data Quality Services Selected Analysis Services Selected Reporting Services Native Selected Shared Features Reporting Services SharePoint Selected Reporting Services Add in for SharePoint Products Selected Data Quality Client Selected Client Tools Connectivity Selected Integration Services Selected Client Tools Backwards Compatibility Selected Client Tools SDK Selected Documentation Components Selected Manag
194. ot be set automatically In this case all packets will be denied In order to allow communication after starting to use vFirewall please set filter rules at your discretion from the Customer Portal Enterprise Cloud Functional Description ver2 36 5 7 5 NAT NAPT Feature For vFirewall you can set IP Address Translation and IP Address Port Translation called NAT NAPT below rules between Internet Transit VPN Transit and Server Segment The maximum number of NAT NAPT setting rules that can be set for a single vFirewall is 256 You can translate IP addresses either 1 to 1 or 1 to N The IP addresses that can be set to NAT NAPT differ depending on the network that executes NAT NAPT Network Type Allocatable IP Addresses Internet Transit Global IP Address that is used for Internet Connectivity VPN Transit For VPN Connectivity an unused IP address from the IP address block that is allocated to VPN Transit Server Segment Any IP address 5 7 6 Important Points NTT Communications may change vFirewall settings in order to perform maintenance and monitoring You cannot change or delete the settings that are set by NTT Communications Communication interruptions might occur when you change vFirewall settings from the Customer Portal Enterprise Cloud Functional Description ver2 36 5 8 vLoad Balancer vLoad Balancer is a service that provides a virtual dedicated load balancing device over the Server
195. ou can create new Virtual Machines from the templates saved in this Disk region Import Template feature A feature for importing Virtual Machine images created on a local server to Private Catalog 3 Upload your virtual machine image file using the Import Template feature Virtual machine image OVA file Virtual machine image OVA file Templates Private Catalog Download virtual machine image iles from the private catalog using the Export Template feature Disk capacity 10 to 4 000 GB Contract units 10 GB s p rT ry 1 Create a virtual achine from a template eecceccccneccesececeeneceere mang Save the server image as a template Virtual Machine eecccsecscecsssessssece Ne Other data center Virtual machine New virtual set by you machine K w Data Center P Enterprise Cloud Functional Description ver2 36 Private Catalog can only be used in the same Data Center as the Compute Resource Pool It cannot be used across different Data Centers The Private Catalog Disk region is provided by using the Disk resources of storage devices shared by multiple users Disk resources are provided as user specific Private Catalogs and therefore cannot be accessed by other users 3 3 2 Provision of a Disk for Saving Template Catalogs You can use the Customer Portal to add or reduce the capacity of the Private Catalo
196. overy from failures that might occur due to incompatibility between the VM Virtual Patch feature and your environment or failures that occur due to your operations other than those specified by NTT Communications 7 9 VM Firewall VM Firewall is a service that controls communication among Virtual Machines 7 9 1 Available Features You can use the following features with VM Firewall VM Firewall A feature that controls communication among targeted Virtual Machines 7 9 2 VM Firewall This is a feature that specifies rules for controlling IP packets firewall rules It can allow or deny the passage of IP packets that match the filter conditions You can specify the following conditions for one control rule firewall rule Action Type Specifies whether to Allow or Deny the passage of IP packets that match the conditions set by the following items Frame Types Specifies either IP ARP or Other Source IP Address Specifies the source IP address of IP packets by IP address and subnet mask You can specify multiple IP addresses or IP address ranges Destination IP address Specifies the destination IP address of IP packets by IP address and subnet mask You can specify multiple IP addresses or IP address ranges Destination por number Species the destination port number of IP packets Enterprise Cloud Functional Description ver2 36 7 9 3 Important Points Virtual Machine System Requirements The sy
197. ports for protocol If ICMP is specified for protocol ICMP Type cannot be specified Destination IP Address Specifies a destination IP address for IP packets Destination Service Specifies the destination service for IP packets with the port number when setting TCP UDP ports for protocol If ICMP is specified for protocol ICMP Type cannot be specified Protocol Specifies the protocol used for IP packets TCP UDP or ICMP Actions Specifies whether to allow or deny the passage of IP packets that match the conditions set by the above mentioned items Enable Enables disables this rule Enterprise Cloud Functional Description ver2 36 The firewall feature is set to deny all communications at the time of opening Settings for enabling specific communications are required to allow communications Priority of firewall rules can be set by changing the display order on the Customer Portal Higher display order on the Customer Portal has higher priority level 5 9 3 NAT NAPT Feature You can set IP Address Translation and IP Address Port Translation called SNAT DNAT below rules for communications that pass through the Integrated Network Appliance There are 2 types of NAT NAPT rules for the Integrated Network Appliance NAT NAPT for converting the source IP called SNAT rule below NAT NAPT for converting the destination IP called DNAT rule below SNAT Feature The following items can be set for
198. quipment A Virtual Machine ii Physical Equipment A Virtual Machine iii Physical Equipment A Compute Resource Pool 2 Zone A Virtual Machine Physical Equipment A Compute Resource Pool 3 Zone B Virtual Machine Physical Equipment B For information on Data Centers that offer zones refer to 1 3 2 Available Data Centers P 21 Zone function provides the availability of the physical serve that Virtual Macihne would run It does not provide the availability for Network devices 3 1 3 Features for Controlling Compute Resource Pools From the Customer Portal you can perform the following actions for Compute Resource Pools Enterprise Cloud Functional Description ver2 36 Feature Overview Add reduce resources A feature for adding and reducing the three types of resources CPU Memory Disk in a Compute Resource Pool Assign resources to a A feature for assigning Compute Resources CPU Memory Virtual Machine Disk to a Virtual Machine created in a Compute Resource Pool Add or delete a Compute A feature for adding or deleting a Compute Resource Pool Resource Pool 3 1 4 vApp Feature vApp is a new feature that can be seen on Customer Portal ver2 0 vApp is a container for Virtual Machines which is managed by VMware All functional characteristics of vApp is currently not supported in Enterprise Cloud vApp for Enterprise Cloud can only support one single Virtual Machine 3 1 5 Assigning Resources to a Virtual Machine C
199. quire them Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded The following files are not targeted for detection and blocking Encrypted files Files set with passwords Files compressed by compression algorithms other than zip gzip format Files compressed by compression algorithm zip gzip format three times or more Enterprise Cloud Functional Description ver2 36 3 Targeted for detection and blocking YE Targeted for detection and blocking Extract Extract Not targeted for detection and blocking gip gzip gip gzip gip gzip Files that have been compressed using the zip gzip compression algorithm are automatically extracted and are targeted for detection and blocking Packets which break TCP UDP IP protocol rules or abnormal packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle When the Port number is O zero When the TCP flag combination is abnormal and others If devices making up this feature are replaced due to malfunction etc you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal In addition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the
200. quirements Temperature conditions 10 to 35 C Height conditions 0 to 3 050 m Humidity conditions 10 to 90 and no condensation On Premises GW inside the On Premises Environment WAN side It is necessary to have a connection line to the Internet that can be used from the On Premises Environment gt There must be two Global IP Addresses fixed that can be used for a connection line to the Internet that can be used from the On Premises Environment The Global IP Addresses are allocated to the interface for the On Premises GW inside the On Premises Environment They are used for communication with the devices inside NTT Communications s Data Centers and NTP servers On Premises GW inside the On Premises Environment LAN side Please connect the On Premises GW inside the On Premises Environment LAN side to an L2 switch trunk link that uses a tag VLAN that is regulated by IEEE802 1Q The VLAN ID Identification Number used must fulfill the following conditions Usable VLAN ID Range 2 to 4 094 Number of VLAN IDs required for Server 1 to 24 Segment connection VLAN ID X used in redundant 1 configuration Number of MAC addresses for each The number that can be used differs connected Server Segment depending on the prefix length e For 26 60 For 25 124 e For 24 252 X For the redundant VLAN ID please specify a VLAN ID that is smaller than the number of the VLAN that is used for On Premises Interconnectivity For
