Computing Service Banner

SERVER HOSTING AND VIRTUALIZATION

PRINT PAGE Add This

The unit of measure for the basic Server service is the operating environment (OE), which DISA defines as an instance of an operating system (OS). One physical server could have one copy of the OS installed, in which case the OE is the server itself. However, one physical server could be carved into many partitions (similar to a mainframe), each of which has one copy of the OS installed. (These are called virtual OEs or virtual machines.) Note: We charge Server rates at the OE level, not at the physical server level.

The number of sockets populated with central processing units (CPUs) will determine the size of the OE (Level 2 to 6). The rates differ based on size and chipset. DISA will host DoD applications using DISA-provided hardware, OSs and labor.

STANDARD FEATURES

  • System Administration: including, but not limited to the following. DISA will:
    • Install, configure, and maintain the OS and core software components
    • Monitor the operational status of production systems on DISA’s Windows, Linux, and Unix servers
    • Manage user accounts at the OS level
    • Install executive software and associated patches
    • Tune the OS kernel parameters to optimize performance
    • Install and maintain the server security environment
    • Ensure compliance with Security Technical Implementation Guides (STIGs), Secure Readiness Reviews (SRRs), and Information Assurance Vulnerability Alerts (IAVAs)
    • Monitor console messages and system logs
    • Schedule and monitor backups for system files
    • Resolve referred trouble tickets

  • Security: DISA's DECCs benefit from the high level of physical security afforded by their location on military installations. DISA also provides a superior information assurance (IA) environment. In the transition to the DoD IA Certification and Accreditation Process (DIACAP), DISA has accepted Inherited Controls for a wide range of IA responsibilities and functions.

  • Level 2 Service Desk Support

  • Maintenance costs for the monitoring software the Service Desk uses and costs associated with the DISA communications infrastructure

 

OPTIONAL FEATURES

Because each partner's processing requirements may differ from the next partner, DISA offers all our partners a selection of supplemental features. Each feature has its own set of rates, priced per OE, based on the size and type of OS. Optional features include:

Hardware Services: This rate is required if DISA owns or maintains the servers (OEs), including hardware that DISA acquires with its capacity services contracts.

The Hardware Services rate covers the cost of DISA-provided hardware, OS software, standard maintenance, and miscellaneous items such as racks and cabling. In most cases this is hardware provided by DISA’s capacity vendors. For legacy hardware, this rate covers the cost of depreciation.

Capacity planning and reporting are also included in the Hardware Services rate. Capacity reporting at the OE level confirms current CPU and memory resource usage trends. DISA collects and retains all this usage data to produce summarized reports for our partners. This is a standard service offering to ensure that DISA servers are robust enough to handle our partners’ processing requirements.

NOTE: For our partners who maintain hardware they own within a DISA DECC, the option to purchase capacity planning and reporting exists. The rate is 10 percent of the Hardware Services rate for a like suite of hardware. This offering is only possible until the existing hardware is replaced for technical refresh purposes. No new partner-owned assets are permitted within DISA DECCs.

As part of the Hardware Services rate, our partners benefit from the DISA technical refresh program. DISA procures OEs from capacity vendors to replace outdated equipment on a periodic basis, so our partners can focus less on hardware acquisition.

Application Support: This feature pertains to our partners’ production information systems and databases, not to the processing environment’s OS or other executive software. The application support function maintains production application processing. Using instructions developed by technical support and DISA’s application support, DISA manages application environments, including recovery procedures.

The following list identifies some of the functions that DISA administrators perform on our partners’ behalf:

  • Monitor production processing
  • Manage user account profiles in required applications and databases (for some workloads)
  • Build, maintain, and monitor job schedules
  • Monitor system or application logs as required by Service Level Agreements (SLAs)
  • Schedule and monitor backups
  • Resolve referred trouble tickets and process special requests
  • Change disk space allocation as required
  • Report system discrepancies and initiate corrective action for system alerts
  • Resolve job aborts, abnormal terminations (abends), and other errors during processing; restart production runs
  • Coordinate with the database administrators and system administrators on new and/or changed releases
  • Associate security profiles to jobs
  • Mitigate contention and/or improve application performance
  • Coordinate with partners on service interruptions
  • Manage, coordinate, and install application releases
  • Manage reports (i.e. custom application reports and tools such as CA-Dispatch)

Web Administration: This feature refers to the labor to administer a web server and its associated software. Web administration does not include creating or designing web sites, nor does it apply to managing content on the web servers.

The following list identifies some of the functions that DISA web administrators perform on our partners' behalf:

  • Set up and maintain web servers
  • Perform initial web environment configuration to include communications and storage allocation
  • Coordinate with partner support staff to create or modify web sites; install, upgrade, and patch the web server software, adjust parameters, and modify permissions for users and groups
  • Ensure compliance with Security Technical Implementation Guides and Information Assurance Vulnerability Alerts (IAVAs) for web products
  • Schedule and monitor web server system backups
  • Maintain procedures for Continuity of Operations (COOP)
  • Implement patches and configuration changes to address web-related vulnerability scan results

This service only applies to the OEs that are functioning as web servers, and not to application servers, database servers, domain name servers, etc. If a web server uses Microsoft's Internet Information Server (IIS) software, DISA will provide this service at no additional charge as it is included in the standard rate. Because system-level access cannot be shared in a Windows environment, web administration is a mandatory charge for all Windows-based web servers that use any web software other than IIS. Web administration is an optional service for all Unix and Linux web servers.

