Terms of Service | CloudConnect

CloudConnect Terms of Service

Terms of Service "Master Services Agreement"

(Updated January 1, 2016)

Article I - Parties, Term, and Grant of Non-Exclusive Reseller License

These Terms of Service (Master Services Agreement) constitute a legally binding agreement between you the Subscriber and CloudConnect, LLC, (“CloudConnect”) a Massachusetts Limited Liability Company with its principal office located at 10 Tech Circle Natick, MA 01760.

Commencement Date

This agreement shall commence upon execution of this Agreement.

Initial Term

The period beginning on the Commencement Date and ending the last day of the Commencement Date’s Calendar Month.

Renewal Terms

This Agreement shall renew for one calendar month on the first day of the calendar month immediately following the Commencement Date’s Calendar Month. The agreement shall continue to renew for successive single calendar month terms, except where properly terminated or amended. Where a Revised Terms of Service is published by CloudConnect, this agreement shall renew under such published Revised Terms of Service.

Subscriber

You, the consumer and/or reseller of the Services. CloudConnect Services are intended for use by Subscribers whom are experienced Information Technology Professionals with, at a minimum, competency in working with Microsoft Windows and designing and managing TCP/IP networks. Although running on a platform hosted by CloudConnect, and although the resources provided are virtualized, the resources provided substantially exhibit the same properties and security concepts as traditional on premise Information Technology resources. The purpose of the hosted model is to reduce capital/upfront costs, reduce the time required to provision resources, and further enable cost reduction through economy of scale. In all other respects, the Subscriber should manage its hosted resources similarly to on premise resources. Subscriber is free to customize the services in a manner useful to Subscriber for the purposes of reselling, provided such customizations do not conflict with anything set forth in this agreement. While CloudConnect provides reference architectures and reference materials, these are strictly provided as proof of concept and/or for informational purposes only. Subscriber is ultimately responsible for the design and security of its Deployment.

Subscriber will be provided with two root accounts, which are granted the following roles for their deployment:

1) vCloud Director Organization Administrator Role
2) Active Directory Enterprise Administrator Role

These roles are not supervised or monitored by CloudConnect. These roles are instantiated specifically for and managed by the Subscriber. Subscriber must take appropriate measures to secure their resources beyond any complimentary security foundation CloudConnect provides. Subscribers may seek peer review of their implementations from CloudConnect for additional guidance. Subscriber’s failure to properly implement appropriate IT best practices may result in data theft, data loss, and/or downtime.

While the vCloud Director Organization Administrator Role is subordinate to CloudConnect, the Active Directory Enterprise Administrator Role is exclusive to Subscriber and not subordinate. CloudConnect is unable to override changes Subscriber may make to its domain as an Active Directory Enterprise Administrator. CloudConnect is unable to reset Subscriber’s Active Directory User account passwords including Enterprise or Domain Administrator passwords. Subscriber is assuming the role of the root administrator of Subscriber’s exclusive Active Directory instance.

Subscriber’s Representations

Subscriber hereby represents to CloudConnect that Subscriber is principally engaged in the business of providing managed Information Technology Services, and has professional expertise in the same. Subscriber has and maintains competency in subject matter including, but not limited to, Microsoft Windows, Active Directory, TCP/IP Networking, Network Security, and Information Security. Subscriber represents that Subscriber is comfortable assuming the responsibilities associated with deploying a managed environment on the CloudConnect Platform.

Subscriber’s Duty to Cooperate with CloudConnect

Subscriber agrees to cooperate with CloudConnect should overlap exists in management and/or security responsibilities. Subscriber agrees to cooperate to the extent necessary to maintain the normal, lawful, and compliant operation of the CloudConnect Platform.

End Users

End Users are referred throughout this Agreement as any third-party organization and/or individual(s) to which Subscriber provisions, delegates, and/or grants access to, a CloudConnect product or service for which Subscriber is financially obligated to CloudConnect, and for which End User is financially obligated to Subscriber. Where such entity and/or individual is not financially obligated to Subscriber, Subscriber is deemed the consumer and/or End User of the products and or services said entity and/or individual access.

Users

Anyone with access to use the CloudConnect Platform. This includes Subscriber and Subscriber’s End Users.

License to Resell the Services

CloudConnect hereby authorizes and grants to Subscriber non-exclusive License to resell CloudConnect Services to third party organizations and End Users (“End Users”). Said License is limited in time by the Term (and any successive Renewal Terms) of this Agreement. As a condition for grant of said License, Subscriber agrees to:

Provide Technical Support to the End Users.
Provide data migration services for End Users, where required and as agreed with your End Users.
Keep its account in good standing with CloudConnect.
Invoice and collect payments from End Users on Subscriber’s behalf.
Pay CloudConnect for Services consumed by End Users when due and in accordance with the Billing and Payment Terms contained in this Agreement.
Assume full financial responsibility for Services consumed by End Users but for which Subscriber may have not yet been paid.
Require End Users to sign an Indemnification, Defense, and Hold Harmless Agreement, which in addition to holding you the Subscriber Harmless, Defended, and Indemnified for any loss arising out of or attributable to an End User’s Use of the Services, shall also name CloudConnect, LLC as a defended, indemnified and held-harmless party. Said Indemnification, Defense, and Hold harmless Agreement shall at a minimum meet the obligations set forth in Exhibit-A. Failure to obtain such Indemnification, Defense, and Hold Harmless Agreement naming CloudConnect as an indemnified party shall constitute Subscriber’s acceptance of such End Users’ Duty to indemnify, defend, and hold harmless CloudConnect to the same extent provided by Exhibit-A.
Purchase and Maintain Professional Liability Insurance and Cyber Liability Insurance from a reputable insurer with an A.M. Best rating of B+ or better. Said insurance limits shall be at least $250,000 per incident and $500,000 aggregate. Where Subscriber’s total monthly invoice amount exceeds $10,000 (ten thousand dollars), and regardless of the ratio of services consumed directly by Subscriber or Subscriber’s End Users, said insurance limits shall be of at least $500,000 per incident and $1,000,000 aggregate.
You the Subscriber agree to indemnify, defend, and hold harmless CloudConnect for any claim to any loss arising out of or attributable to yours or an End User’s Use of the Services.
Assume full responsibility for the Security and Management of the Services where you the Subscriber have administrative access and/or control over the security settings of such Services.
1. Require End Users maintain licenses in good standing for any Software Product installed on Resources designated for the End User, and indemnify, defend, and hold harmless CloudConnect for any claim of infringement arising out of or attributable to improperly installed/unlicensed products.
Manage the lifecycle of the Services for the Subscriber.
Comply with all other Terms of this Agreement.

License to Use and Distribute Marketing Materials

CloudConnect may provide boiler plate and/or customized Marketing Materials to Subscriber for Subscriber’s use to promote and resell its implementation of CloudConnect Services. Marketing Materials provided are for informational purposes only, and Subscriber assumes all responsibility for the accuracy and completeness of such materials when distributed to Subscriber’s End Users and/or potential End Users of Subscriber. Subscriber further assumes the duty of implementation for any Services sold to such End Users, including but not limited to, verifying Subscriber’s configuration and/or implementation of CloudConnect Services meets the requirements of what was chosen by the End User and/or what was represented to the End User by Subscriber (For example verifying the deployment exists on the correct Storage Policy).

Subscriber agrees to indemnify, defend, and hold harmless, for any loss arising out of or attributable to, Subscriber’s use and/or distribution of the Marketing Materials.

Sample Documents

CloudConnect may provide Sample Documents to Subscriber for Subscriber’s reference. Such Sample Documents may be legal in nature and include, for example, a Sample Contract between Subscriber and a potential End User. Such Sample Documents are provided for informational purposes only. Subscriber should always consult a licensed attorney on any legal matters including but not limited to, contracts between Subscriber and Subscriber’s End Users. Subscriber agrees to hold harmless CloudConnect for any loss arising out of or attributable to Subscriber’s use or incorporation of such Sample Documents.