201. r administered by NTT Communications Please set the routing and the DNS name resolution setting Routing Settings Please set the routing from the Virtual Machine to vFirewall using either of the following methods Set the Virtual Machine default gateway to vFirewall Set vFirewall as the static route gateway for communication addressed to the Manager administered by NTT Communications Ifthe Virtual Machine that uses VM Firewall is connected to a Server Segment that is not directly connected to vFirewall additional Server Segment is required to directly connect the vFirewall and the Virtual Machine DNS Name Resolution In order to communicate with the Manager administered by NTT Communications name resolution for the manager is required Please use the DNS server inside your environment or the Virtual Machine hosts file to set name resolution for the Manager administered by NTT Communications Restrictions The rule names for the VM Firewall are set automatically You cannot change the settings Traffic below is blocked in any mode settings TCP connections over 100 000 UDP connections over 100 000 Unusual traffic which is not based on RFC or suspected to be inaccurate No IP header Source IP and Destination IP are the same Text which is not available for URI Using character over 100 Using above route And there will be blocking resulting from the shortage of compute resource
202. r blocking websites according to website categories supplied by URL filtering 7 4 2 URL Filtering Feature The protocols targeted for URL filtering detection are HTTP and HTTPS gt URL filtering for HTTPS is implemented using domains HTTPS communication is determined based on the URL in the Common Name of the server certificate Configuring Category Operations With URL filtering websites targeted for control are divided in advance into categories and registered and you can choose warning and blocking operations for each category The content of the warning and blocking processes are shown below Item Process Information Recorded in Logs Allow Allows communication None Alert Allows communication URL of access restricted website Continue If users access websites that are registered in URL of access restricted those categories a warning screen indicating website that they have accessed a restricted website is displayed If users click the Continue button on the displayed warning screen they can access the website in question Enterprise Cloud Functional Description ver2 36 Configuring Controlled Websites As needed you can add or delete the websites targeted for control that are registered in each category Allowed URL From the group of websites that are registered to categories that White list are set as warning or blocking you can specify a URL as an exception and allow access A maximu
203. r segment w targeted for detection ae Service Interconnectivity GW The communication addressed to Server Segments targeted for detection is set so that it is routed by vFirewall to the Service Interconnect Gateway used for Email Anti Virus The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for detection to the Service Interconnect Gateway used for Email Anti Virus If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for detection directly to vFirewall Enterprise Cloud Functional Description ver2 36 Analysis Capacity The traffic volume that can be analyzed by Email Anti Virus is shown below Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services used by applying additional services 7 2 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with Email Anti Virus you must have two IP address blocks available If the IP address block is already being used we might ask you to change it NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that re
204. r to the User s Guide For the Virtual Machine Image Import Export Feature You are responsible for appropriately managing licenses for software such as Guest OSes and applications included in the imported Virtual Machine image For example please check with the vendor of your Guest OS or application to confirm that the license can be used in Compute Resource prior to use For the Guest OS to import and use a Virtual Machine image of Windows Server you will need to switch the OS license under local options Understanding the Consumption of Private Catalog Disk Resources When importing a template the following capacity is consumed from the Private Catalog Disk resources Total value of all of the Disk capacity mounted in the Virtual Machine Export compress When the virtual machine is exported using the OVA package format the data size is compressed based on the actual usage rate scuseuseesecsesecsssescesecass Data 1 000 GB Virtual machine image Virtual Machine OVA file i 23 GB example 5 Disk capacity Actual usage S System 100 GB rate is 30 Private Catalog Templates Disk resource consumption 1 100 GB When importing an OVA file All mounted disk capacity is consumed f Not the OVA file size Data Center s The Private Catalog Disk resources consumed by templates are only the total value of the Disk capacity of the Virtual Machine that created th
205. r to the separate volume Enterprise Cloud User s Guide For information about the NTT Communications Business Portal refer to the separate volume Business Portal User s Guide 2 1 3 Important Points gt The Customer Portal is accessed through a web browser using the Internet Please prepare an environment in which you have Internet access Use the following web browser to access the Customer Portal Mozilla Firefox 10 or higher 32bit X To use a console connection you need Mozilla Firefox 11 0 or higher running on Windows except version 8 If Firefox version is 30 or higher please change VMware Remote Console Plug in setting to be always activated Enterprise Cloud Functional Description ver2 36 NTT Communications is not responsible for unauthorized use of the Customer Portal resulting from the loss or leaking of password information issued to the customer When using one Customer Portal to batch manage multiple Data Centers please notify NTT Communications beforehand You cannot consolidate Data Centers back into one Data Center after you start using them in separate Customer Portals When using a console connection enable the Java Script features in your web browser You cannot manage one Data Center from multiple Customer Portals 2 2 Security Web Portal When you use Enterprise Cloud you are provided with one administrator ID for the Security Web Portal which can be used to check the status of attack
206. reate a Virtual Machine by assigning resources in a Compute Resource Pool CPUs Memory Disk to the Virtual Machine The amount of resources that can be assigned to a Virtual Machine is different with Customer Portal ver1 0 and Customer Portal ver2 0 You can also add or reduce resources for the Virtual Machine once you have created gt The number of Virtual Machines that you can create depends on the number of contracted resources and the number of private IP addresses that can be used on a Server Segment IP addresses are used for vFirewall vLoad Balancer Service Interconnectivity and Virtual Machines You can verify usage in the portal Virtual machines are made up of six components vCPU Memory Disk vNICs Virtual CD DVD drives Guest OS Enterprise Cloud Functional Description ver2 36 Resources that can be assigned to a Virtual Machine Customer Portal ver1 0 vCPU Memory Virtual CPU hardware Virtual memory hardware Number of vCPUs Memory capacity 1 to 32 GB 1 2 4 6 8 vCcPUs Increments 1 GB Virtual Machine a Disk Og Virtual storage devices Total disk capacity Up to 3 900 GB Root disk Storage area on the j guest OS Virtual network adapter hardware Number of disks 1 Cannot be changed Quantity 8 Cannot be changed Data disk Primary vNIC Data storage area The vNIC that functions as the representative vNIC Number of disks 0 to 6 Disk capacity 1 to 2 000 GB Quantity 1 Increm
207. rectory C Program Files Microsoft SQL Server Shared Feature directory C Program Files Microsoft SQL Server Shared Feature directory x86 C Program Files x86 Microsoft SQL Server Instance Configuration Instance Default instance Instance ID MSSQLSERVER Server Configuration Service Accounts Service SQL Server Agent Account name NT Service SQLSERVERAGENT Startup type Manual Service SQL Server Database Engine Account name NT Service MSSQLSERVER Startup type Automatic Service SQL Server Analysis Services Account name NT Service MSSQLServerOLAPService Startup type Automatic Service SQL Server Reporting Services Account name NT Service ReportServer Startup type Automatic Service SQL Server Integration Services 12 0 Account name NT Service MsDtsServer1 20 Startup type Automatic Service SQL Server Distributed Replay Client Account name NT Service SQL Server Distributed Replay Client Startup type Manual Service SQL Server Distributed Replay Controller Account name NT Service SQL Server Distributed Replay Controller Startup type Manual Service SQL Full text Filter Daemon Launcher Account name NT Service MSSQLF DLauncher Startup type Manual Service SQL Server Browser Account name NT AUTHORITY LOCAL SERVICE Startup type Disabled Collation
208. res Requests Used Services and Notes I want my system to be in a robust e In Enterprise Cloud the cloud Data Center rather than keeping the infrastructure resides in robust Data data within my company Centers characteristic of a carrier I want to back up my data in another regardless of which service you are country using Global File Storage Global Data Backup Important data is saved in a remote overseas location in real time 1 6 Explanation of Common Terms This section explains common terms used in Enterprise Cloud Term Compute Resource Compute Resource Pool CRP Compute Class Storage Class Compute Resource Dedicated Device Server Segment Firewall Load Balancer Service Interconnectivity VPN Connectivity Gateway VPN Gateway VPN Transit Internet Connectivity Internet GW Internet Transit Definition A service that provides the virtual resources CPU Memory Disk to create Virtual Machines A resource management unit pool created in Compute Resource A name for distinguishing the performance of a CPU and Memory A name for distinguishing the performance of a Disk A service that provides virtual resources CPU Memory Disk using devices physical server storage devices that are dedicated to the customer A service that provides an L2 segment for connecting multiple services to each other in Enterprise Cloud A device for preventing penetration of Enterprise Cloud fro
