INTRODUCTION - Cisco Contracts for Public Sector

White Paper
Are Inflexible Contracts Locking you into Outdated Technologies?
In today’s public sector world, the procurement of cutting edge IT can be much more difficult than it needs to be.
Technology is changing fast and even outpacing the time allowed for procurement. The result? Obsolete contracts
locking you into outdated technologies and with them, a host of lost opportunities for you, your team and those you
serve. This is especially true with cloud computing. As emerging technologies, the cloud and related cloud services
were often dismissed, or their wide ranging impacts not anticipated in the procurement process. So too were their
benefits; from the security advantages of off-site storage and reduced maintenance costs, to the bottom line impacts
of increased efficiency and added resilience.
Today, unfortunately, your public sector organization may not be able to enjoy the benefits of cloud computing
because you are hindered by inflexible contracts. As a result you might be spending time and money developing
supplemental Requests for Proposals (RFPs) or Requests for Information (RFIs), or even re-issuing or withdrawing
RFPs. Or perhaps you are interested in adding new innovations as your project is being built but contract limitations
are preventing it. For public sector this inflexibility can result in project delays, cost impacts and the perception of
inefficiency by team members and citizens.
Are you Searching for Strategies that Increase Contract Flexibility?
The rapidly changing face of technology can make your procurement efforts more difficult. So it is necessary to
develop strategies that will make your contracts more adaptive to future innovations. Through this White Paper,
public sector CIOs and procurement officers can gain a better understanding of how to develop strategies for flexible
RFPs for Cloud Services. This paper discusses:
How public sector should define cloud
How the cloud may impact you and your public sector organization
Characteristics of and working models for cloud computing in the public sector
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 18
Examples of successfully implemented public sector cloud strategies
Steps you can take to increase and maximize the flexibility of your cloud contracts to ensure continued
access to innovative cloud technologies
Terms and conditions for cloud contracts that work to your advantage.
How Should Public Sector Define Cloud?
As with many technologies, a firm definition for
cloud can be elusive, especially when the
technology itself is an evolving one. Many
accept the definition devised by the National
Institute of Standards and Technology (NIST) in
2011. It concludes that “cloud computing is a
model for enabling ubiquitous, convenient ondemand network access to a shared pool of
configurable computing resources (e.g.,
networks, servers, storage, applications and
services) that can be rapidly provisioned and
released with minimal management effort or
service provider interaction.” The NIST also defines five “essential characteristics” of the cloud. These are ondemand self-service, broad network access, resource pooling, rapid elasticity and measured service. However, a
broader, more adaptable definition of cloud computing is needed for the public sector.
The definition of cloud for public sector should also include “Anything as a Service” (XaaS) offerings. XaaS is
experiencing tremendous growth and spanning key services such as Voice as a Service (VaaS), Collaboration as a
Service (CaaS), Managed Security as a Service (MSaaS), Disaster Recovery as a Service (DRaaS) and more. In
general, XaaS computing services allow the customer simple, recurring usage-based pricing. It is based on a flexible
consumption model where the service provider offers and operates the services and charges for each, based on
consumption. This can include services for collaboration, video conferencing and voice. At the end of the day,
broadening the definition of cloud to include XaaS will ensure public sector organizations continue to benefit from
innovative technologies as they emerge.
How Cloud Impacts You
Cloud computing marks a major shift in how technology will impact your organization. By changing the very
foundation of information/ services delivery, use and storage the cloud is impacting almost every aspect of how we
work. For public sector, this has had obvious and measurable benefits, including:
Increased agility
Faster development times for projects
Improved scalability – both up and down
Easier and more efficient deployment
Operating expenses vs. capital expenditure
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 18
Is the Cloud Secure?
Data breaches have become all too common today. As organizations move to the cloud, security is a major concern.
What many organizations do not realize is that data security is just as vulnerable, or more, in their own data center
as it is in the public cloud. To protect sensitive data and customers, organizations must be diligent in ensuring onpremise and off-premise technology solutions are fully protected. So when choosing a cloud platform, public sector
organizations need to consider security as a critical component.
To ensure the maximum security of your cloud, it should include the use of certified architecture which is validated
and tested. In addition, your cloud architecture should be built with network features that allow appropriate critical
data from the network to be used for advanced threat analytics. If possible, it should also allow a Security Operations
team to have full visibility of and data on real-time network events.