For the purposes of this Section, Sample Documents shall include Exhibit-A of this Agreement.

Subscriber’s Right to Use its Own Brand

Subscriber is duly authorized by CloudConnect to cobrand and/or rebrand the Services as its own, provided however, Subscriber complies with all responsibilities in the aforementioned License to Resell the Services.

Billing Usage Data

Notwithstanding anything in Article VI (Billing and Payment), CloudConnect may provide Subscriber with Usage Reports (i.e. Aggregate Usage, Bookkeeper Reports, and/or SKU Audit Reports) for the purposes of sourcing and/or allocating Subscriber’s costs across the various products. These reports are not an invoice, bill, or other request for payment, and the usage may deviate from the official Invoice delivered to Subscriber via email. In all cases, the official Invoice shall govern the payment amount due from Subscriber to CloudConnect.

The accuracy of Usage Reports depends on Subscriber’s adherence to the assumptions contained by the algorithms or queries which produce such reports. Subscriber should verify the accuracy of these reports prior to invoicing any End User.

CloudConnect shall not be responsible for any under-billing by Subscriber to Subscriber’s End User arising out of or attributable to Subscriber’s reliance on the Usage Reports.

Conflict with other Subscribers in their Capacities as Resellers

Subscriber understands that CloudConnect has existing other subscribers whom namely may be engaged in business similar to Subscriber. Subscriber agrees not to knowingly and directly solicit any other (present or future) subscriber’s End Users. Should another CloudConnect subscriber claim Subscriber has or is knowingly or inadvertently soliciting any of such other subscriber’s End Users, then upon receipt of written notice by CloudConnect, Subscriber shall immediately cease and desist any and all solicitations and/or business activities with such End Users.

Other than providing such cease and desist notice, CloudConnect may, but shall have no obligation to, take any additional judicial enforcement action, including but not limited to, injunctive relief. Where CloudConnect chooses to enforce this provision, Subscriber agrees to reimburse any and all legal costs and court costs associated with CloudConnect’s attainment of injunctive relief against Subscriber.

Subscriber shall hold CloudConnect harmless from any claims to solicitation of Subscriber’s End Users, including incurring costs, loss of business or loss of income resulting therefrom, arising out of, or attributable to the competition and/or solicitation of any other CloudConnect subscriber engaged in similar business as Subscriber. CloudConnect itself agrees not to knowingly and directly solicit any existing or future Subscriber, User, or client of Partner, and hereby agrees to cease and desist said solicitation upon receipt of written notice of Subscriber.

Article II - Platform Description

CloudConnect Platform

The CloudConnect Platform includes all facilities computer code, data, databases, software, operating systems, hypervisors, servers, network switches, third part services, and storage systems operated by CloudConnect required to deliver services in accordance with the terms of this agreement. The Citrix Receiver® is also considered part of the CloudConnect Platform. Physical hardware devices leased, rented, owned, used, and/or operated by Subscriber are not considered part of the CloudConnect platform. Said Physical hardware devices include, but are not limited to, servers, routers, storage arrays, routers, switches, cabling, firewalls, wireless access points, peripheral devices (e.g. printers, scanners, web cameras, thumb drives, audio devices, speakers, microphones, telephones, cameras, monitors, telephones, keyboards, and/or other human input/interface devices.

Deployment Options

Depending on Subscribers and/or End User’s needs, Subscriber may choose from two deployment options, which may coexist for certain Subscribers.

mspCloud™

mspCloud™ is the Default Deployment Option for any Subscriber. In this deployment, Subscriber has its own Active Directory Forest, which is shared among End Users. Subscriber retains Enterprise Admin control of the Active Directory Instance, and manages all Subscriber accounts from a single Domain Console. End Users are treated as Organizational Units (Departments) within the “Enterprise.”

In addition, the vCloud Director Virtual Datacenter is shared among End Users. End User Virtual Machines should be provisioned on dedicated Org VDC Networks and assigned to a single vApp Container.

All End Users share the same Edge Gateway, which is managed by the Subscriber.

A Deployment is identifiable as an mspCloud when the vCloud Director Virtual Datacenter Name is prefaced with “mspCloud.”

The mspCloud will generally include Costs which Subscriber must either cost allocate to Subscriber or expense as overhead for running the environment. Examples of these costs include resources to store and run the Domain Controller, and Catalog Space.

Private Domain™

The Private Domain is intended for End Users that are large enough and have the specific requirement of a dedicated Active Directory Forest. In this deployment, the Subscriber retains the Enterprise Admin role of the Active Directory Forest, however the Forest is intended to be exclusive to the End User. Subscriber is still principally responsible for the End User’s hosted infrastructure, and Subscriber is still the reseller of this environment.

In addition, an additional, dedicated, vCloud Director Virtual Datacenter is deployed specifically for this Active Directory Forest.

A dedicated Edge Gateway is deployed specifically for this instance, and managed by the Subscriber

A Deployment is identifiable as a Private Domain when the vCloud Director Virtual Datacenter Name is prefaced with “Private Domain.”

The Private Domain will generally include Costs which are associated with the dedicated environment. These costs include resources to store and run the Domain Controller, and Catalog Space.

Services delivered by The CloudConnect Platform

CloudConnect provides the following Information Technology Services as a Hosted Service:

Infrastructure

Desktop

Disaster Recovery

Software

Technical Support to the Subscriber Only

Infrastructure as a Service is generally defined as the ability to provision/deploy a Virtual Server (Operating System) from comingled but logically isolated Information Technology Hardware resources. CloudConnect provides, among other Services, Storage, Memory, Virtual Processors, Network, resources as a Service. Subscriber creates Virtual Machines and allocates these Infrastructure Services to each Virtual Machine created.

Desktop as a Service refers to the deployment of Infrastructure as a Service for the specific purpose of providing a graphical rendering/remote display protocol. Desktop as a Service sits on top of Infrastructure as a Service, consumes Infrastructure Resources, and is subject to all limitations and requirements of the corresponding IaaS resources. All CloudConnect virtual/hosted desktops use the Microsoft Windows Server operating system.

Disaster Recovery as a Service shall mean the ability to recover the data contained in a Virtual Machine following a qualified disaster event which deletes or otherwise causes corruption to said data. CloudConnect requires Subscriber to associate each Virtual Machine with a Storage Policy. The Storage Policy determines the level of data protection provided for the Virtual Machine data.

Software as a Service refers to the ability to deploy, install, and use qualifying Software under a license that is allocated monthly per user or, where applicable, per unit of infrastructure. The license is limited to the Term of the Agreement. The ability to upgrade the software to a newer version is also provided at no additional licensing cost.

Self-Service Provisioning and Management of Services

CloudConnect provides Subscriber with the ability to self-service deploy and manage the services. Among other things, Subscriber has the ability to:

Create Virtual Machines from scratch or from Templates provided by CloudConnect
Edit Virtual Machine Properties, thus allocating Infrastructure Services
Associate the Virtual Machines with Storage Policies, thus allocating Disaster Recovery Services
Create and manage Virtual Networks for consumption by the Virtual Machines
Install and assign the use of Microsoft, Citrix and VMware Software applications, thus allocating Software Services
Registering certain Virtual Machines as Remote Desktop Session Hosts with CloudConnect, thus allocating Desktop Resources

Subscriber’s allocation of resources will affect Subscriber’s costs. Subscriber will generally manage these resources through (1) a web control panel such as VMware vCloud Director, (2) a remote console to a virtual machine, which may be provided through the web control panel, or through another means. From a remote console, Subscriber may install applications, create user accounts, and run configuration utilities provided by CloudConnect, each of which may cause or contribute to resources being allocated.