209. resource is shown below Traffic Processing Capacity 20 Mbps Processing capacity for transferring IP packets received into vLoad Balancer Number of Health Check 10 Definitions Number of Server Farm 20 Settings Number of VIP Settings 4 F Number of routing settings 5 3 Adding and Reducing vLoad Balancer Resources You can add and reduce usable vLoad Balancer resource values within the following range Lower Limit Upper Limit Application Unit vLoad Balancer Resource 1 50 X 1 Value X The maximum value that can be set using the Customer Portal is 10 Please contact us separately if you would like 11 or more vLoad Balancer resources Load Balancing Features In order to perform load balancing you can set load balancing rules that specify targeted server health check method and load balancing method You can set the following items for each load balancing rule See the User Guide for the setting method Setting Name Setting Details VIP From the VIP provided to the vLoad Balancer specify the VIP to use for load balancing rules Protocol Selects the protocol of communication to be load balanced from TCP or UDP Port Specifies the port number of communication to be load balanced Session Maintenance Selects the method for maintaining sessions Method e Source IP Address Method Cookie Insert Method available only for HTTP communication X Cookie header insert Expiry of the cookie Yes unt
210. rmed at the same time in each time slot exceeds the maximum value we recommend the closest available time slot within the same day or the closest date in the same time slot Ifthe Virtual Server targeted for backup has been deleted at the backup start time the backup will not be performed Disk of the target Virtual Server cannot be extended while performing the backup process The starting point of the retention period for backup file is the start time of the backup If the target Virtual Server is restored during the backup inconsistency in backup data may occur so do not perform the restore operation during the backup When backup is acquired periodically there might be a time period without the backup file due to the gap between the start time of next backup and retention period In order to avoid this situation one additional day will be added to the retention period with no charge Backup of Compute Resource Dedicated Device Be careful with the following points when performing the file backup for the Virtual Server used by Compute Resource Dedicated Device During the backup the performance of the Disk I O of the Storage Device that is used by Compute Resource Dedicated Device may decrease temporarily Backup of Compute Resource Dedicated Device may not be supported depending on usage of disk I O In this case please contact our Support Center Difference between the Setting Time and Chargeable Dur
211. rmed in one second under certain conditions The IOPS values above are the performance values measured under the following conditions Virtual machine vCPU 8 rs Memory 16GB Guest OS Red Hat Enterprise Linux 6 2 Settings parameters direct 1 measured in unbuffered I O runtime 300 measurement time is 300 seconds size 16GB test file size is 16 GB readwrite RandomReadWrite measured in random read writes rwmixread 50 read write ratio is 50 50 blocksize 4k block size is 4 kbyte HA Cluster Feature The same HA Cluster feature that is provided in Compute Resource is also provided in Compute Resource For details regarding the HA Cluster feature refer to HA Cluster Feature P 55 Enterprise Cloud Functional Description ver2 36 Adding and Deleting Dedicated Devices You can have multiple dedicated devices by reserving multiple Compute Resources Dedicated Device Minimum configuration 1 device To add or delete a dedicated device please submit the application specified separately Adding and deleting dedicated devices Minimum configuration 1 device Maximum configuration 18 devices Maximum configuration 2 devices i A Minimum configuration 1 device Storage device Maximum configuration 1 device Dedicated devices 1 Minimum configuration 1 device Minimum configuration 1 device Maximum configuration 18 devices E L Minimum configuration 1 device Storage device Maximum
212. rtal ver1 0 and Customer Portal ver2 0 The Service Specification differences between the two portals are listed below Enterprise Cloud Functional Description ver2 36 vCPU The quantities of vCPUs that can be assigned to one Virtual Machine are shown below The configurable settings of Customer Portal ver1 0 are different from those of Customer Portal ver2 0 Customer Portal ver1 0 Small 1 8 x Compute Dedicated Large 1 8 x Device X Configurable value of vCPUs are 1 2 4 6 or 8 Odd number vCPUs cannot be configured on Customer Portal ver1 0 Customer Portal ver2 0 Small 1 16 1 Compute Dedicated Large 1 32 1 Device Memory You can add or reduce the Memory capacity that is assigned to one Virtual Machine within the ranges shown below The configurable settings of Customer Portal ver1 0 are different from those of Customer Portal ver2 0 Customer Portal ver1 0 Small 1 8 1 Compute Dedicated Large 1 8 1 Device Enterprise Cloud Functional Description ver2 36 Customer Portal ver2 0 Small 1 96 1 Compute Dedicated Large 1 512 1 Device Disk You can add or reduce the Disk capacity and the number of data Disks connected to one Virtual Machine within the ranges shown below The configurable settings of Customer Portal ver1 0 are different from those of Customer Portal ver2 0 Customer Portal ver1 0 Number of data 0 6 1 Disks Customer Portal ver2 0 Number of data 0 59 1 Disks 2 097 151
213. rus The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for protection to the Service Interconnect Gateway used for Web Anti Virus If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for detection directly to vFirewall Analysis Capacity The traffic volume that can be analyzed by Web Anti Virus is shown below Item Performance Remarks Per Maximum service 5 services used Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink Enterprise Cloud Functional Description ver2 36 Number of 40 000 200 000 The number of sessions concurrent that can be connected sessions simultaneously You can increase the traffic volume up to 1 Gbps 200 000 sessions when 5 services used by applying additional services 7 3 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with Web Anti Virus you must have two IP address blocks available If the IP address block is already being used we might ask you to change it NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them Restrictions When the actual traffic volume exceeds the contracted
214. s for managing services You can use the Customer Portal to create Virtual Machines and configure your network environment in real time Enterprise Cloud provides two types of Customer Portal Customer Portal ver1 0 and Customer Portal ver2 0 with new Graphic User Interface The availability of Customer Portal ver1 0 and 2 0 is listed below o zo 10 1o 39 30 108 19 9 10 18 For some Enterprise Cloud services Customer Portal ver2 0 provides different service specification from that of Customer Portal ver1 0 Customer Portal ver1 0 All Service Specification is applied Customer Portal ver2 0 Following Services provide different service specification from Customer Portal ver1 0 Compute Resource Please refer to MSSQL Please refer to A diagram of the Enterprise Cloud Customer Portal ver1 0 usage is shown below Enterprise Cloud Functional Description ver2 36 NTT Communications a List View VPN Gateway Bov jvx3903283 Virtual Load Balancers Gateways Enterprise Cloud Functional Description ver2 36 A diagram of the Enterprise Cloud Customer Portal ver2 0 usage is shown below NTT communications Solutions Cloud Security Service Desk Admin Enterprise Cloud CUS P 00628408_YokonamaDC Locations List View Internet Server Segment 1 eee Server Segmen 2 The Customer Portal is accessed using HTTPS communication through a web browser Access to the
215. s in OS License Provision of an OS license A feature for using an OS license to run Windows or Linux on a Virtual Machine in Compute Resource 3 4 2 Provision of an OS License The OS licenses and subscriptions provided in OS License are shown below One license is provided for one Virtual Machine Red Hat subscription Red Hat Enterprise Linux Server 5 8 6 2 64bit Japanese English keyboard layout version When you use OS License you can use the software access and software maintenance features from the Red Hat Enterprise Linux software subscription Please follow the instructions from NTT Communications regarding the procedure and access method for using these features Enterprise Cloud Functional Description ver2 36 3 4 3 Provision of a Public Catalog You can use a template for creating a Virtual Machine for which a Microsoft OS license and Red Hat subscription have been provided You can use templates from the Customer Portal when creating a Virtual Machine in Compute Resource or Compute Resource Dedicated Device A Microsoft OS license and Red Hat subscription are only provided for a Virtual Machine created using the provided template called a Virtual Machine created with OS License below When you use the template to create a Virtual Machine you can use the OS installed Virtual Machine immediately Templates exist for each Data Center and are stored in the Public Catalog which can be ac
216. s set from 0 00 to 23 59 on April 1 in Japan Standard Time However if the period is converted with UTC the period is converted to 1 15 00 to 23 59 on March 31 and 2 00 00 to amp Enterprise Cloud Functional Description ver2 36 14 59 on April 1 Therefore 1 is processed as the fee for March and 2 is processed as the fee for April The time notation in the E mail about the result of job is UTC When Using OS Management If the OS management service is used you cannot use the image backup service Enterprise Cloud Functional Description ver2 36 4 2 File Backup File Backup is a service that provides features to store and restore files or folders on the data disk of the Virtual Server called Backup file below Customer s Work Customer Portal Dedicated Application Service interconnectivity You can use file backup at a Data Center that provides Compute Resource or Compute Resource Dedicated Device The services provided differ depending on the Data Center For details refer to 1 3 2 Available Data Centers P 21 File backup uses the Service Interconnectivity and the Server Segment Order Form is needed for this service derivery 4 2 1 Available Features You can use the following features in File Backup Backup File A feature for acquiring backup files from and Customer Portal Storage storing backup files in the storage device called storage for backup provided by NTT Com