Database Administration (DBA): These rates consist of (1) the labor costs of DBA support for any database management systems that run on Windows, Unix, or Linux platforms and (2) the costs of database management tools that improve their productivity. An example of the latter is the Oracle Management Packs, which automate or simplify many labor-intensive tasks.

The following list identifies some of the functions that DISA database administrators perform on our partner’s behalf:

  • Set up database structures
  • Perform initial database environment configuration for the physical layout of the database environment and storage allocation
  • Create or modify database instances; install, upgrade and patch the database software, and adjust authorizations and permissions of users and groups
  • Ensure compliance with Security Technical Implementation Guides (STIGs) and Information Assurance Vulnerability Alerts (IAVAs) for the database product, harden the database for security compliance, and maintain VMS postures
  • Schedule and monitor database backups
  • Resolve trouble tickets
  • Aid in performance tuning and work vendor tickets
  • Monitor availability (DISA-provided) for database instances.
  • Develop standard procedures for the DISA Knowledge Management System, based on the proclivities of the information system and its associated databases

If our partners serve as their own database administrators, DISA must still ensure that their databases comply with the DoD’s security guidelines. The charge for this service is 10 percent of the full DBA rate per database OE. The security fee includes the following services:

  • Consultative services on the STIG
    • Consulting is defined as providing STIG interpretation and clarification to our partners. Consulting does not include performing Vulnerability Management System (VMS) data entry.
    • Assist partners in entry and validating VMS
      • Our partners have the responsibility to perform VMS functions
        • System/Enclave creation
        • VMS Reports
        • Plan of Action and Milestones (POA&M) entry
        • Designated Approving Authority (DAA) Risk Acceptance (DRA) entry
        • Update findings to proper status (Fixed, Open, Not a Finding, etc.)
        • Etc.
      • DISA will provide instruction in the use of VMS
        • System/Enclave creation
        • How to run VMS reports
        • How to input POA&Ms and DRAs
        • How to update findings
        • Etc.
  • Answer questions about how to handle STIG findings with respect to database requirements
    • This is defined as interpreting database STIG requirements
    • If DISA is unable to interpret STIG requirements, DISA will provide partners with FSO Support information
  • Providing US Cyber Command (USCC) Communications Tasking Order (CTO) mandated vulnerability scan results to partners for resolution

NOTE: If DISA is serving as the partner’s database administrators, there is no security surcharge as it is included in the DBA rate.

Finally, for any OEs that use Oracle iAS/WebLogic (formerly Oracle Application Server [OAS]), DISA charges only 50 percent of the DBA rate per iAS/WebLogic OE.

DISA's database administrators use Oracle Enterprise Manager (OEM) Grid Control to manage our partners' databases. OEM Grid Control is a collection of utilities that automates a variety of time-consuming tasks, allowing the database administrators to use their time more productively. DISA’s partners who pay the full DBA rate on their database OEs receive the full benefit of these tools (additionally, the database security is included in the full DBA rate). For example, the DBA rate includes the costs of the database administrators' labor, as well as the maintenance costs of the OEM Grid Control software that DISA's database administrators use.

For those partners who use their own database administrators and would like their database administrators to use DISA’s OEM Grid Control software, they may pay an additional 10 percent of the full DBA rate per database or iAS/WebLogic OE in order to cover the cost of the software. Using this option, DISA provides only the DBA support directly related to monitoring with OEM. This cost is in addition to the 10 percent security fee.

Oracle Database Software Maintenance: The Oracle database management system is the most prevalent database application among the DISA partner community. To that end, DISA has established a rate for Oracle database software. This rate consists of the maintenance costs of the Oracle database software only. (The license fee for Oracle is charged as a one-time implementation cost. Also, the costs of other database management systems are considered cost-reimbursable and are not covered by these rates.)

24 x 7 SA: The standard SA rate provides for on-site SA for five 8-hour shifts weekly (e.g., Monday through Friday from 0800 to 1600). It also includes a 2-hour response to emergencies on nights and weekends and on-site support for the monthly scheduled maintenance window. For those workloads requiring 24x7 on-site SA, however, we offer a separate rate to cover the 16 non-prime shifts. This provides for immediate response to an emergency 24 hours a day, 7 days a week.

24 x 7 DBA: The standard DBA rate provides for on-site DBA for five 8-hour shifts weekly (e.g., Monday through Friday from 0800 to 1600). It also includes a 2-hour response to emergencies on nights and weekends and on-site support for the monthly scheduled maintenance window. For those workloads requiring 24x7 on-site DBA, we offer a separate rate to cover the 16 non-prime shifts. This provides for immediate response to an emergency 24 hours a day, 7 days a week.