Citrix XenApp as a Service (Enhancement for DaaS, also referred to as Citrix Enhancement for RDS)

Subscribers have the option to register Virtual Machines (when created for the purpose of hosting Desktop Applications) with a shared Citrix XenApp Farm, which is managed by CloudConnect. Registering Virtual machines with the Citrix Farm is done using a configuration utility provided by CloudConnect. When a Virtual Machine is registered with the shared XenApp Farm, users subsequently authorized to access the Virtual Machine are allocated a Citrix License.

Ownership of Software Services and Content

CloudConnect does not convey any ownership of any perpetual software license to Subscriber. Virtual machines and all software provided by CloudConnect are property of CloudConnect and/or CloudConnect’s software vendors. Only data imported and generated by Subscriber on a CloudConnect virtual machine or storage device shall remain the intellectual property of Subscriber subject to all terms of this agreement.

Storage Policies (May also be referred to as Storage Profile, Resiliency Profile)

A Storage Policy is a property of a Virtual Machine and determines:

the Data Protection features provided to the Virtual Machine, and all virtual machine disks attached thereto
the unit cost per gigabyte of data storage allocated to the Virtual Machine
the unit cost per gigabyte of virtual Random Access Memory allocated to the Virtual Machine
the unit cost per Virtual Processer (core) allocated to the Virtual Machine

A Virtual Machine’s Storage Policy is set by Subscriber and a Virtual Machine is limited to one (1) Storage Policy at any given time. All Virtual Machine Disks attached to such Virtual Machine inherit the Virtual Machine’s Storage Policy. The Data Protection features of a given Storage Policy is the only integrated means by which Subscriber may recover data in the event of significant hardware failure, service outage, data corruption/deletion, and/or other cause of data loss. CloudConnect does not provide any additional umbrella data protection features which protect Subscriber’s data from loss arising out of or attributable to CloudConnect’s actions and/or third parties which CloudConnect may rely upon to deliver its services to Subscriber.

All Storage Policies are backed by commercial grade data Storage Arrays with standard RAID levels, as well as redundant RAID controllers, network, power, and cooling components.

Subscriber may choose from the following three (3) Storage Policies, the Data Protection features of which are as follows:

BASIC

The BASIC Storage Policy will attempt to create a virtual machine backup every night during the backup window. The backed up data is retained by CloudConnect for seven days, and then overwritten. CloudConnect will also attempt to copy the backed up data off-site, and the off-site backup copy will be periodically overwritten in accordance with the seven day retention policy.

BUSINESS

The BUSINESS Storage Policy will attempt to create a virtual machine backup every night during the backup window plus an additional virtual machine backup each week. The backed up data generated by the nightly backup is retained by CloudConnect for ten days, and then overwritten. The backed up data generated by the weekly backup is retained separately by CloudConnect for seven weeks. CloudConnect will also attempt to copy the backed up data off-site, and the off-site backup copy will be periodically overwritten in accordance with its retention policy, ten days, and seven weeks, respectively.

ENTERPRISE

The ENTERPRISE Storage Policy will attempt to create, retain, and copy offsite, virtual machine backups in accordance with the BUSINESS Storage Policy described above. In addition to this virtual machine backup and retention policy, ENTERPRISE will attempt to replicate the virtual machine data in a bootable format at hourly intervals to a redundant site (datacenter facility). ENTERPRISE will also reserve storage, network, and hardware compute resources to boot, run, and provide access to a replica (copy) of the ENTERPRISE virtual machines at the redundant datacenter facility in the event of a qualifying disaster, which would otherwise prevent Subscriber from accessing their virtual machines in the original datacenter facility. Recovery times for such a disaster event may vary, and the decision to invoke disaster recovery procedures, which provide for said recovery of virtual machines at the redundant site, is under the strict control, and at the sole discretion, of CloudConnect.

The data protection provided by any given Storage Policy is intended to protect subscribers from Subscriber’s or End User’s acts which cause data corruption or accidental deletion. The backed up data may also be used by CloudConnect to restore environments when a catastrophic hardware failure occurs, and such restore is deemed by CloudConnect in its sole discretion to be the best course action to recover such data. Backups of subscriber systems will generally run between the hours of 6:00 p.m. and 6:00 a.m. on qualified nights. It is possible for individual backup “jobs” to not complete under certain circumstances (i.e. maintenance of the backup system, backup job failure, etc.), in which case recovery of data to a specific point in time in accordance with the following Retention of Backup Data may not be possible. When a valid restore point is available, the data recovery process may take several hours depending on the amount of data being recovered and assuming the request is made during normal business hours. The ability to execute a data recovery job or restore a system is not guaranteed between the hours of 6:00 p.m. and 6:00 a.m. as the backup system may be running scheduled backup jobs or be undergoing maintenance. Subscribers may need to wait until the next business day for data recovery. In any case of inability to recover data, subscriber shall hold CloudConnect harmless.

The data protection provided by any given Storage Policy does not restore application items (application item recovery). Examples may include specific database tables, SQL databases, database transaction logs, Microsoft Exchange Mailboxes or Mailbox items (such as an email or a contact). In the case where application items must be restored, Subscriber should implement application-specific or third party backup solutions to provide for the necessary recovery functionality.

CloudConnect does not provide for granular recovery of system states and/or Active Directory. Subscribers should configure the Windows Server Backup role on domain controllers and store the backup media on the domain controller to provide granular recovery of the System State and Active Directory. This is especially important in large, complex Active Directories, or scenarios where Subscriber’s domain controller replicates with other domain controllers.

Subscriber should also verify Windows shadow copies are enabled on all drives in Subscriber’s system. Shadow copies provide for fast self-service recovery of accidentally deleted or corrupt files and folders with a shorter recovery point objective at the expense of a smaller retention of backup data. Should Subscriber require CloudConnect retrieve data from the Nightly Backup service or revert or temporarily boot Subscriber’s System to a previous snapshot, such services will be billed at $150 per hour. Additional (duplicate) infrastructure charges may apply if the restored environment coexists with the production environment.

Changing a Virtual Machine’s Storage Policy

Subscriber may change a Virtual Machine’s Storage Policy by accessing the Virtual Machine’s General dialogue box, however, there is a provisioning process associated with changing the Storage Policy, which may delay access to the data protection features of the newly selected Storage Policy. Data retention is not retroactive. For example, when upgrading from a Storage Policy with a shorter backup retention the new Storage Policy with longer backup retention, the Virtual Machine must cycle through backup jobs equivalent to the difference between the longer (new) backup retention and the shorter (original) backup retention until Subscriber receives the full benefit of the new backup retention policy. During this “ramp up” period Subscriber will still be charged according to the new Storage Policy.

When the inverse occurs (Subscriber downgrades from longer retention to shorter retention), Subscriber is immediately charged based on the new storage policy, however due to periodic Active Full Backups, it is possible that Subscriber may immediately lose the difference between the longer (original) backup retention and the shorter (new) backup retention data. Thus, the act of downgrading a Storage Policy may have the effect of immediately removing the data protection features provided by the original Storage Policy.

Catalog Storage

CloudConnect provides Catalog Storage for each Virtual Datacenter. The Catalog is intended to temporarily store master images of Virtual Machines or vApps, as well as .ISO images of Software Media. The catalog facilitates temporary storage of these items so they may be easily deployed or imported into the hosted infrastructure. Catalog items should not contain End User or Subscriber business critical data.

Catalog Storage is charged as the BASIC Storage Policy, however the actual data protection of the Catalog data is not equivalent to that provided by the BASIC Storage Policy. Catalog Storage is in some respects inferior to the data protection provided by BASIC (no rollback capability for accidentally deleted files), and in other respects superior (the catalog data is replicated to a redundant site).