217. s the same features as Compute Resource the service in which physical equipment is shared with other users This section explains the differences between the two services For information regarding Compute Resource refer to 3 Compute Resource P 51 You can select storage devices from a storage class Premium or Premium that offers the appropriate performance level for your intended use 3 2 2 Provision of Compute Resource Pools In Compute Resource Dedicated Device you can use Compute Resources CPU Memory Disk that are comprised of your own dedicated physical servers and storage devices provided by NTT Communications In addition you can divide your Compute Resources into multiple Compute Resource Pools To add delete or change a Compute Resource Pool please submit the application specified separately Adding or deleting a compute resource pool CPU resources Memory resources Disk resources CPU resources Memory resources Disk resources Compute Resource Pool 1 Compute Resource Pool 2 Changing the distribution of resources to each compute resource pool lt Minimum configuration 1 device Maximum configuration 18 devices Maximum configuration 2 devices l Minimum configuration 1 device Storage device Maximum configuration 1 device Compute Resource Dedicated Device Minimum configuration 1 device Enterprise Cloud Functional Description ver2 36 You may not
218. specified at the time of submitting the application form After the network is opened the plan cannot be changed from Compact to Large or vice versa It is possible Enterprise Cloud Functional Description ver2 36 to change the plan from single configuration to redundant configuration or vice versa If the redundant configuration plan is selected the hot standby configuration is provided and the plan is switched in approximately 30 seconds Even if the single configuration plan is selected the redundant configuration is adopted for basic equipment equipment restart with the basic equipment for backup in case of failure and the configuration is switched approximately 5 to 10 minutes All functions are available with Compact plan However Large plan is recommended when using the Load Balancing function and IP sec termination function due to the plunge in performance 5 9 2 Firewall Feature With this feature the firewall rules for allowing or denying specific IP packets of communications that pass through the Integrated Network Appliance can be configured The following conditions can be specified for each firewall rule as the condition for IP packet to which the firewall rule is applied Item Details Firewall Rule Customer can configure arbitrary rule names Source IP Address Specifies a source IP address for IP packets Source Service Specifies the source service for IP packets with the port number when setting TCP UDP
219. stem requirements number of vCPU Memory capacity Disk capacity and OS for operating the VM Firewall agent software are shown below Memory Capacity 512 MB or greater OS The OSs listed in Supported OS List of VM Anti Virus VM Virtual Patch and VM Firewall of the available OSs in Enterprise Cloud When using Linux it is necessary to confirm the kernel version Please set IPv6 to ON or OFF correctly when using VM Firewall Agent Software Installation In order to use VM Firewall upload and install agent software on the Virtual Machine For details refer to the agent software installation guide You cannot use the VM Firewall at the same time as other anti virus software than VM Anti Virus Before installing VM Firewall agent software always make sure to uninstall other virus protection software Do not upload agents by mounting ISO image files or CD DVD drives when uploading it to the VMs Agent Software Default Install Location The agent software default install location differs depending on the Virtual Machine Os Windows C Program Files Trend Micro Deep Security Agent You can change where it is installed Also the install location might change due to agent software version updates etc Enterprise Cloud Functional Description ver2 36 Communication with the Manager Administered by NTT Communications The Virtual Machine that uses VM Firewall must have communication with the Manage
220. t Effort Contracted Disk capacity Guaranteed Bandwidth usage Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort Amount of traffic Best Effort A diagram of the accommodated customers for Compute Resources is shown below The diagram below is a logical configuration diagram It is not an accurate representation of the actual physical configuration Enterprise Cloud Functional Description ver2 36 Internet Connection VPN Connection Redundant vFirewall vLoad Balancer Redundant Dedicated Device Dedicated Device vm via Standard Premium Resource Pool A s l vm A vm Shared type HA configuration Dedicated type Dedicated type HA configuration HA configuration Physical Server I Configuration I eS _ 1 I iSCSI SAN network for storage Storage Configuration Premium Premium Shared Shared Dedicated Dedicated Legend Ezaa sv Physical Server HA cluster G Storage Device w Virtual Server Enterprise Cloud Functional Description ver2 36 1 3 2 Available Data Centers The Enterprise Cloud Data Centers are shown below Japan JP Yokohama No 1 Data Center Kansail Data Center Saita
221. t Phase 1 and Phase 2 Specified the shared key used for authentication Sets the maximum value of one frame that is sent received through IPsec communications Selects whether to enable or disable this rule This is the feature that enables the setting for terminating IPsec communication Actual connectivity is not included in this service To establish IPsec communications equipment for IPsec communication is required at the external VLAN side apart from this function Customer needs to prepare equipment at the external VLAN side Equipment at the external VLAN side is not supported by NTT Communications If the external VLAN is the Server Segment within the Enterprise Cloud service contract the setting for establishing IPsec communications with mutual Integrated Network Appliance is available Enterprise Cloud Functional Description ver2 36 It is possible to configure the settings where one Server Segment and one external VLAN can be connected When attempting to establish 1 to N or N to 1 connections multiple IPsec termination rules need to be combined It is possible to terminate IPsec communications that pass Internet Transit or VPN Transit IPSec communication that passes through the Server Segment cannot be terminated Do not perform multicast communications or broadcast communications through IPsec communications If NTT Communications finds these communications we may take actions such as restriction on communica
222. t been specified they will be allocated automatically You cannot change the IP addresses that are used for Service Interconnectivity after you have started using Service Interconnectivity The Service Interconnect Gateway is configured in an active standby structure so one virtual IP one active device IP and one standby device IP address are used The Service Interconnect Gateway is a Best Effort type service that changes the transmission speed according to your system environment and line congestion 5 4 3 Routing Settings You can set a maximum of 32 types of static routing for Service Interconnect Gateway including the default gateway The static routing settings are implemented based on parameter sheets agreed upon with you and the policies of NTT Communications 5 4 4 Important Points When using the same Server Segment Service Interconnectivity from a Virtual Machine that has the default gateway set as vFirewall the routing information of the Enterprise Cloud Functional Description ver2 36 service targeted for the Service Interconnectivity side must be set to the Guest OS on the Virtual Machine Please refer to the explanation about services targeted for interconnectivity regarding the requirements for connection with these services Enterprise Cloud Functional Description ver2 36 5 5 Colocation Interconnectivity _ Colocation Interconnectivity is a service that provides a secure L2
223. take 17 days X8 Plan change from Single to Redundant can be done from Customer Portal Plan change between Compact and Large is not possible Enterprise Cloud Functional Description ver2 36 X9 This will not be applied if the Customer is using OS Management Service Japan Local option Minimum Usage Period The minimum usage period is one month from the time that you start using Enterprise Cloud However minimum usage periods for the following service menus are specified separately Compute Resource Dedicated Device 1 year 1 3 4 Resource Contract Conditions and Service Combination Conditions Resource Contract Conditions The following resource contracts are required for each Data Center Internet Connectivity VPN Both contracts are available Connectivity Deleting all Compute Resources is not possible You can only contract for one Internet Connectivity and one VPN Connectivity for each Data Center that you are using Enterprise Cloud Functional Description ver2 36 Combination Conditions Database License You cannot use Private Catalog and Image Backup on a Virtual Machine that uses a Database License MS SQL when creating a Virtual Machine from a template stored in a Private Catalog we cannot guarantee that it will work Security The following security services can only be used through Service Interconnect Gateway X IPS IDS Email Anti Virus Web Anti Virus URL Filtering App