Example: Cloud Impacts in the Real World
As one of the top 20 wired cities in America, the city of Charlotte,
North Carolina is a good example of how the cloud can impact the
public sector. Like most large cities, Charlotte must operate and
maintain multiple contact centers, including a 3-1-1 center,
transportation and road conditions hotline, crime reporting service,
and a utility bill payment center – staffed by over 200 agents.
Combined, they receive over 140,000 calls a month.
By 2011 the voice system for the contract centers was nearing the
end of its life. The city was then selected to host the 2012 Democratic
National Convention, an event the current system could not handle.
Charlotte had only 18 months to prepare for 50,000 delegates, press
and visitors (in addition to their rapidly growing existing call volume). After researching their options, they decided to
implement a new system based on the cloud.
The city decided to use a hosted voice and contact center solution based in the cloud instead of an on-premises
system for several key reasons. Hosting and maintaining their own contact center platform would require hiring and
providing ongoing training for multiple people with different skill sets. This would be expensive and take time that
they did not have. However, using a cloud provider gave them immediate access to trained professionals with the
knowledge and experience they needed to meet their needs on time and within their budget.
After asking industry analysts for their recommendations, the city of Charlotte decided they should get their cloud
services from a certified cloud provider. The city already had a trusted relationship with one - NWN. Their certification
required NWN to undergo a rigorous testing process, including third-party audit of its cloud services. Certification is
just one way in which you can ensure you receive the best service, security and 24-hour customer support for your
cloud solution. As a result, today the city of Charlotte’s contact center platform includes multiple elements in different
locations, all working smoothly together:
200 contact center agents connected to a hosted service in NWN’s data center
A contact center platform integrated with applications that are hosted both on-premises and in public
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 18
clouds, including call accounting software and call recording and screen capture software
Approximately 100 other city employees receiving voice services through NWN’s NCloud Hosted
Collaboration service
Plans to connect other personnel to the hosted cloud solution as existing Centrex service contracts expire
A completely integrated experience for people who call the contact centers
Software recordings of every call, including agent’s typed entries, which can be used for training and
complaint resolution.
The Intercloud: A “Cloud of Clouds”
Empowering Full Interoperability
A prime consideration for public sector is the real need for full
interoperability. Too often, cloud computing strategies are developed
which gloss over or ignore the full impacts of this critical issue. When
developing an approach, your organization should fully explore options
that address interoperability. A solution that does so is the Intercloud, an approach created by Cisco.
The Intercloud is Cisco’s “cloud of clouds” that includes its own data centers and those of its partners. It is built on
secure certified architectures validated by Cisco. By connecting clouds you can gain greater flexibility in workload
portability plus the ability to handle any workload on any hypervisor – while working with any public or private cloud.
As part of a city-wide solution, this can empower you to manage LED street lighting and other power consumption
plus enable safety and security solutions, Wi-Fi anywhere at any time and even real-time parking and traffic analysis.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 18
Example: Enabling Interoperability in the Real World
Connecting clouds is providing public sector organizations the
opportunity to significantly increase collaboration. It is letting cities
like Charlotte now experience full interoperability in a way that
lets their IT staff focus on core activities instead of redundant
maintenance tasks. By using an open and integrated cloud
solution, Charlotte can now easily interact with other vendor
systems hosted at any location. By procuring cloud services from
a certified cloud provider, the city increases its options and enjoys a vast selection of features to choose from. This
empowers the city with constantly updated servers hosting the latest features, improved workload portability and full
interoperability. Plus, by running their connected clouds on certified architectures, the city of Charlotte benefits from
a secure and reliable solution.
Charlotte’s cloud solution is also continuing to lower costs long after the convention, with the city currently
experiencing savings of over $100,000 a year. Their cloud also lends itself naturally to video collaboration which
saves the city significant money that was once spent on travel to meetings and training sessions. Thanks to the
innovations inherent in using a cloud of clouds approach, the city of Charlotte can now focus on delivering better
services to their citizens instead of being providers of telecommunications services. Due to this success, the city has
now decided to transition other systems to the solution. As old service and maintenance contracts expire, the ability
of their cloud solution and certified cloud provider to easily expand will enable Charlotte to replace outdated
technologies with innovative ones; improving services and lowering costs even more.