Because the Catalog Data is not backed up like Virtual Machine data, CloudConnect is generally unable to restore the Catalog or Catalog items to a previous point in time. In the event Subscriber must store business critical data in the Catalog, always maintain your own backup of the critical data. Options include keeping a copy of the catalog template item as an instantiated but Powered Off vApp, or by exporting a copy of the template or .ISO images to another location.

Third Party Backup Solutions

As a general Cloud Computing Best Practice, CloudConnect recommends all Subscribers use a Third Party Backup solution to complement the data protection provided by Storage Policies. This ensures critical data is stored with two separate custodians (business entities) at any point in time. A wide range of economical and mainstream backup solutions are fully compatible with CloudConnect.

Data Archival

CloudConnect is not a data archival service and will not provide any archival of any software, data, or database. Subscriber is responsible for archival of all data through internal procedures or third party archival service providers.

Fast Provisioning

vCloud Director Fast Provisioning is not currently available with CloudConnect. Therefore, virtual machines are not able to be deployed as vSphere Linked Clones and must go through Guest OS Customization and SID Change prior to joining to a domain.

Thin Provisioning

All vCloud Director Virtual Machines are Thin Provisioned. As further explained in Billing and Payment, Subscriber is charged for the Disk Storage allocation (capacity as seen by the operating system it is attached to) and not the actual underlying use (consumption) of the virtual machine disk.

Changing a Virtual Machine Disk’s Allocated Size (“Allocation”)

While the allocation (size) of a virtual machine disk (“vmdk,” “Hard Disk,” or “disk”) may be dynamically increased, it is not possible to reduce said allocation. In order to reclaim unused storage, Subscriber must either (1) deploy a new virtual machine with a new disk set to a smaller allocation and manually transfer data to the new virtual machine’s disk, or (2) replace the virtual machine disk with a new one, and use a third party disk cloning utility to capture, create, and transfer a compressed image from the original disk to a new disk while simultaneously connected to the same Virtual Machine. Neither of these processes are managed or supported by CloudConnect.

Application Compatibility

CloudConnect desktops use the Microsoft Windows Server 2008 R2 Operating System with Remote Desktop Services Role (“Desktop Host”) and Citrix XenApp 6.5. Windows 7 virtualized desktops are not available through CloudConnect under the Microsoft SPLA program. Subscriber is responsible for verifying that use of non-Microsoft applications on Windows Server 2008 R2 Remote Desktop Services / Citrix XenApp 6.5, and/or use with virtualization technologies do not violate the software provider’s End User License Agreement, or any local, state, or federal law. CloudConnect should not be utilized to host or deliver any application where temporary loss of access to such application could result in losses including, but not limited to, personal injury, death, failure to diagnose, treat, cure or prevent a medical disease and/or condition, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.

Hardware Acceleration/GPU Rendering (Remote HDX 3D Graphics)

CloudConnect enables GPU virtualization on Virtual Machines deployed as Citrix Desktop Hosts at no additional charge to Subscriber. The GPU Virtualization is intended to enable Citrix HDX 3D graphics by providing access to a shared graphical processing unit through the VMware vSGA. The Operating System will generally see a virtual GPU with approximately 512 MB of Memory. This vGPU is then shared among the users assigned to the Desktop Host. While the Citrix Desktop Host may have this VGPU capability, it should be noted that not all 3D graphics features of a Microsoft Windows Operating System will be available for use to an application. Furthermore, network latency and simultaneous calls across the virtualized environment may significantly degrade 3D application capability beyond its point of usability. It is therefore recommended to test all 3D applications with the intended users of those applications over a period of time to determine if the overall user experience is satisfactory.

Installing and Configuring Third Party Applications

Third Party Applications are generally installed onto CloudConnect desktops in a manner similar to installing on a personal computer. However, when an application is installed on a Desktop Host, all users with access to the Desktop Host generally have access to the application. Subscriber is responsible for installing, maintaining, configuring, troubleshooting, patching, and updating any application or software licensed through a third party. Subscriber must maintain retain an Information Technology Professional with a CloudConnect user account with local administrative privileges to provide for the installation and maintenance of such applications. Subscriber must verify compatibility of Third Party Applications with the CloudConnect Platform prior to installation and use.

Licensing of Third Party Applications

Subscriber is solely responsible for complying with all End User License Agreements for third party applications used by Subscriber. Subscriber must also obtain licenses for all third party software installed in or streamed to Subscriber’s Hosted Infrastructure where required. Subscriber shall indemnify and defend CloudConnect for any claim brought by a third party software provider for violation of their End User License Agreement provided such claim is attributable to Subscriber’s use of said software on the CloudConnect Platform.

Remote Desktop Services Architecture Security Considerations (User Account Control)

User desktops within a Subscriber’s organization are isolated at the session layer, not by virtual machine. Users with administrator privileges can introduce a computer virus, malware, or other security vulnerability, which can affect all users and all user data within their organization. Users with administrator privileges also have full control over any user’s data, which is stored locally on the Desktop Host for which said user has administrator privileges. Because of these considerations, administrator privileges should be limited to a single user account for the sole purpose of installing and configuring software. This administrative account should only be used by a responsible user or trusted IT professional. CloudConnect will not support any Desktop Host where multiple users or irresponsible users have been granted administrator privileges, and makes no warranty with respect to the security of said Desktop Host and its data, when multiple users or irresponsible users have been granted administrator privileges.

As recommended by Citrix, CloudConnect may disable User Account Control (UAC) on Subscriber’s Desktop Hosts when required for Application Streaming. When users are granted local administrator rights and UAC is disabled, the security of the Desktop Host can become further compromised. Subscribers choosing to add users to the local administrators group should enable UAC on the affected Desktop Hosts. CloudConnect reiterates it will not support and make no warranty with respect to the security of a Desktop Host and its data, when a multiple users or irresponsible users have been granted administrator privileges.

Network Display Protocol

CloudConnect subscribers generally interact with CloudConnect hosted applications and desktops through the Citrix Independent Computing Architecture protocol (ICA). ICA is a network based display protocol, and image quality and integrity are directly affected by the quality of one’s internet/network connection. Because CloudConnect relies on the internet in all cases to deliver hosted applications and desktops to users, CloudConnect is not able to control network quality of service between CloudConnect facilities and the Subscriber’s point of access. Subscriber should therefore test their applications with their current ISP connection to determine if performance will be acceptable.

Because of these network conditions, CloudConnect uses image compression algorithms to improve the usability of hosted applications and desktops. Examples may include, but are not limited to, color compression, queuing and tossing, progressive compression, lossy compression, and jpeg/heavyweight compression. These image compression algorithms may intermittently or continuously degrade image quality. Certain abnormal network conditions including jitter and loss of bandwidth can invoke additional compression over and above what is normally used. Image compression algorithms may significantly degrade image quality during such circumstances. Subscribers should carefully consider the effects of loss of image quality and integrity on their organization’s workflows. CloudConnect should not be used in any industry or use case where loss of image quality or integrity could result in losses including, but not limited to, personal injury, death, failure to diagnose, treat, cure, or prevent a medical disease and/or condition, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.

Other Network Display Protocols such as Microsoft RDP, may be used at Subscriber’s election. RDP, among other remote display protocols is subject to the same limitations of Citrix ICA.

VMware Remote Console (VMWRC) should only be used for Subscriber’s administrative use, and never be used by an End User.