224. tatic routing Load balancing rule IPsec termination rule This is the feature used for setting to allow deny communications that pass through the Integrated Network Appliance This is the feature used for converting the IP address and ports for communications that pass through among Internet Transit VPN Transit and Server Segment This is the function used for providing the routing for communications that are made among Internet Transit VPN Transit and Server Segment This is the function used for balancing load of communications from Internet Transit and VPN Transit This is the function used for terminating IPsec communications Plans of the Integrated Network Appliance You can choose from the following four Integrated Network Appliance plans Available performance and configurations vary depending on the plan that you order Plans Compact Compact Redundant Large Large Redundant Performance Configurations For customers who do not use the load balancing Single feature and IPsec termination feature For customers who do not use the load balancing feature and IPsec termination feature For customers who use the load balancing feature and IPsec termination feature For customers who use the load balancing feature configuration Redundant configuration Single configuration Redundant and IPsec termination feature configuration The Integrated Network Appliance plan can be
225. te Resource Pool 1 Compute Resource Pool 2 Enterprise Cloud Functional Description ver2 36 Usage Units You can add or reduce the resources handled by one Compute Resource Pool within the ranges shown below CPU 1 GHz 48 GHz 1 GHz Disk 50 GB 4 000 GB 50 GB You can add or reduce the resources assigned to one Virtual Machine within the ranges shown below Configurable settings of Customer Portal ver1 0 are different from those of Customer Poral 2 0 For Customer Portal ver1 0 Disk 1 GB 2 000 GB 1 GB For Customer Portal ver2 0 Guaranteed 1 32 1 vCPU CPU Compute Guaranteed 1 GB 128 GB 1 GB Memory Compute Premium Storage 1 GB 2 047 GB 1 GB Disk Standard Storage Classes Compute Resource Pools are comprised of two types of classes the Compute Class CPU Memory and the storage class Disks Each of these is separated into two types of service classes Premium and Standard with different levels of performance You can select the class that is appropriate for your intended use Enterprise Cloud Functional Description ver2 36 Select the service class when creating the Compute Resource Pool You cannot change the service class after the Compute Resource Pool has been created Compute Class CPU Guaranteed The CPU resource and Memory Memory resource values for which you applied are guaranteed SLA is applicable for this component Premium The CPU resource and Memory resource values for which yo
226. ted 7 3 2 Virus Scan Feature HTTP and FTP are the protocols targeted for inspection by Web Anti Virus You can choose the detection and blocking operations for each protocol The detection and blocking processes are shown below Allow Allows communication None Block Monitors Web access HTTP communication and Blocking status FTP communication and detects viruses Note that communication is blocked when viruses are detected and a blocked screen is displayed to the user If NTT Communications judges it necessary we will notify you via email etc of the detection and blocking status for blocking only Enterprise Cloud Functional Description ver2 36 Routing Settings Only communication via Web Anti Virus is targeted for detection When you use Web Anti Virus please set the following routing Internet GW VPN Connection GW Internet gt VPN uui Transit vFire wall Routing setting for the communication addressed to the server segment targeted for detection Routing setting for JJ Communication the communication route to the from the virtual server segment targeted for detection Virtual Machine Server segment targeted for detection a Service Interconnectivity GW The communication addressed to Server Segments targeted for protection is set so that it is routed by vFirewall to the Service Interconnect Gateway used for Web Anti Vi
227. tem construction work that you perform should be performed remotely The common conditions for providing Enterprise Cloud and service specifications and the conditions for providing each service may change without notice When a contract or service is removed or canceled or when you delete a service from the Customer Portal the data will be erased according to the method specified by NTT Communications A data erasure certificate is not issued When you use Enterprise Cloud you must comply with the laws of foreign countries and international trade and other Japanese import and export regulations along with all applicable laws and regulations related to importing reimporting exporting and reexporting to and from other countries and regions In other words you are solely responsible for compliance with laws and regulations related to all actions that are taken when using Enterprise Cloud such as transferring processing and providing content You may not use Enterprise Cloud for the development production or use of conventional weapons or weapons of mass destruction including nuclear weapons as stipulated in the Foreign Exchange and Foreign Trade Law and other Japanese laws relating to exporting Enterprise Cloud Functional Description ver2 36 2 Service Management Portal Site 2 1 Enterprise Cloud Customer Portal An Enterprise Cloud Customer Portal called the Customer Portal below is available to user
228. that enables L3 communication between the Server Segment and the external VLAN by encrypting the Server Segment and the Server Segment in the customer s base or other Enterprise Cloud Service contract called external VLAN below for these Server Segments You can set the following items for the IPsec termination rule Item IPsec termination rule name Explanation Local Network Peer Network Local Endpoint Local ID Peer ID Peer IP Encryption Protocol Shared key MTU Enable Details Customer sets arbitrary rule name Customer inputs the explanation of this IPsec termination rule Specifies the Server Segment that is connected to external VLAN via IPsec communication Specifies the IP subnet of the external VLAN connected by using IPSec communications Specifies the interface of the Integrated Network Appliance that terminates IPsec communication Specifies a unique ID that is configured at the Integrated Network Appliance in use arbitrarily in order to certify the target party s VPN device Inputs the ID specified by the IPsec termination equipment at the external VLAN side in order to certify the target party s VPN device Inputs the fixed IP used for IPsec communication that is allocated to the IPsec termination equipment at the external VLAN side Specifies the encryption protocol AES AES256 3DES that is used for IPsec communications the common encryption protocol is used a
229. that monitors communication to the Virtual Machine and from the communication status provides reports that make unknown threats and latent risks visible 7 11 2 Network Profiling Report It monitors communication to the Virtual Machine and provides reports that make latent risks to the network visible based on the correlation analyses on traffic logs and threat logs viruses and unauthorized access performed by a security analyst Reports are provided once a month Enterprise Cloud Functional Description ver2 36 Routing Settings Only communication that goes through Network Profiling can be analyzed When using Network Profiling please use the following routing settings Internet GW VPN Connection GW Internet VPN Tes Transit vFire wall Routing setting for the communication addressed to the server segment targeted for analysis Routing setting fr JJ Qrrrt Communication the communication route to the from the virtual server segment machine targeted for analysis Virtual Machine Ta a Server segment my targeted for analysis Service Interconnectivity GW The communication addressed to Server Segments targeted for analysis is set so that it is routed by vFirewall to the Service Interconnect Gateway used for Network Profiling The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segm
230. that monitors the types of file access such as write or read generated inside the Virtual Machine and scans for viruses Actions A feature that executes specified processes when viruses are detected Automatic Security Update A feature that periodically checks pattern file updates and performs updates 7 7 2 Real Time Scan Feature The Real Time Scan feature monitors the sorts of file access such as write or read generated inside the Virtual Machine and can scan for viruses The items that can be specified for Real Time Scan are shown below Directions and files to Selects folders and files for file access monitoring scan Selects the targeted folders from All Directories and Directory List Selects the targeted files from All Files File types scanned by IntelliScan and Specified file extensions Actions For details refer to 7 7 4 Actions P 217 NOTE Real time scan is only provided for the Windows OS It cannot be used in Linux OS 7 7 3 Scheduled Scan Feature You can scan for viruses in files existing on the Virtual Machine including files that are not in use according to a specified schedule The items that can be specified for the Scheduled Scan Feature are shown below Item Directories and files to scan Schedule Actions Scan Exceptions 7 7 4 Actions Details Selects folders and files for file access monitoring Selects the targeted folders from AIl directories a
231. the amount of false positive detections If simulation is implemented a simulation time period is set approximately 1 4 weeks after you start using IPS mode during which only detection of unauthorized access and attack traffic is performed and traffic is not blocked After the simulation time period please check to see whether the traffic that IPS IDS detects as being targeted for blocking is normal traffic Based on the results of the check the IPS IDS settings will be adjusted 7 1 3 Important Points Used IP Addresses In order to connect the Service Interconnect Gateway with IPS IDS you must have two IP address blocks available If the IP address block is already being used we might ask you to change it NTT Communications will manage the assigned IP address blocks and assign IP addresses to the devices that require them Restrictions When the actual traffic volume exceeds the contracted traffic volume the excess traffic might be discarded Encrypted communication is not targeted for detection or blocking Packets which break TCP UDP IP protocol rules or abnormal packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle When the Port number is O zero When the TCP flag combination is abnormal and others G If devices making up this feature are replaced due to malfunction etc you will not be able to check devi