Developing your Cloud Contract Approach
Cloud Procurement: Best Practices
Your cloud solution will connect with the world, so it needs to
integrate and interact smoothly across a wide range of network
components, applications and services that make up today’s public
sector organizations. Plus, you will need the freedom to incorporate
any future innovations. That’s why successful cloud strategies must
be committed to an open, interoperable and standards-based
approach. A critical part of achieving this is using Open Standards.
This enables a true partner ecosystem made up of secure and
interoperable cloud providers. By procuring services based on Open
Standards, your organization can simplify provisioning and extend
your IT resources and applications. Specifying open solutions where possible will help make sure your cloud strategy
works smoothly for years to come.
Include a Master Contract
It is important that your cloud contract be well developed and flexible. It should provide you with the freedom to
explore innovations as they develop. A master contract can help ensure this capability. A master contract contains
mandatory base terms that are flexible enough to be applied to the end user requirement and offering. This can
reduce unforeseen risks and result in significant benefits later. Using a master contract will make sure your
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 18
organization only selects cloud providers that meet its main requirements. Yet it will allow terms to adjust to the
offering and end user agency as needed, to cover future innovation in cloud. To provide your organization the
greatest flexibility, consider creating a master contract with terms requiring:
Certified Original Equipment Manufacturer (OEM) architecture
Portability and preservation (data and virtual machines)
Workload portability (to and from service provider clouds for physical and virtual workloads)
Cloud provider interoperability
Any-to-any hypervisor
Highly secure, scalable connectivity (to extend private cloud to service provider clouds)
Single Point of Management and Control (for physical / virtual workloads across public / private clouds)
Choice of cloud providers
Secure Layer 2 network extension (from private data centers to provider cloud)
A secure tunnel to connect all of the cloud virtual machines
Monitoring and reporting of statistics of virtual machines in the cloud
Collection of secure overlay related statistics
Once the general terms are developed in the master contract, additional terms applicable to the specific cloud
offering (IaaS, SaaS, XaaS), along with the technical and security requirements applicable to the end user
requirements, will be put into the Request for Quote (RFQ) and Scope of Work (SOW) with the applicable contract
terms. This model of a master contract with RFQ/SOW for custom terms allows for a flexible, scalable and
customizable approach to developing an optimal contract for cloud services in general. By including these terms in
the contract, your organization can minimize risk and vendor lock-in.
Include Flexible Terms for Cloud Services
An advantage can also be gained by including a flexible term approach to the different types of cloud services
required by the end user agency. This term approach should extend to the type of data to be stored off-site. This can
be done by having any service contract include applicable technical terms associated with the cloud offering and the
data stored off-site. The terms should be developed by the end user agency. This will allow your organization to
modify terms, per the service, while still providing the ability to acquire future cloud offerings that may need new,
unknown terms.
A cloud strategy should also address moving workloads efficiently from IT environments to the public cloud, and
back again. Workload migration will have the greatest moment-by-moment impact on your cloud’s efficiency. So your
solution will require an ability to support multiple hypervisors, infrastructure management platforms and cloud
providers effectively. And as cloud evolves, natural connections to multiple clouds and cloud service providers will
develop. Your strategy should be prepared for this evolution and able to maintain its performance level.
Keep your Cloud Model Open to Innovation
A cloud solution should also leave open the option of multiple approaches. This gives you the greatest freedom of
choice and flexibility as your cloud solution evolves. For example, in addition to the five essential characteristics
listed earlier, the NIST has defined two elements that make up the typical cloud model. They are:
Traditional Cloud Service Models
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 18
Deployment Models
However, the NIST definition of Traditional Cloud Service Models does not consider evolving technologies. This
will eventually limit choice and flexibility. So an additional element should be added to the two:
Emerging Cloud Services, specifically Anything as a Service (XaaS).
Traditional Cloud Service Models
Software as a Service (SaaS) - Allows you to use applications made available from the
provider and running on a cloud infrastructure. SaaS provides easy access via various client
devices through a thin client interface such as a web browser (e.g., web-based email). The
consumer does not manage or control the underlying cloud infrastructure including network,
servers, operating systems, storage or even individual application capabilities (with the
possible exception of limited user-specific application configuration settings).