Peripheral Devices

Not all devices will be compatible when used with CloudConnect and CloudConnect provides no support for peripheral devices, other than general instructions on how setup the type of device and how to generally use the device with a Cloud Desktop. CloudConnect does not support native device drivers for peripheral (locally attached) hardware devices. Peripheral devices are unable to be redirected to CloudConnect desktops using the device’s native driver (i.e. no isochronous redirection). With limited exception, native device drivers should be installed locally on a user workstation or access point and not on the CloudConnect-hosted operating system to which said user connects. Citrix supported peripheral devices will generally map to the CloudConnect desktop through Citrix or Microsoft universal drivers for the type of device. Peripheral device mapping is limited to most printers, TWAIN compliant scanners (only when being used with a TWAIN compliant image capture software installed on the Cloud Desktop such as Adobe Professional), certain web cameras, microphones, speakers, basic human input devices (such as a keyboard and mouse), and thumb drives pre-formatted with FAT32 file system. Peripheral device performance and usability is reliant on low internet latency (consistently less than 30 milliseconds), and adequate bandwidth (consistently more than 5 Mbps download and 5 Mbps upload). Loss of bandwidth and/or increase in latency can cause peripheral devices to become unusable. Subscriber should verify desired peripheral device functionality with their access points and network connections prior to using CloudConnect in production.

Client Drive Mapping

CloudConnect Desktops by default allow users to read and write to local (client) drives and thumb drives from the user’s Cloud Desktop. If Subscriber needs to prevent users from having read and write access to personal drives (to prevent users from importing or exporting data to or from Subscriber’s Cloud environment), Subscriber must contact the CloudConnect Help Desk to block this functionality.

Flash Redirection

CloudConnect makes available an optimization technology from Citrix Systems known as Flash Redirection. Disabled by default, Flash Redirection offloads Flash content from the Subscriber’s hosted desktop to be rendered seamlessly, but locally on Subscriber’s workstation computer or Thin Client. Flash Redirection introduces potential access to local resources and should not be used by Subscriber unless the effects and security considerations resulting from such interactions have been properly evaluated. If Subscriber desires not to use Flash Redirection, Subscriber should contact CloudConnect to disable the feature.

Remote Access Considerations

CloudConnect is an inherently remote computing architecture by design. All CloudConnect users are able to remotely access their Cloud environment from most mainstream computing devices with an internet connection. CloudConnect cannot restrict user access to the system based on geographic location, physical address, or IP address. Subscriber should not use CloudConnect if universal remote access is undesirable. Subscribers may consider restricting logon hours to business hours for certain users through Active Directory.

Remote Monitoring and Management (RMM) Agents

Subscriber may install its own Remote Monitoring Software on each virtual Machine in Subscriber’s environment. Subscriber may further choose to add this Software to a master image to streamline the deployment.

CloudConnect does not monitor or manage the internal state of the Virtual Machine (Operating System, Network Connections, Applications, User Access, etc.), therefore Subscriber must use its own RMM platform and agents where required for compliance purposes or other reasons. Generally Subscriber should use the RMM as a monitoring and response tool and not as a maintenance tool, as most maintenance tasks are preconfigured to be automated when deployed from a CloudConnect template.

Subscriber’s Internet Access

Subscriber is solely responsible for internet access from any location used to access or remotely connect to Subscriber’s Hosted infrastructure. CloudConnect requires reliable internet access with substantial bandwidth, low latency, and high Quality of Service to render hosted applications and hosted desktops usable to Subscribers. For production office environments, bandwidth of at least 15 Mbps download 15 Mbps upload is recommended for the first 30 concurrent users. Latency should be consistently less than 30 milliseconds round trip to CloudConnect. Individual remote users not requiring a High Definition User Experience simply require a broadband or equivalent internet connection. CloudConnect will not monitor, troubleshoot, or diagnose Subscriber’s internet connection. CloudConnect will not provide any support, nor diagnose or troubleshoot any issue for Subscriber as would otherwise be required under the terms of this agreement, unless Subscriber’s internet connection meets the aforementioned minimum requirements.

Notice to Users Traveling Abroad

CloudConnect filters internet traffic to and from countries suspected of engaging in industrial espionage against the United States. Users traveling to these regions will need to contact CloudConnect to arrange traffic filtering exceptions to allow Subscriber to connect to hosted infrastructure while traveling in these countries/geographic regions. For a current list of countries and regions blocked by CloudConnect, contact the Help Desk.

Confidentiality of User Accounts and Credentials

CloudConnect will never ask a user for their password. Subscriber must require all users in Subscriber’s environment not disclose user account credentials to any individual including users within the organization. Allowing multiple users to logon with the same user account (impersonation) poses a significant security risk. Should any of Subscriber’s credentials become compromised, Subscriber must immediately notify CloudConnect to reset credentials.

Upon termination of an employee, the employee’s user account should be immediately disabled or placed into receivership (whereby the credentials are reset for the receiving user). Private domain subscribers should coordinate this with their self-designated Private Domain Administrator. All other subscribers should coordinate this through the CloudConnect Help Desk to disable or reset user account credentials.

Disclosing user credentials to anyone other than the named user, or failing to report user credentials being compromised, can result in civil and/or criminal penalties and/or unauthorized access to Subscriber’s infrastructure. Such unauthorized access could be malicious or unintentional, and result in data loss, downtime, identity theft, theft and/or corruption of data, and or financial loss. Subscriber shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to Subscriber’s disclosure of user account credentials to any party and/or impersonation of user accounts (shared accounts), or for Subscriber’s failure to report compromised credentials.

CloudConnect will not support any configuration where user accounts are assigned to devices and not named users. CloudConnect makes no warranty of system performance when Subscriber assigns accounts to devices and not users.

User Account Security is limited by the Integrity of the Device Accessing the System

While CloudConnect uses commercial grade encryption and integrity checking for remote sessions, the session’s security (including the User Account credentials) are only as secure as the Device being used to access the CloudConnect Platform. Subscriber’s or Subscriber’s End User’s compromised device may in turn cause Subscriber’s or Subscriber’s End User’s User Account may cause data, accounts, and/or information stored on the CloudConnect Platform to subsequently become compromised. Such attack is generally limited to the CloudConnect access rights of user accounts used to access the CloudConnect Platform from such compromised device.

Notwithstanding any other Subscriber duty to defend, indemnify, and hold harmless CloudConnect, Subscriber shall indemnify, defend, and hold harmless CloudConnect for any loss arising out of, or attributable to, Subscriber’s (or Subscriber’s End User’s) access of the CloudConnect Platform from a security-compromised device, regardless of Subscriber’s and/or End User’s awareness (or lack thereof) of the device being in a security-compromised state.

For the purposes of this section, a security-compromised device shall include any computing device (e.g. PDA, smartphone, personal computer, laptop, tablet, kiosk, public or shared device), whereby any party other than the person duly authorized to access the CloudConnect Platform, is able to monitor, intercept, redirect, phish, spoof, record, read, interpret, replay, key log, and/or act as a “man-in-the-middle,” from such device. Subscriber’s device shall include any device Subscriber and/or End User uses to access the CloudConnect Platform, regardless of device ownership and/or device management responsibility. Subscriber’s device shall also include any network (other than the internet) to which such device is connected.

Limited Interoperability with Multi-Factor Authentication

VMware vCloud Director and The Shared Citrix Farm do not support Multi-Factor Authentication (MFA) at this time. Subscribers interested in using MFA will be limited to Active Directory accounts only and will need to deploy their own self-managed RDS Desktop Farm (limited to RDP connections only). CloudConnect does not support MFA, however due to Subscriber’s exclusive control over Subscriber’s Active Directory, it is both technically possible and feasible for Subscriber to deploy and managed an MFA solution.

MFA substantially complicates any IT environment, and a technical glitch with the MFA components may cause downtime by preventing users from being able to authenticate. It is important to weigh the benefits with the risks associated with MFA prior to Subscriber’s implementation.