232. through the Integrated Network Appliance and opening closing ports according to its contents is enabled This function cannot be disabled ESET ETE gt 5 et fap Firewall PSec terminatio Function Function ork Appliance INA Enterprise Cloud Customer Portal Selectable Single Redundant EEJ gt Either the Integrated Network Appliance or vFirewall needs to be contracted for one Data Center in one Enterprise Cloud service contract These services cannot be used simultaneously or multiple services cannot be used 5 9 1 Available Features Connection to each network The Integrated Network Appliance can connect to the following networks Destination Network Connection Conditions Enterprise Cloud Functional Description ver2 36 Internet Transit If the Internet Connectivity service is selected connection to the Internet transit is always established VPN Transit If the VPN Connectivity service is selected connection to the VPN transit is always established Server Segment If a Server Segment is added connection to the Server Segment is provided However if Do not connect to the Integrated Network Appliance is selected when adding a Server Segment connection to the Server Segment is not provided Interfaces of the Integrated Network Appliance Interfaces and allocatable IP addresses that are provided by the Integrated Network Appliance are shown below Interface Allocatable IP
233. time are scheduled and replication is run according to the schedule Manual immediate The replication is run by manual operation execution It is not possible to replicate data automatically every time data is changed Restore Even if the data was replicated from Primary Storage to Secondary Storage data is restored manually from the following directories and folders which were created in Primary Storage Note that the directory and folder names will differ according to the protocol used Protocol Used Directory Folder NFS snapshot CIFS snapshot Enterprise Cloud Functional Description ver2 36 The data that was last replicated the same data as that saved in Secondary Storage is stored in the above mentioned directories and folders Restore from Secondary Storage to Primary Storage is limited to situations where the primary Data Center can no longer be used such as during disasters and is executed at the judgment of NTT Communications 6 1 4 Important Points IP Address It is necessary to allocate an IP Address Block with a Prefix Length of 29 to be used for Global File Storage Global Data Backup The number of IP addresses differs according to the contracted plan Plans Number of IP Addresses Allocated from the IP Address Block IP Address Blocks Local DC 1 e Primary storage IP address Storage Service Interconnect Gateway IP address Remote DC 2 e Primary storage IP address Storage data Serv
234. tination network address that is set in the routing settings The network used by Enterprise Cloud service cannot be specified as a default route of VPN service Arcstar Universal One side You cannot change the IP addresses that are used for VPN transit and APGW connceciton segment after you have started using VPN Connectivity 5 2 5 Important Points The Guaranteed type only guarantees the communication bands that pass through the VPN Gateway In order to guarantee the communication bandwidth that the vFirewall and vLoad Balancer pass through it is necessary to have separate contracts for a suitable number of firewall resources and load balancer resources NTT Communications may change VPN settings for maintenance and monitoring You cannot change or delete the settings that are set by NTT Communications Enterprise Cloud Functional Description ver2 36 Communication interruptions might occur when VPN Connectivity settings are changed The IP Addresses in the IP Address bands listed below cannot be included in the IP address block for APGW connection segment IP address block for VPN Transit or routing IP address block for vFirewall Be aware that the IP address bands that cannot be specified differ according to Data Center Also if the IP Addresses in the IP Address bands listed below are used for private network lines communications between the Data Center that is in use and those IP addresses via v
235. tings and Service Group Settings In order to improve the convenience of setting vFirewall from the Customer Portal features to set IP address groups and service groups are provided IP address group settings You can group IP addresses The set IP Address Group can be used for Packet Filtering setting Adding and Reducing vFirewall Resources You can add and reduce usable vFirewall resources within the following range vFirewall resources 1 50 X il X The maximum value that can be set using the Customer Portal is 10 Please contact us separately if you would like 11 or more vFirewall resources Enterprise Cloud Functional Description ver2 36 5 7 4 Packet Filtering Feature A feature that specifies IP Packet filter conditions packet filtering policy for vFirewall It can allow or deny the passage of IP packets that match the filter conditions You can specify the following conditions for each filter rule as IP packet filter conditions to apply to packet filtering Interface Select any of the following as the network interface of vFirewall that implements packet filtering Internet Transit VPN Transit Server Segment Source Service Specifies the TCP UDP ports ICMP type or service group as the source service for IP packets Destination Service Specifies the TCP UDP ports ICMP type or service group as the destination service for IP packets Even if you start using vFirewall filter rules will n
236. tions without prior notice Active mode is not supported by this feature therefore Peer IP needs to be the fixed IP that can be connectable from the Integrated Network Appliance The following items are configured as default settings of the Integrated Network Appliance Key management protocol IKEvi ISAKMP Oakley Phasel Authentication Method pre shared key Hash Algorithm ISAKMP SA life time 28800 seconds key exchange mode Main mode IPsec SA life time 3600 seconds Security protocol ESP Authentication Algorithm HMAC SHA1 Perfect Forward Secrecy Enable DH group 2 Capsuling mode Tunnel key exchange mode Quick mode Enterprise Cloud Functional Description ver2 36 5 9 7 Important Points Rules Set by NTT Communications Global Rule Multiple rules called Global Rule below are configured for the Integrated Network Appliance in default setting to allow NTT Communications to perform monitoring maintenance and operation and provide various services Customer can refer the Global Rule However please note that we may not be able to answer questions regarding specific purpose and details of the Global Rule Customer cannot edit or delete the Global Rule The Global Rule is set as the rule having the higher priority than various rules set by customer Please note that the Global Rule may be added changed or deleted by us without prior notice NOTE When monitoring the virtual server starts SNAT
237. to run the backup data storage operation Global File Storage Global Data Backup is used via Service Interconnectivity You need to apply separately for Service Interconnectivity Enterprise Cloud Functional Description ver2 36 6 1 1 Available Features You can use the following features with Global File Storage Global Data Backup Feature Overview Provides storage for saving A feature that uses the shared External Storage area for data storing backup data You can choose from the following two plans e Local DC Storage provides Primary Storage only Remote DC Storage provides Primary and Secondary storages Data replication feature If you have selected the Remote DC Storage Plan this burst feature feature transfers the data to Remote DC Storage The connection to the shared External Storage area uses CIFS protocol or NFS protocol You can retrieve data that is in Primary or Secondary storage It is possible to temporarily increase the transmission speed of the virtual network with bursts according to the traffic volume The transmission speed for bursts differs according to the service plan S M L 6 1 2 Provides Storage for Saving Data You can install and set up primary storage that can be connected by CIFS protocol or NFS protocol over a previously specified IP network and use the shared External Storage area for storing backup data The backup storage specified by NTT Communications is
238. tomization Support column under Guest OS Support in the document below https www vmware com files jp pdf vCloud_Director_User_Guide_15_jp ja pdf Install and enable the latest VMware Tools in the Guest OS on the Virtual Machine If you intentionally uninstall or disable VMware Tools we cannot guarantee the correct operation of Compute Resources We also may not be able to support your queries Guest OS Customization Guest OS settings basically depend on the template However some settings are automatically changed after power on at the first time in following operation This is referred to as Guest OS customization 1 After creating a Virtual Machine 2 After changing the Server Segment to which a vNIC connects 3 After changing the primary vNIC 4 After changing the IP address of the vNIC The Virtual Machine automatically restarts when the Guest OS is customized Do not log in to the Guest OS or operate the Virtual Machine until it has restarted The Virtual Machine will operate in the state that it was in prior to customization of the Guest OS until it restarts Please do not operate Virtual Machine during Guest OS Customization Usually it takes about 30 minutes Enterprise Cloud Functional Description ver2 36 Settings that are changed when customizing the Guest OS The Guest OS settings that are changed when customizing the Guest OS are shown below miItems that are changed automatically