Platform as a Service (PaaS) – Lets you deploy consumer-created or acquired applications
onto the cloud infrastructure using programming languages and tools supported by the
provider. This capability does not necessarily preclude the use of compatible programming
languages, libraries, services and tools from other sources including third-party components.
The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems or storage, but has control over the deployed
applications and possibly application hosting environment configurations.
Infrastructure as a Service (IaaS) - Allows provision processing, storage, networks and other
fundamental computing resources where the consumer is able to deploy and run arbitrary
software (including operating systems and applications). The consumer does not manage or
control the underlying cloud infrastructure, but has control over operating systems; storage,
deployed applications and possibly limited control of select networking components (e.g., host
Emerging Cloud
Anything as a Service (XaaS) - Computing services that are delivered to the customer using a recurring, usagebased pricing model. Often termed utility pricing. It is a type of Flexible Consumption Model where the service
provider owns and manages the assets, provides and operates services, and charges based on consumption. This
can include services for collaboration, video conferencing and voice.
Deployment Models
The NIST suggest four deployment models for Cloud Computing: Private, Public, Community and Hybrid.
However, the cloud is already evolving and so it should also include Managed Clouds.
Private cloud - The cloud infrastructure is provisioned for exclusive use by a single organization comprising
multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third
party or some combination of them. And it may exist on or off premises.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 18
Public cloud - The cloud infrastructure is provisioned for open use by the general public. It may be owned,
managed, and operated by a business, academic, government organization or some combination of them. It exists
on the premises of the cloud provider.
Community cloud - The cloud infrastructure is provisioned for exclusive use by a specific community of consumers
from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance
considerations). It may be owned, managed, and operated by one or more of the organizations in the community,
a third party, or some combination of them, and it may exist on or off premises.
Hybrid cloud - The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private,
community or public) that remain unique entities but are bound together by standardized or proprietary technology
that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Managed Cloud – The cloud infrastructure is managed by a cloud provider. The provider’s engineers manage the
customers’ computing, storage, networks and operating systems. They also manage the complex tools and
application stacks that run on top of that infrastructure. Managed cloud allows each customer to choose which IT
functions it wishes to manage in-house, while leaving all the rest to its service provider.
Consider the Value of Cloud Brokers
Managing your cloud solution can be time-consuming and costly. Keeping them collectively maintained and
operational requires tremendous skill and resources. This is made more difficult in the public sector by increasingly
restrictive IT budgets that are unable to keep up with the demands of acquiring new technologies. However, by
utilizing the cloud of clouds approach and a cloud service provider your organization can overcome these barriers
and enjoy a cloud solution that is secure, scalable, high performance and interoperable. It also enables your IT
team to retain control of IT service delivery and management, if desired. This empowers your IT team to become
the cloud service broker for its customers without surrendering control to a third-party cloud provider.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 18
Figure 1. NIST Typical Role of Cloud Broker
A certified cloud broker can help you set baseline requirements and can ensure that the cloud provider selected
can meet your needs before you commit. This saves you time and frustration. In addition, using a certified cloud
broker mitigates shadow computing that is so common today and can reduce risk associated with services that
have not been inspected yet for compliance. Figure 1 above illustrates the typical role of a cloud broker model in
the National Institute of Standards and Technology (NIST) Cloud Reference Architecture. Becoming the cloud
broker removes a lot of the stress inherent in the service delivery process, especially when working with multiple
cloud service providers. But most importantly, becoming the cloud broker makes your daily life a lot easier by
reducing or removing the complexity of managing your cloud solution.
What Does Public Sector Need from Cloud?
In general, your public sector team should seek to fulfill three core
needs as it develops its cloud services strategy:
Virtual computing – Your cloud solution will need to be scalable, able
to access virtualized computer processors, provide memory resources
and instances, include local area network (LAN) and VM management
plus other resource provisioning. Your virtual computing provider should have built-in flexibility regarding on-the-fly
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 18
capacity changes, hosting options and data centers. They should also allow you administrative control and an
extensive, yet solid, network.
Virtual storage – Your cloud solution will also need comprehensive, scalable and secure storage for your missioncritical applications. This should include the ability to scale storage service on an as-needed basis. It should have ondemand, fast, and reliable block storage. Your virtual storage provider should provide easy and automatic
provisioning and management from a web-based portal as well.