Malware Detection & Removal

Malware is a malicious or unwanted form of software or computer code, that when executed on Subscriber’s hosted infrastructure can cause security to be compromised on Subscriber’s hosted infrastructure. Malware is generally inadvertently executed or installed by users, whom are tricked by websites, emails, and other electronic information sources that make false representations about its prospective software and its authenticity.

To mitigate this threat, CloudConnect makes available Endpoint Protection software agents at no charge to Subscriber. Generally, Endpoint Protection software/monitoring agents are pre-installed into Subscriber’s Virtual machines when deployed from a template. Users also should not be provided any kind of administrator credentials as users with administrator credentials can unknowingly override an Endpoint Protection agent’s attempt to block or quarantine the malware. CloudConnect also facilitates filtering of known malicious or phishing websites by making Norton Connect Safe® available to Subscriber.

CloudConnect does not monitor the Endpoint Protection agents installed on Subscriber’s Virtual Machine. Subscriber may monitor this agent through the Event Viewer and/or alerts from the Agent itself. Subscriber may alternatively choose to install its own Endpoint Protection Agent, however in no case should Subscriber operate a Virtual Machine on CloudConnect infrastructure without a reputable and up-to-date antimalware/endpoint protection agent installed.

While CloudConnect does not actively monitor each virtual machine for malware, CloudConnect may detect or suspect malware activity through other means. Should CloudConnect detect/suspect malware, Subscriber agrees to promptly remove such malware. If removal of malware must be performed by CloudConnect, and CloudConnect will bill for this service at a rate of $150 per hour. Malware removal is mandatory once malware is detected, and Subscriber may not opt out of removal of malware.

Subscriber shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of Endpoint Protection software’s failure to detect any malware, malicious software, or other unwanted attack on Subscriber’s hosted infrastructure.

Email Security and Email Considerations

CloudConnect does not provide any email screening or email security services. Subscribers should obtain these services from their email provider. Private Domain Subscribers choosing to self-host Microsoft Exchange or other email server software on CloudConnect servers are required to point MX records to a CloudConnect approved third-party email screening and security service. Subscribers should contact CloudConnect for a current list of CloudConnect approved third party email screening services. Subscriber is prohibited from pointing any MX record directly to any CloudConnect IP address. CloudConnect also filters IP traffic to and from known malicious IP addresses and countries suspected of engaging in industrial espionage against the United States. To communicate with these regions via email, Subscriber should configure outbound emails to route through a trusted email filtering proxy.

SMTP traffic is filtered on the CloudConnect Network. Email messages must be sent through an email proxy via a non-standard SMTP port. This traffic filtering generally does not affect email clients connecting to hosted email servers.

Responsibility to Report Suspected Malware

Should Subscriber suspect any part of Subscriber’s hosted infrastructure is infected with Malware, or that the security of any part of said infrastructure is compromised, Subscriber agrees to promptly report such suspicion to CloudConnect by contacting the Help Desk at 1-855-256-8343 option #1 or emailing support@cloudconnect.net. Subscriber’s failure to report suspected malware to CloudConnect shall constitute an event of default by Subscriber as well as a full assumption of Subscriber’s liability and indemnification of CloudConnect for losses arising out of or attributable to said Malware infection.

Responsibility to Report Certain Security Breaches

A Security Breach is defined as unauthorized access of otherwise private information. CloudConnect generally need not be notified of a Security Breach of information on Subscriber’s platform, when said breach is the result of human error. However, if it is determined that said breach is source from CloudConnect’s internal network, and/or arises out of or is attributable to a bug or fault in software provided by CloudConnect, Subscriber agrees to promptly notify CloudConnect if the suspected breach and, where permissible by law, share information necessary for CloudConnect to report the configuration fault and/or bug to the appropriate software manufacturer.

Microsoft Active Directory Security Considerations

Subscriber will be provided with its own Active Directory Forest, for which Subscriber is solely responsible to administer and manage. Subscriber retains exclusive control over user accounts, security policies, and security principals. Subscriber is therefore fully responsible for the security, maintenance, and management of its own Active Directory and its objects. Subscribers without the resources or need to manage their own Microsoft Active Directory Forest should consider using the CloudConnect Public Domain architecture as an alternative.

The need to secure or “harden” Active Directory is escalated in a Cloud environment, primarily because logon points are readily accessible from the internet. Failure to secure Active Directory may result in civil and/or criminal penalties and/or unauthorized access to Subscriber’s infrastructure. Such unauthorized access could be malicious or unintentional, and result in data loss, downtime, identity theft, theft and/or corruption of data, and or financial loss. Subscriber shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to Subscriber’s failure to secure and/or maintain its own Active Directory Forest on an ongoing basis.

CloudConnect will provision the Subscriber’s Active Directory Forest, however because security requirements vary from organization to organization, CloudConnect does not secure subscriber’s Active Directory. Prior to use in production, Subscriber or Subscriber’s designee should implement Active Directory hardening best practices. Hardening best practices include, but are not limited to, minimum user account password complexity, limiting user account password age and history, automatic disconnection or locking of idle user sessions, account lockout for invalid logon attempts, disabling the domain “Guest” account, and renaming the domain “Administrator” account. Domain administrator accounts should never be granted access to hosted applications and desktops and/or any logon point which is accessible from the internet. Desktop/Application users should not be granted administrator rights. Additional guidance on securing subscriber’s Active Directory may be obtained from CloudConnect Technical Support.

Subscriber’s failure to maintain the requirements set forth in this paragraph will result in termination of service by CloudConnect and could compromise Subscriber’s security. Subscriber must designate and maintain an Active Directory Administrator, principally responsible for administering Subscriber’s Active Directory. Subscriber must maintain one non-transitive external bidirectional Forest Trust with gateway.cloudconnect.net on an ongoing basis, and allow CloudConnect to gather license usage data where required. This Trust relationship is required for CloudConnect’s Citrix architecture to deliver Subscriber’s applications and desktops and does not subordinate any control of Subscriber’s Active Directory to CloudConnect. CloudConnect cannot reset Subscriber’s Active Directory Administrator password or any user account passwords.

A shared Active Directory instance may not be appropriate for all deployment scenarios. Subscriber may request a separate Active Directory Forest for a specific End User Organization. Additional costs may apply arising out of the resources consumed in hosting an additional Active Directory Domain Controller.

Subscribers Utilizing Non-Microsoft Operating Systems

Certain Subscribers may opt to have CloudConnect host virtual machines/servers using an operating system not manufactured by Microsoft. In this case, the operating system must (1) be supported by CloudConnect’s current hypervisor vendor and (2) Subscriber must obtain any required licenses from the operating system manufacturer for use of the operating system in a multi-tenant Public Cloud.

CloudConnect does not provide support for non-Microsoft operating systems, and does not provide any security services such as providing endpoint protection agents and monitoring for malware for the operating system. Subscriber is responsible for the security and monitoring of the operating system, as well as the installation of any patches, updates, and/or hotfixes that may be distributed by the Operating System manufacturer.

Non-Microsoft operating systems are not currently compatible as a host for the Citrix ICA protocol. Subscriber will only be able to access Non-Microsoft operating systems through third party protocols or protocol built-in to the non-Microsoft operating system.

Firewall Ports

Each Subscriber Deployment (mspCloud or Private Domain) is assigned a Public Internet IP address as well as a vCloud Director Edge Gateway. Certain applications may require specific firewall ports and Network Address Translation rules to forward web service ports to application servers located on an Internal Network (such as an Org VDC Network). Subscriber must understand risks associated with opening firewall ports and port forwarding and take necessary measures to secure application servers for internet traffic. In the event Subscriber must forward a TCP/IP port to an internal network, the destination server should be on its own Org VDC Network, or such network designated as a Demilitarized Zone (DMZ). The destination server should only have the Internet-Facing Web application installed, and the Server should not be joined to the domain. The Server should then proxy any request to services on the internal network (database, etc.) through the Edge Gateway. Failure to use a DMZ architecture may compromise the security of Internal Networks.