239. traffic volume the excess traffic might be discarded The following communication and files are not targeted for detection and blocking Encrypted communication that used HTTPS or SFTP etc Files set with passwords Files compressed by compression algorithms other than zip gzip Files compressed by compression algorithm zip gzip three times or more JE Targeted for detection and blocking x Targeted for detection and blocking Extract Extract Not targeted for detection and blocking gip gzip gip gzip gip gzip Files that have been compressed using the zip gzip compression algorithm are automatically extracted and are targeted for detection and blocking Packets which break TCP UDP IP protocol rules or abnormal packets are discarded as a standard function regardless of customer s configuration Examples When the IP header is cut off in the middle Enterprise Cloud Functional Description ver2 36 When the Port number is O zero When the TCP flag combination is abnormal and others If devices making up this feature are replaced due to malfunction etc you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal In addition if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device you cannot check the log or the event reports for the
240. ts for the period during which the switching occurred from the Security Web Portal Application Profiling does not guarantee that the Application Profiling feature has integrity or accuracy or is suitable for your use Furthermore the suitability of the application identification algorithms provided by the developers or distributors of the devices making up the Application Profiling feature is not guaranteed The following information might be provided to the developers or distributors of the devices making up the Application Profiling feature Configuration information obtained from providing application profiling Information relating to Application Profiling processing We cannot guarantee recovery from failures that might occur due to incompatibility between Application Profiling and your environment or failures that occur due to your operations other than those specified by NTT Communications Enterprise Cloud Functional Description ver2 36 7 11 Network Profiling Network Profiling is a service that monitors the communication to the Virtual Machine and from the communication status provides reports that make unknown threats and latent risks visible Network Profiling is used via Service Interconnectivity You need to apply separately for Service Interconnectivity 7 11 1 Available Features You can use the following features with Network Profiling Feature Overview Network Profiling Report A feature
241. ttings Internet GW VPN Connection GW i iy I I ios VPN Transit Internet Transit vFire wall Routing setting for the communication addressed to the server segment Added Server Segment targeted for analysis Routing setting for H Communication the communication route to the from the virtual server segment machine targeted for analysis Virtual Machine a Server segment targeted for analysis Service Interconnectivity GW The communication addressed to Server Segments targeted for analysis is set so that it is routed by vFirewall to the Service Interconnect Gateway used for Application Filtering The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for analysis to the Service Interconnect Gateway used for Application Profiling If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for analysis directly to vFirewall Analysis Capacity The traffic volume that can be analyzed by Application Profiling is shown below Item Performance Remarks Per Maximum service 5 services used Traffic Processing 200 Mbps 1 Gbps The total value of uplink Capacity and downlink amp Enterprise Cloud Functi
242. ture performs routing between each network and Server Segment Static Routing You can also set static routing to the vFirewall For each routing setting the routing conditions that can be set are shown below Network Address Gateway Output Interface If you use Internet Connectivity and VPN Connectivity in combination direct back and forth communication between the Internet and VPN via vFirewall will not be possible gt The routing that uses the same interface for input interface and output interface is not possible 5 7 3 Firewall Feature You can specify the performance provided by vFirewall using the vFirewall resource value The performance of one vFirewall resource is shown below You can change the resource value from the Customer Portal Item Performance Remarks maximum value Traffic Processing 40 Mbps The processing capacity for transferring IP Capacity packets received into vFirewall incoming packets from vLoad Balancer are excluded Number of concurrent 10 000 The number of TCP UDP sessions that can sessions be held simultaneously inside vFirewall Number of filter rule 30 gt settings Enterprise Cloud Functional Description ver2 36 Number of service 5 If there is one vFirewall resource the group settings maximum value is 10 If vFirewall resources have been added the maximum value for Number of Service Groups for the additional vFirewall resource is 5 IP Address Group Set
243. u applied are guaranteed Storage Class Disk Premium High speed Disk performance is provided Enterprise Cloud Functional Description ver2 36 Compute Classes The differences between compute service classes Premium or Standard are shown below Premium Pool CPU Memory 25 burst Best Effort Standard When infrastructure resources are insufficient Contract amount CPU Contract amount 2 GHz Guaranteed amount 1 GHz CPU Provided features decline However they do not decline to 0 Sanda S ES eee eS ae eee eee se eee ae eee eee Memory VM 4 GB Pool CPU Memory Contract amount Best Effort Contract amount 10 GB Disk If the virtual machine VM memory is insufficient due to the state of memory resource usage in the infrastructure the storage swap area is used and the performance declines as a result HA Cluster Feature Compute Resources are comprised of storage devices and HA clusters that have more than one of the following two types of physical servers Regular servers Standby servers spare physical servers used for failure recovery When a failure is detected on a regular server the HA Cluster feature automatically switches to the resources on a standby server automatically recovers w ary a a Virtual Machine Virtual Machine Switches automatically CPU Memory Disk resources resources resources Compute Resources CPU Memory Disk r
244. u can only change the Memory capacity when the Virtual Machine is powered off Please do not change configuration in Partially Powered Off state Understanding resource consumption The capacity totals below are consumed from the Compute Resource Pool Total Memory capacity set for Virtual Machines that are running Memory resources for virtualization overheads For information regarding overheads refer to 3 1 6 Important Points gt P 69 The available Memory capacity varies depending on the following situations There is no guarantee that the maximum Memory capacity will be always available The usage status of Memory resources for which you have applied The load condition of the Guest OS on the Virtual Machine When the Memory resources consumed on each Virtual Machine reach the upper limit of Memory for the Compute Resource Pool Memory in the swap regions of the Disk resources may be activated Enterprise Cloud Functional Description ver2 36 Disk A Disk is a virtual storage device that makes up a Virtual Machine From the Compute Resource Pool you can specify the Disk capacity and assign capacity to a Virtual Machine There are two types of Disks a root Disk and a data Disk Disk Description Root Disk The Disk that stores the Guest OS There is always one root Disk created for one Virtual Machine Data Disk The Disk that stores data You can connect multiple Disks for one Virtual Machine I
245. ual Machine When saved as a template All mounted disk capacity is consumed Not the actual amount of used data Private Catalog Templates Disk resource consumption 1 100 GB 4 Save the server image as a template Create a virtual machine from a template p99ttnneeneneoeneeeeeeeeeneeneeneeneeneeeeeeeeseeeeeeeeneeeeene Casaccsasscncocascoscccasoascocsascanoosossosooosacssoooa The virtual New virtual machine machine set by you Disk capacity System 100 GB Data 1 000 GB w Data Center dj The Private Catalog Disk resources consumed by templates are only the total value of the Disk capacity of the Virtual Machine that created the Virtual Machine image It does not include the Memory capacity 3 3 4 Import Template Feature You can import Virtual Machine images created on a local server to Private Catalog If you upload a Virtual Machine image file from the Customer Portal using a web browser the Virtual Machine image file is converted into a template and saved in the Private Catalog Enterprise Cloud Functional Description ver2 36 To import a Virtual Machine image you will require more available space in the Private Catalog Disk region than the total of the Disk capacity and Memory capacity of the Virtual Machine image that is being imported not the file size of the actual OVA file For the conditions for Virtual Machine images that can be imported refe
246. ual Network Interface for connecting to a Server Segment called the network interface on the Server Segment side below Allocatable IP Addresses Selected from Global IP Addresses that are ordered separately Selected from your VPN IP Address block called IP address block for VPN transit below NTT Communications selects two IP addresses from the IP address block for VPN transit X Two are selected from the available IP addresses in Server Segment X X Because it is configured in an active standby structure an active device uses one IP Address and a standby device uses one IP Address NOTE You can specify the IP address on the Server Segment side network interface only when the Server Segment is created based on the application form If IP addresses have not been specified they will be allocated automatically You cannot change the IP addresses that are allocated to the Server Segment side network interface Enterprise Cloud Functional Description ver2 36 gt If you do not configure Server Segment side network interface the corresponding Server Segments will not be connected with vFirewall If you do not connect the Server Segment to vFirewall NTT Communications cannot perform Ping monitoring on any device connected to that Server Segment 5 7 2 Routing Feature When Internet Connectivity and VPN Connectivity are in use vFirewall will be connected with each network and Server Segment This fea