Virtual networking – Your cloud solution must be based on proven technologies and product lines, featuring
OpenStack capabilities. It needs to provide your team the ability to create and manage private networks, support of
advanced network service and provision load-balancing.
Your team’s cloud services strategy should also focus on solutions that have these five basic personality traits:
interoperability, easy workload migration, secure data, scalability and that are diverse enough to enable cloud
brokering if needed.
Types of Cloud Services Needed by Public Sector
For your convenience, a list of primary cloud services often used by public sector is provided below. As mentioned
earlier, you should also consider two additional services when developing your cloud strategy: Anything as a
Service (XaaS) and Cloud Brokering. XaaS and Cloud Brokering are often overlooked or under anticipated.
However, they offer public sector the greatest long-term opportunity.
The primary cloud services highly valued by public sector consist of two categories: Cloud services and Managed
Services. They include:
Cloud Services:
Collaboration Cloud Services
Unified Communications as a Service (based on hosted collaboration services (HCS))
Contact Center as a Service (based on HCS)
Video and TelePresence as a Service
Infrastructure Cloud Services
Managed Services:
Infrastructure as a Service
Software as a Service
Desktop as a Service
Disaster Recovery as a Service.
Managed Services for Collaboration
Managed Business Communications Services
Managed Unified Contact Center Services
Managed Business Video Services
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 18
Managed Services for Connectivity
Managed Business Communications Services
Managed Internet Protocol Trunking Services
Managed Metro Ethernet Services
Managed Multiprotocol Label Switching (MPLS) and Virtual Private Network (VPN)
Managed Wi-Fi
Data Services over Satellite
Managed Load Balancing
Managed Services for Data Center
Managed Application Performance Management Services
Managed Security
Managed Firewall Services
Managed Intrusion Prevention and Detection Services
Managed Secure MPLS Services
Advanced Threat Analytics.
The Need for a Certified Cloud Service Provider and Solution
Unfortunately, not all cloud providers and managed services are the same. There can be tremendous variations from
one company to another. To make the best decision for your team, the provider you select should meet these three
key benchmarks:
Use of third-party audits to guarantee enterprise-class performance
Use only validated architectures and open standards
Meet strict industry requirements for hardware, software and processes (including SSAE 16, ISO 27001,
This can be done by selecting a provider that is certified. Certified cloud service providers are more than cloud
providers: at Cisco they’re rigorously tested and certified, their capabilities are audited continuously and their
scalability independently validated. This lets your organization directly benefit from integrated end-to-end security,
validated architectures and high-level service-level agreements (SLAs) featuring 24-hour support, year round.
Certified cloud solutions are also important. They are unique in that they are architected with no single point of
failure. This enables a stringent SLA plus superior performance and reliability. Certified cloud platforms are also
designed so that every layer of the stack can handle high availability from the network through compute all the way
down to storage. At Cisco this includes the unified computing system (UCS) solution which can be upgraded without
service interruption and that features flexible virtualized hardware and redundancy. This allows certified cloud
partners to provide and maintain high level SLA’s and performance while reducing your total cost of ownership.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 18
List of Cloud Service Providers for the Public Sector
For your convenience, a list of public sector cloud providers that meet these three key benchmarks is provided
below. If you have any questions about how to select the best provider for your organization, please reach out to us
at [email protected] and we will be glad to answer them for you.
Contact Information and Services Provided
jack Nichols
Phone: 202.494.0029
Email: [email protected]
HCS, Infrastructure-as-a-Service (IaaS), Hosted Collaboration Solution for Contact
Center (HCS for CC), Unified Thread (UTM), Unified Contact Center, Business
Communication, Application Performance Management (APM)
Di Data
NTT America
Scott Cruikshank
Phone: 919.791.1058
Email: [email protected]
Cloud and Managed Services
Melanie Sunahara
Phone: 312.953.3473
Email: [email protected]
Tony Connor
Phone: 703.773.6331
Email: [email protected]
Infrastructure-as-a-Service (IaaS)
NWN Corp.