Subscribers should also take necessary measures to secure their web application and user accounts. Such measures should include installing and maintaining valid SSL certificates on the application server, requiring authentication against an independent directory service, and redirecting/limiting internet-exposed ports to secure ports such as SSL/TLS (TCP 443). Users transmitting credentials to an application server in plaintext or without a valid SSL certificate risk interception of credentials by an attacker. In this scenario, if the web application’s authentication is integrated with Subscriber’s Active Directory, the user’s CloudConnect hosted applications and desktops will also be compromised because CloudConnect authenticates Private Domain subscribers to Subscriber’s Active Directory.

CloudConnect does not monitor web applications or Edge Gateways for security threats or uptime. Subscribers should consider contracting with third party monitoring services where required to monitor web applications for security threats and uptime. Subscribers should contact CloudConnect Technical Support for guidance and best practices when deploying a DMZ network behind a vCloud Director Edge Gateway.

VPN Tunnels

CloudConnect provides instructions and examples on deploying a VPN Tunnel between Edge Gateway and an on premise Network. CloudConnect does not manage, monitor, or repair these VPN/IPsec Tunnels. Any time by CloudConnect spent troubleshooting any VPN tunnel will be billed at a rate of $150 per hour. Not all on premise firewalls may be compatible. It is important to test any VPN Tunnel deployment for connectivity and reliability prior to utilizing it in production.

Encryption & Transport Security

CloudConnect remote application and desktop sessions use the Citrix ICA protocol. CloudConnect will embed the ICA protocol into the SSL/TLS protocol (port 443) with 256 bit AES encryption when the session traverses a public network (“the internet”).

CloudConnect will store all Subscriber data at rest using hard drive encryption technologies. All data at rest will be stored using 128 bit or better encryption.

If Subscriber initiates external communications on their own from the CloudConnect environment (email clients, web browsers, remote assistance agents and executable, etc.), CloudConnect is not a party to such transaction, and therefore cannot secure its communications. Subscribers must still be conscious of and secure communications with third parties as a Subscriber normally would from a traditional hardware device.

Strong Encryption Export Notice

CloudConnect distributes Citrix Receiver to Subscribers on demand to connect to and interact with Subscriber’s hosted applications and desktops. Citrix Receiver is subject to the export jurisdiction of the U.S. Department of Commerce Bureau of Industry and Security (BIS), which administers Export Administrator Regulations.

Users traveling outside of the United States must comply with all international, foreign, and domestic laws pertaining to the export and or use of Citrix Receiver. Certain foreign jurisdictions may not allow the use of the Citrix Receiver software as it is capable of securing information with strong encryption.

Configuration Changes

Because CloudConnect is a multi-user environment, Subscriber should avoid installing applications, applying patches, updates, and/or changing system configurations, during production hours. Doing so can have undesirable results, cause data loss, negatively impact or interrupt other users currently logged on, and in extreme cases, cause service outages or a system crash.

Article III - Acceptable Use Policy

Subscriber Lawful Use

Subscriber agrees to only use CloudConnect for lawful purposes. Subscriber shall not cause, suffer, permit, or allow unlawful content or user activity to exist on Subscriber’s hosted infrastructure, applications, and desktops. Subscriber shall indemnify, defend, and hold harmless CloudConnect from any loss or claim arising out of or attributable to Subscriber’s unlawful use of CloudConnect. Subscriber shall not use CloudConnect products and services in any manner that is malicious or abusive and/or causes harm to any party. Subscriber shall not cause, suffer, permit, or allow any user to attempt to gain access to any area of the CloudConnect Platform that is not intended or authorized for Subscriber’s use.

No High Risk Use

Subscriber is prohibited from using the CloudConnect Platform for any purpose where a malfunction of the platform or temporary or permanent loss of access to the CloudConnect Platform (including any data contained thereon) could lead to losses including, but not limited to, personal injury, death, destruction of property, utility and/or telecommunications services disruption, transportation system disruption, environmental damage, and/or financial loss.

Subscriber is prohibited from using CloudConnect with any device that is (1) not supported by the device manufacturer for use with remote desktop technologies and/or virtualization technologies, (2) a medical device or device used to diagnose, treat, cure, or prevent any medical disease and/or condition, (3) any device, where use with a Remote Desktop, and/or loss of connectivity with a Remote Desktop could lead to losses including, but not limited to, personal injury, death, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.

No FIPS Use

The CloudConnect Platform is not certified for compliance with Federal Information Processing Standards (FIPS). Any use requiring compliance with FIPS is prohibited.

Supported Operating Systems Only

Subscriber agrees to only operate Operating Systems currently supported by both the manufacturer and CloudConnect. Unsupported Operating Systems lack ongoing security vulnerability analysis and patching by the vendor and are thus not considered secure for any user.

Right to Comply with Authorities

Should CloudConnect know by any means that Subscriber has violated the Subscriber Lawful Use clause, CloudConnect shall have the right to disable services, notify appropriate authorities, and/or turnover hosted content and/or data (to the extent with which CloudConnect is physically able to access said information) to the authorities having jurisdiction. Subscriber shall indemnify, defend, and hold harmless CloudConnect from any loss or claim resulting from CloudConnect’s disabling of services, compliance with law enforcement, court order, judicial subpoena, or other legal proceeding in connection with CloudConnect’s compliance with law enforcement’s investigations of the Subscriber.

Internet Acceptable Use

CloudConnect provides a Virtual Internet Gateway for Subscriber’s use with CloudConnect software services. Subscriber shall not cause, suffer, permit, or allow the use of the internet gateway or assigned IP address(es) for any malicious purpose, including but not limited to, sending mass unwanted email communications (SPAM email), attempts to hack or gain control of third party systems on the internet, attempts to cause a denial of service attack on another party, intellectual property theft, piracy, industrial/political espionage, treason, copyright infringement, publication/hosting/distribution of pornographic and/or hateful/offensive or illegal content, use with file torrents, bit torrents and associated services, and/or any other practice commonly recognized as abusive or malicious by reputable Internet Service Providers, industry standards, or applicable law. Subscriber is further bound to all Acceptable Use Requirements of CloudConnect’s agreements with CloudConnect’s Internet Services Providers (ISP), including Verizon Communications, Level-3 Communications, TowardEx Technologies, Comcast Communications, and Cogent, or any other current ISP of CloudConnect. For copies of these Acceptable Use Policies, please contact CloudConnect.

Should CloudConnect discover Subscriber’s use of the Virtual Internet Gateway is causing, participating in, and/or contributing to any malicious purpose or abusive practice, Subscriber shall be considered in default of this agreement. In addition to CloudConnect’s remedies for Subscriber’s default, CloudConnect shall also be permitted (without consent of Subscriber) to take immediate necessary measures to stop abusive/malicious practices (including disabling accounts, hosted infrastructure, and/or internet access). Any time spent by CloudConnect diagnosing, tracing, correcting and/or remediating the abusive/malicious practice shall be billed at a rate of $150 per hour.

CloudConnect does not meter bandwidth use by Subscriber; however CloudConnect reserves the right to throttle bandwidth of Subscriber at CloudConnect’s sole discretion. Subscriber agrees not to abusively or excessively consume bandwidth. Should CloudConnect deem Subscriber is excessively consuming or utilizing bandwidth, CloudConnect may apply reasonable additional charges to Subscriber to cover excess bandwidth costs. For the purposes of this section, the definition of Excessive Consumption of Bandwidth shall include more than 325 GB of ingress or egress data in one month. The definition of Abusive Bandwidth Use shall include delegating or reselling bandwidth to third parties and/or use with a file torrent web service.