24 x 7 Application Support: The standard Application Support rate provides for on-site application support for five 8-hour shifts weekly (e.g., Monday through Friday from 0800 to 1600). It also includes a 2-hour response to emergencies on nights and weekends and on-site support for the monthly scheduled maintenance window. For those workloads requiring 24x7 on-site application support, we offer a separate rate to cover the 16 non-prime shifts. This provides for immediate response to an emergency 24 hours a day, 7 days a week.

Cost-Reimbursable (Non-Rate) Services: Because DISA hasn’t established rates for every conceivable service a partner may request, unique requests are handled on a cost-reimbursable basis. For these offerings, DISA charges the direct cost, plus all indirect and general and administrative costs. This list represents some of the cost-reimbursable services provided to our partners, but it is far from exhaustive.

  • Non-standard OSs, such as Tandem Guardian, DEC VAX, or anything else other than Windows Server, Linux (Red Hat and SuSE), or Unix (Solaris, HP-UX, and AIX)
  • Unique communications requirements such as Virtual Private Networks (VPNs), community of interest networks, Demilitarized Zones (DMZs), dedicated circuits, dedicated enclaves, etc.
  • Certain test, development, or training environments that are not conducive to rates
  • Database monitoring, including the license and maintenance costs of requisite software tools
  • Process-improvement teams dedicated to resolving complex issues across disparate hardware and/or software platforms
  • Software development
  • Commercial off-the-shelf (COTS) software that is ancillary to, but required for, the information system to work properly
  • Certain non-standard, partner-owned servers that DISA maintains
  • Certain extremely large OEs that would skew the rates if left within the rates
  • Subject matter experts who provide specific, in-depth knowledge of a COTS software product (i.e. SAP, McAfee's ePolicy, Oracle's Service-Oriented Architecture software, etc.)

COOP/Service Continuity

 

ADDITIONAL INFORMATION

DISA has standard performance level data available for our partners to view. Additional data can also be provided as requested. All performance data to be provided will be documented in the SLA which will be executed when the service is ordered.

Server Operating Environment Sizing:

The rate-based server billing methodology workload unit is the operating environment (OE). An OE is defined as an instance of operating system (OS) software. An OE can be a single physical server or a logical server partition. The size of the OE is determined by the number of populated sockets being used. A socket is defined as a connector linking the motherboard to the central processing unit(s) CPU(s). (The number of “cores” on the chip is not part of the equation.)

The rate-based Basic category has been consolidated into levels, but is still size dependent. Hardware Service continues to be size and platform dependent. The Database Software (Oracle database management system [DBMS] only) service is OE size dependent, but not platform dependent. The remaining labor-based rate (such as application support, database administration [DBA], and 24x7 services) are size and platform agnostic.

  • Basic (any platform OE)
    • Level 1 – Reserved for future use
    • Level 2 – Virtualized OE less than 1 socket
    • Level 3 – 1 to 2 sockets per OE (1 socket not available on X86)
    • Level 4 – 4 sockets per OE
    • Level 5 – 8 sockets per OE
    • Level 6 – greater than 8 sockets per OE
  • Hardware Services
    • OEs running x86 chipset hardware (generally Windows and Linux OSs)
      • Level 1 – Reserved for future use
      • Level 2 – Virtualized OE less than 1 socket
      • Level 3 – 2 sockets per OE
      • Level 4 – 4 sockets per OE
      • Level 5 – 8 sockets per OE
    • OEs running non-x86 chipset hardware (generally Unix OSs)
      • Level 1 – Reserved for future use
      • Level 2 – Virtualized OE less than 1 socket
      • Level 3 – 1 to 2 sockets per OE
      • Level 4 – 4 sockets per OE
      • Level 5 – 8 sockets per OE
      • Level 6 – greater than 8 sockets, up to and including 20 sockets per OE

      NOTE: OEs over 20 sockets are priced c-goal, outside of the rates for Hardware Service, but all other services are still priced within the rate-based pricing environment.

    • Database Software (any platform or size OE)
      • Level 1 – Reserved for future use
      • Level 2 – Virtualized OE less than 1 socket
      • Level 3 – 1 to 2 sockets per OE
      • Level 4 – 4 sockets per OE
      • Level 5 – 8 sockets per OE
      • Level 6 – greater than 8 sockets, but less than or equal to 20 sockets per OE

The Level 2 virtualized OEs are sized according to actual usage of the workload and are priced to meet that need. Nearly all virtual OEs (VOEs) will easily fit into this level. In instances where partner workloads require a set capacity level, an additional option has been made available. The XL VOE (x86 chipset virtualization only) allows for the allocation of specific memory and/or CPU resources to VOEs and is priced according to the impact on the hosting environment. Large VOEs can be accommodated through this pricing model, which is based on the Level 3 rates. Please contact your Customer Management Executive (CME) to refine your requirement and price XL VOEs.

DISA strives to virtualize partner environments; however, when virtualization will not satisfy the partner's application requirements, we will provide physical environments. CLICK HERE for examples of how to calculate the price for a simple environment based on FY13 rates. NOTE: These prices do not include implementation prices, customer management rates, etc. For larger or more complex requirements and implementations, please contact your Customer Management Executive (CME) to refine your requirement and price it accordingly.