Chris Ludwig
Phone: 919.653.4409
Email: [email protected]
Hosted Collaboration Solution (HCS), Cloud Services
Peak 10
Reggie Harris
Phone: 513.645.2912
Email: [email protected]
Adam Burke
Phone: 916.609.8049
Email: [email protected]
Infrastructure-as-a-Service (IaaS)
Rachel Jenkins
Phone: 630.769.4347
Email: [email protected]
Data Center Interconnect, Unified Contact Center, Infrastructure-as-a-Service
(IaaS), Application Performance Management (APM)
Monica Seemiller
Phone: 412.370.2093
Email: [email protected]
Infrastructure-as-a-Service (IaaS), DR aaS
Windstream Hosted Solutions
Jaclyn Mispagel
Phone: 501.748.7085
Email: [email protected]
Infrastructure-as-a-Service (IaaS), Cloud Services
Duane Flowers
Phone: 240.252.1018
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Email: [email protected]
Page 12 of 18
Two Steps to Increased Flexibility
Making sure your contract gives you the most flexibility can prove
beneficial to your organization in the long term. There are two
techniques that will allow you to enjoy this flexibility and future cloud
innovation. These are:
Writing requests for solutions or architectures that meet a specific business need, instead of products
Requesting suppliers submit specifications for all elements needed to meet the business need.
Public sector organizations should also solicit feedback through a Request for Information (RFI) or draft request for
proposal (RFP) then adjust accordingly before release of the final RFP. If possible, you should also restrict cloud
procurement to OEM based cloud environments to ensure secure, scalable, flexible and interoperable cloud
infrastructures that have the full support and breadth of leading technology suppliers.
Example: Requests for Solutions - Instead of Products
The cloud can encompass every type of technology your organization uses on a day-to-day basis (such as
monitors, servers, routers, cables, etc.) but by requesting the supplier provide a workable solution that fits your end
goal, instead of just products, you give them more flexibility. This can mean added savings, better performance and
expanded opportunities for innovation. Your requests for solutions, instead of products, should be short and
concise. Clearly state the type of service and end with a specific goal or set of goals:
Video or web-conferencing solutions to provide distance learning
Unified communications to reduce telephone line costs and leverage the data network infrastructure
Data center consolidation and virtualization solutions to reduce data center space, power and cooling
requirements and increase business agility
Interoperable communications solutions that enable public safety employees to talk directly using any type
of radio or phone and to increase situational awareness by sharing video, building floor plans, etc.
Mobility solutions that enable eligibility-determination for workers, inspectors, home-health nurses and
other field personnel to retrieve and input case information from the field, lowering travel time and costs
Video-based arraignment solutions to avoid the time, costs, and public safety risks of transporting
prisoners to the courtroom
Video interpretation solutions to avoid skyrocketing costs and judicial delays while overburdened contract
interpreters travel between courtrooms.
Example: Requests for Specifications - to Meet the Need
Once you have established a need and end-goals via the requests for solutions, you can gain greater contract
flexibility by adding requests for specifications. These should ask the supplier to provide all available information on
any elements they feel necessary to fulfill their cloud solution. This may include the following, depending on your
project scope:
Content security
Servers and storage area networking
SaaS, IaaS, XaaS, etc.
Unified computing
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 18
Application switching
Virtual desktop
Maintenance services, installation and configuration services, professional services and training
Physical security
Logical security
Smart hands/remote hands support
Colocation space
Power and cooling requirements
Data security and management
Specific computing requirements by year (processing, RAM, network)
Backup and recovery requirements
Facility access requirements
Help desk and technical support
Self-service portal
Monitoring and reporting.
Additional Strategies for Contract Flexibility
By adding flexibility to your contracts, you can increase opportunities
to take advantage of innovations in cloud technology as they become
available. Additional strategies that can maximize this flexibility further
include adding language that:
Allows manufacturers to provide all products and services in their price book that meet RFP scope
Stipulates that solutions interoperate with existing equipment and other IP standards–based solutions
Includes any new IT products, services or solutions that are within the RFP scope - but not stipulated in the
contract – thus giving contracting officers the chance to add them, at their discretion
Allows vendors to include third-party products or services as part of their overall solution, avoiding multiple
contracts for a single business solution
Provides anticipatory provisions allowing manufacturers to request the addition of new technologies to their
awarded contract offerings, whether developed in-house or obtained via product or company acquisitions
Makes statewide contracts from the RFP available to all governmental entities within each state, subject to
applicable laws, including but not limited to state offices, agencies, departments, boards, bureaus,
commissioners, institutions, colleges and universities (FYI – be sure to open statewide contracts to other
state authorities, local governments, municipalities, cities, townships, counties, K-12 school districts and
political subdivisions as well).