247. ual network is provided to use for replication between Primary Storage and Secondary Storage It is possible to temporarily increase the transmission speed of the virtual network with bursts according to the traffic volume The transmission speed for bursts differs according to the service plan S M L L Plan 10 Mbps 500 Mbps Enterprise Cloud Functional Description ver2 36 Note that the basic transmission speed and the transmission speed during a burst are both provided on a Best Effort basis The virtual network for replication is a Best Effort type service that changes the transmission speed according to your system environment and line congestion The actual transmission speed varies according to the usage of other customers and infrastructure status The service does not guarantee transmission speed During the period of time that burst is running a burst charge applies It is charged by the minute gt If data replication finishes while burst is running it will be automatically detected within the prescribed amount of time and burst will terminate automatically Timing of Data Replication You can choose from any of the following types of timing for replication from Primary Storage to Secondary Storage and for burst timing Replication Method Timing Repetition schedule A replication schedule is registered and replication is run periodically according to the schedule Reserved schedule A date any 1 date and
248. ucted with redundant equipment Also we provide Global IP Addresses that are required for Internet communication The products provided differ depending on the Data Center For details refer to 1 3 2 Available Data Centers P 21 5 1 1 Available Features The following features are available for Internet Connectivity An Internet GW is provided vFirewall provided by vFirewall and gateway feature that connects to the Internet called Internet GW below 5 1 2 An Internet GW Is Provided The Internet GW is a gateway that connects the vFirewall provided by vFirewall with the Internet You can choose from the following connection plans to match your required transmission speed 10 Mbps Best Effort Transmission speed Provides maximum speed of 10 Mbps 1 Gbps Best Effort Transmission speed Provides maximum speed of 1 Gbps Enterprise Cloud Functional Description ver2 36 Guaranteed Provides guaranteed transmission speed with the specified bandwidth as the upper limit You can specify any of the following bandwidths 1 to 10 Mbps You can specify it in 1 Mbps increments 15 Mbps 20 Mbps 25 Mbps 30 Mbps 40 Mbps 50 Mbps 60 Mbps 70 Mbps 80 Mbps 90 Mbps 100 Mbps 200 Mbps 300 Mbps 500 Mbps 700 Mbps 1 Gbps The Best Effort Type is a best effort type service that changes the transmission speed according to your system environment and line congestion The actual transmission speed varies accor
249. unication such as website downloads and detecting and blocking viruses Provides a feature for controlling access to websites warning blocking Provides a feature for blocking communication with specific applications Provides a feature for blocking unauthorized access and cyber attacks on web applications Provides a feature for detecting and destroying viruses on a Virtual Machine Provides a feature for blocking attacks aimed at vulnerable OSs middleware and applications on a Virtual Machine Provides a feature for controlling communication between Virtual Machines Provides monitoring of application communication and advisory reports from a security profiler Provides monitoring of unauthorized access and viruses and advisory reports from a security analyst Provides a feature for analyzing files downloaded from websites and detecting and P 192 gt P 196 P 200 gt P 204 gt P 208 gt P 212 P 216 gt P 222 P 226 gt P 230 gt P 233 gt P 236 reporting unknown malware RTMD Email Provides a feature for analyzing gt P 238 files attached to emails and detecting and reporting unknown malware Packa Unauthorized Consists of IPS IDS and ged Access Prevention Web Anti Virus Features Menu comply with those of the original menus Web Browsing Consists of Web Anti Virus Security and URL Filtering Features comply with thos
250. viruses are detected Note that the processing might differ depending on the Virtual Machine OS Item Delete Clean Pass Deny access Quarantine Primary Process Details For Windows For Linux The same The files that are process as infected by Quarantine is viruses are performed deleted The viruses are removed from the files that are infected with viruses and they return to the pre contamination state It is registered in the detection log It does not take any action against the infected files Real Time Scan is not supported Access denial cannot be used During real time scanning if some sort of file access such as file write or read is in a file infected with viruses it is immediately blocked The backup data of the file that is infected with viruses is transferred to an isolation folder on the Virtual Machine and the original file is deleted Secondary Process Details Process when the primary process failed The same process as Quarantine is performed The same process as Quarantine is performed The secondary process is not performed The secondary process is not performed The secondary process is not performed Notification by email etc Notification is made when the secondary process fails Notification is made when the secondary process fails Notification is made when viruses are detected Notification is made when viruses
251. wall WAF is set so that it is routed by vFirewall to the Service Interconnect Gateway used by Web Application Firewall WAF The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for detection to the Service Interconnect Gateway used for Web Application Firewall WAF If you perform Ping monitoring on the Virtual Machine you will require an additional Server Segment for direct connection between vFirewall and the Virtual Machine Please do not connect the Server Segments targeted for detection directly to vFirewall Enterprise Cloud Functional Description ver2 36 Analysis Capacity The traffic volume that can be analyzed by Web Application Firewall WAF is shown below Item Performance Remarks maximum value Traffic Processing Capacity 1 Gbps The total value of uplink and downlink RPS Request Per Sec 75 000 rps CPS Connection Per Sec 10 000 cps Active Standby Structure The Web Application Firewall WAF is configured in an active standby structure Ifa failure occurs in the active device the switchover from the active device to the standby device will be performed automatically Staging Staging is a process that increases the accuracy of detection and blocking of attack traffic When you apply for Web Application Firewall WAF you can choose whether to implement staging We recommend implementing it in order to reduce the
252. will be notified through one of the following methods The notification methods are different for each service L1 Notified by telephone and email and displayed in the Customer Portal 24 hours 365 days L3 Notified by email and displayed in the Customer Portal 24 hours 365 days NTT Communications will determine whether to contact you when performance declines 8 3 1 Items Monitored Remotely and Procedures for Notifying Users Monitoring targets and customer notification methods differ for each service Service Compute Resource vFirewall vLoad Balancer Service Interconnectivity VPN Connectivity Internet Connectivity Colocation Interconnectivity On Premises Interconnectivity Global File Storage Global Data Backup Monitoring Procedure Ping Ping Ping Ping Ping Ping Link UP Down Ping Ping and SNMP Trap Interval Seconds 60 60 60 60 60 60 Always 60 60 Monitoring Target Primary vNIC for Virtual Machines Server Segment side Network Interface IP address for the Server Segment connection Server Segment side Network Interface Network interface on the VPN Transit side Network interface on the Internet Transit side Network interface for colocation interconnectivity on NTT Communications equipment Network interface for internet at the on premises connectivity gateway in Data Centers and the on premis
253. wing documents All services Commencement information Enterprise Cloud Functional Description ver2 36 8 2 Customer Support 8 2 1 Support Center Technical Help Desk If you think there has been a failure or you do not understand how to configure the system contact the following center that is appropriate for your situation Technical inquiries Technical Help Desk Please refer to the commencement information for contact details To use the Support Center or Technical Help Desk you will need your customer number that is provided when you start the service The scope of support is limited to inquiries relating to the contracted service Ticket function Ticket can be send by Customer Portal But ticket function cannot be used when there is no contract of Data Center within the region to which Customer s country belongs For example contract in Japan using only Singapore Serangoon Data Center Yokohama No 1 Data Center Japan Kansail Data Center Japan Saitama No 1 Data Center Australia Australia Sydney1 Data Center The priority of the tickets will be judged according to its content Due to this the response to the tickets may not be in order when there are several tickets opened Enterprise Cloud Functional Description ver2 36 Incident Management The following matters are treated as incidents All incidents are managed using a ticket system and are assigned a ticket number in the Customer Porta
Download Pdf Manuals
Related Search