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 18
You can also help yourself by helping the cloud supplier. Your contract should take into account their needs as well. It
may sound counter-productive but it does work. By looking at things from their point-of-view, you can gain an
advantage by giving them the “opportunity” to offer you better pricing. For example, in most cases any non-standard
terms or conditions will increase the manufacturer’s costs. This would naturally reduce any savings he could pass on to
you. To help them help you, consider specifying the following terms and conditions in your cloud contract:
OEM as Prime/Contractor Holder with Resellers as Subcontractors - Allow manufacturers to use certified
resellers as fulfillment agents and cloud (managed) service providers. This benefits public sector customers by
providing a local source of support and expertise. It also supports state interests in encouraging local hiring
and other economic development activity.
Limitation of Liability - Avoid contracts requiring unlimited liability. In addition, cloud services providers are
reluctant to agree to any liability for indirect, special, consequential, exemplary, punitive or special damages or
loss of profits.
Capital Lease Financing - To avoid the need for up-front capital outlay, public sector contracts should allow for
manufacturers to offer capital financing arrangements under their awarded contracts. This can help mitigate
any upfront non-recurring charges for private cloud implementations, if applicable.
Payment Terms - The standard commercial payment term is net 30 days. Since many OEMs use resellers
under their prime contracts as subcontractors, any payment term that exceeds 30 days will impose a financial
hardship on these resellers, many of whom are small or medium-sized businesses. Since many of the cloud
services offerings are like subscription-based services, payment in advance, for example, for a 1-year
managed services contract term is reasonable. In addition, such payment structure also minimizes any nonappropriation issues that some customers may have for such procurements.
Service Level Agreements (SLAs) – From a practical perspective, instead of negotiating and incorporating
SLAs at the master/prime contract level, allow the individual authorized buyers to negotiate the SLAs with the
OEM and/or its authorized partners/cloud managed services providers on a case-by-case basis at the
transactional level. Cloud services offerings can vary greatly depending on the type of cloud services procured
and equally important, based on the scope of the customer’s business needs and technical requirements.
Therefore, it would be challenging to have a “one size fits all” set of SLAs pre-negotiated in the master/prime
contract. Additionally, SLAs are more appropriate as part of the Statement of Work that the OEM and/or its
authorized cloud managed services provider will need to execute with the buying entity.
Manufacturer certified and supported – To help ensure security and interoperability as well as for increased
performance, include OEM certifications such as Cisco-powered certified architecture, Cisco Managed
Serviced Provider (CMSP), certified cloud solutions and Intercloud Fabric Authorized Technology Partner.
Cloud Interoperability – To help mitigate vendor lock-in and provide architecture flexibility and increased
security and performance, add a requirement for cloud interoperability. This includes the ability to move virtual
machines (VM’s) between other Cisco Intercloud partners with a single point of management and control for
physical and virtual workloads across public and private clouds. This requirement also requires that the
connectivity between the private and service provider clouds is highly secure and scalable, providing a secure
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 18
Layer 2 network extension from the private Data Center to the provider cloud. All with the ability to utilize any
to any hypervisor in your multi-cloud environment that you just enabled.
Annual Third-Party Audit of Data Center – It is best practice to require an annual Statement on Standards for
Attestation Engagements (SSAE) No. 16 report from the contracting services provider. SSAE 16 is the
replacement of SAS 70. The SSAE 16 is a standard in the reporting and controls of a services provider to an
auditor. User organizations (customers) receive valuable information regarding the service organization’s
controls and the effectiveness of those controls.
Support – OEM certified architectures generally provide additional support vs. white-label offerings. By
identifying an OEM certified architecture, such as those identified from Cisco, customers will receive benefits
such as 24X7 manufacturer technical support services as well.
Security Controls & Requirements - Similar to the SLAs above, instead of negotiating and incorporating
security controls, standards and requirements at the master/prime contract level allow the individual authorized
buyers to negotiate those requirements and terms with the OEM and/or its authorized partners/cloud managed
services providers on a case-by-case basis at the transactional level. Cloud services offerings can vary greatly
depending on the type of cloud services procured and not all cloud services would require or necessitate
certain security controls (such as FEDRAMP or FISMA). Each End User Agency shall set the appropriate
security control set based on the data classification level of the associated End User data.
Standard Software License - To offer non-standard software license terms, OEMs would need to incur the
costs to set up separate internal systems, tools, and resources.
Consequential, Incidental, Indirect, Special or Punitive Exclusion - It is standard in the IT industry to exclude
consequential, incidental, indirect, special or punitive damages in a contract. The potential risk exposure could
exceed the contract value and even insurance coverage limits.
Liquidated Damages - Standard terms in the IT industry do not encompass liquidated damages, which are not
contemplated under the standard-terms-and-discount structure.
Rights and Remedies of State for Default - It is standard for global OEMs to provide customers with remedies
for default. However, it is unreasonable to ask OEMs to assume additional liability on “any loss or damage”
incurred by a customer because such damage is equivalent to consequential, incidental, indirect or special
General Indemnity - The scope of the indemnity should be reasonably limited to the OEM’s and/or its
authorized partners’ products and services supplied under the prime contracts. The extent of the
indemnification obligations should be apportioned relative to fault.
Patent, Copyright and Trade Secret Indemnity - It is common for technology vendors to require certain
exceptions or exclusions to their IP indemnification obligations. For example, an OEM would not be
responsible for indemnifying if its product was modified by a third party or by the OEM itself, or in accordance
with the buyer’s specifications or instructions. Because OEMs face damages that could exceed the contract
value, it is reasonable for OEMs to require limitations of liability with respect to the scope of its IP defense and
indemnification obligations. Equally important, OEMs, as the IP owners of their product offerings, should be
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 18
able to control the defense of any indemnity claim, including settlement negotiations.
Rights in Work Product(s) - Such rights generally are only appropriate if the customer is hiring an IT vendor or
OEM to create, develop, and/or build hardware and/or software that is new, original or unique. Although OEMs
and/or its authorized partners may provide some customization to product offerings based on the buyer’s
technical requirements, such customization is typically limited in nature and does not justify providing buyer
with rights into the developed work products.
Right to Copy or Modify - Granting customers the right to copy or modify under an Indefinite Delivery, Indefinite
Quantity (IDIQ) contract undermines the technology company’s intellectual property rights and control of its
assets. The exception is a formal licensing arrangement that includes royalties or licensing fees.
Stop Work Order - These provisions result in significant revenue recognition issues under accounting rules for
publicly traded corporations.
Confidentiality Provisions - Technology companies understand the importance of keeping their customer’s
information confidential and often agree to reasonable confidentiality provisions. Technology vendors expect
that the confidentiality provisions are reciprocal given that they are routinely asked to share proprietary
information regarding their product and services offerings in response to RFPs, RFQs and other project
Contract Term - The supplier community supports the existing practice of most customers in issuing multiyear,
prime contracts or IDIQs with automatic 1 or 2 year renewals or simple extensions. Given the time and
resources that both the customer and awarded vendor invest to operationalize new agreements, it is mutually
beneficial for all parties involved to have a reasonable multi-year contract term.
Early Termination for Convenience Charges – Unlike typical purchases for IT products and services, cloud
managed service providers must make some capital investments with each customer engagement. If a
customer terminates a cloud managed services agreement for convenience before the end of a contract term,
the customer should pay reasonable early termination fees so that the provider can be compensated for any
initial set-up costs.
Providing your team and the citizens they serve with the latest innovative technologies can be frustrating and
expensive. However, your organization can overcome these and other barriers to innovation by developing a
strategy that provides a flexible approach to your cloud contracts by:
Utilizing cloud procurement best practices
Using a master contract
Developing a strategic approach to the scope of the contract
Including specific strategic language
Providing focused terms and conditions.
By maximizing your future options you can deliver increased efficiency, reduced costs and improved services for
your public sector organization.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 18
To learn more about maximizing the benefits of cloud contracts, how to select a cloud services provider or for answers to
your cloud questions, please email us at [email protected]
To learn more about the cloud in the public sector and how to work efficiently with equipment manufacturers, contact
your Cisco account manager or visit:
To learn more about how to select the right cloud service provider for your organization, check out:
To read up on how cloud is changing the roles of IT leaders like you, visit:
Printed in USA
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
For more information on the creation of this document, call 919.392.4834 / 3.25.15
Page 18 of 18