Connecting any computer system to the internet carries risks. Use of web browsers and other internet software applications, increases the likelihood of malware infections, unwanted software, and or security becoming compromised. Subscriber must use internet software responsibly and accept all risks and consequences associated with its use. Subscriber must educate its users on how to recognize non-reputable websites, and not to disclose or transmit personally identifiable information in a web browser unless the authenticity of the site has been verified and the connection is secured. Notwithstanding system access via the ICA protocol, if Subscriber does not wish to grant users access to internet services, Subscriber should contact CloudConnect.

CloudConnect preconfigures Subscriber’s internet DNS resolvers to use Norton Connect Safe® service with a failback to Open DNS. These services are designed to filter known malicious websites. CloudConnect may, at its sole discretion, elect to extend content filtering to include pornographic/obscene website content and gaming/file sharing website content as well. CloudConnect may also filter, at its sole discretion, IP traffic based on known malicious IP addresses, and/or countries and geographic regions with elevated incidence of malicious IP activity including countries suspected of engaging in industrial espionage against the United States. Subscriber shall not alter any of its DNS settings without the written consent of CloudConnect. Subscriber’s attempt to remove or circumvent content filtering technologies, or alter DNS entries shall constitute an event of default for Subscriber.

Should content filtering substantially interfere with Subscriber’s ability to conduct its ordinary course of business through false positive filtering, or due to Subscriber’s international business needs, Subscriber may contact CloudConnect to whitelist certain IP addresses and subnets. CloudConnect shall have sole discretion whether or not to whitelist the requested content.

To the fullest extent permitted by law, Subscriber shall indemnify, defend, and hold CloudConnect harmless for any loss to any party arising out of or attributable to Subscriber’s use of CloudConnect’s Virtual Internet Gateway.

Connect Safe® is a registered trademark of Symantec Corporation.

No Technical Interference

Subscriber is prohibited from, and assumes all liability associated with, any deliberate action or use of the CloudConnect Platform, which causes, or has the potential to cause, interference with other subscribers’ enjoyment or use of the CloudConnect Platform, performance degradation, downtime, data loss, data corruption, data theft, or harm to other subscribers and/or other individuals, even if such action is well-intentioned.

Hacking of, or attempts to gain administrator or other elevated access to, any compute resource managed by CloudConnect is strictly prohibited. Examples of such compute resources include, but are not limited to, any Virtual Machine or hardware device not joined to Subscriber’s own Active Directory Domain, or any Virtual Machine not under the exclusive control of Subscriber where said Virtual Machine run (“computes”) on the CloudConnect Platform. Attempts to gain access to any information residing on said compute resource and where such information is not expressly licensed for Subscriber’s use, are strictly prohibited.

Network Penetration Tests

Subscriber is prohibited from conducting any network penetration tests on any shared resource of the CloudConnect Platform, without prior expressed written consent of CloudConnect. The parties agree to characterize Penetration Tests as an action that has the potential to cause downtime. CloudConnect has specific protocols and response measures which must be pre-activated prior to beginning such testing in order to reduce the effect of any potential downtime caused by such testing. CloudConnect is under no obligation to authorize Subscriber to conduct any such penetration tests.

Right to Audit for Licensing Compliance and Security Compliance

Subscriber agrees to allow CloudConnect to conduct an Audit of Subscriber’s hosted infrastructure and/or Virtual Machines to verify compliance with Software licensed by CloudConnect.

CloudConnect shall have the right to access any virtual machine assigned to Subscriber for the purposes of executing its duties under the terms of this agreement. Subscriber shall in all cases cooperate and facilitate access to Subscriber’s virtual machines when required by CloudConnect. Subscriber’s failure to facilitate such access upon request of CloudConnect shall constitute a default under this agreement.

Non-Disclosure of CloudConnect Intellectual Property

Subscriber agrees it will not disclose any technical information about the CloudConnect architecture to any party, except to reputable services providers to the extent necessary for such services providers to render technology and/or software maintenance and repair services.

Remedy for Violating Acceptable Use

Should Subscriber use the CloudConnect Platform in any manner that conflicts with the Terms of Service, subscriber is doing so at their own risk. CloudConnect will not support subscriber’s Cloud environment when used in any manner that conflicts with the following Terms of Service. Should subscriber use CloudConnect in any manner that conflicts with the Terms of Service (knowingly and/or unknowingly), Subscriber waives all claims against CloudConnect, and further agrees to indemnify, defend, and hold CloudConnect harmless for any loss to any party arising out of or attributable to the use of CloudConnect in said manner that conflicts with the Terms of Service.

Should Subscriber use CloudConnect in any manner that conflicts with these Terms of Service, Subscriber may, at CloudConnect’s discretion, be deemed in default of this Agreement.

Article IV - Scope of CloudConnect - Managed Services

CloudConnect Managed Services

CloudConnect is principally responsible for, and fully manages the aspects of The CloudConnect Platform for which Subscriber does not have access to. These elements (some of which may be subcontracted to third party providers) are collectively the CloudConnect Managed Services. A basic example of a Managed Services item would be a CloudConnect hypervisor. Hypervisor Management frameworks are inaccessible to Subscriber, however Subscriber relies on a functioning hypervisor in order to use the platform, therefore it is CloudConnect’s responsibility to maintain the reliable functioning and uptime of its hypervisors. Other Managed Services items components are defined in this Section. Additional examples of CloudConnect Managed components are specified in this Article.

CloudConnect manages, develops, updates, upgrades, and expands these components to satisfy the aggregate predicted consumption of these resources by the collective subscribers and end users.

Colocation Facilities

CloudConnect utilizes third party owned and operated colocation facilities for housing CloudConnect’s data storage and information processing equipment. Said Colocation facility shall comply with the terms of SAS 70 Type II, as well as the terms of TIA Tier III datacenter facilities for redundant cooling, power, and IP transit systems. CloudConnect shall furnish evidence of compliance, certifications, and/or audits of the facilities to Subscriber upon request to the extent that said Colocation Facility makes such information available to its tenants. In Colocation Facilities only, the CloudConnect Platform shall consist of hardware that facilitates a network and power supply topology that is at least n+1 redundant.

Self-Operated Facilities

CloudConnect may also utilize self-operated facilities for housing CloudConnect data storage and information processing equipment that is primarily used for disaster recovery purposes and platform testing. Self-Operated facilities may not comply with the terms of SAS 70 Type II, nor comply with the terms of TIA Tier III datacenter facilities.

Bandwidth

CloudConnect manages bandwidth for incoming and outgoing TCP/IP traffic. The available bandwidth may fluctuate depending on the aggregate usage of all subscribers at any given time. Bandwidth is connected to the internet via upstream Internet Service Providers.

Networking Components

CloudConnect manages physical networking components required to run the CloudConnect Platform. A redundant fault-tolerant architecture is used. CloudConnect also manages the VLANs created on the physical switches and hypervisors.

Perimeter Firewalls

CloudConnect manages a set of perimeter firewalls designed to filter known malicious IP addresses (inbound and outbound). These firewalls do not use a default drop/deny rule in order to allow Subscriber to self-manage forwarding of incoming TCP/IP ports. The Subscriber must therefore secure its internal CloudConnect Networks using Edge Gateway default drop/deny rules. This is enabled by default.

Internet Numbers

CloudConnect manages a set of Internet Numbers (Public IP Addresses), which are obtained from CloudConnect’s Internet Service Providers or directly from ARIN. CloudConnect then sub-allocates these addresses for Subscriber’s use based on Subscriber’s needs. Subscriber must obtain new or additional Internet Numbers directly from CloudConnect.

vCloud Director System Administrator Role, NSX, Database, and associated Cells

CloudConnect manages the VMware vCloud Director Cell and the associated dependencies that the Cell relies on in order to properly function. Examples include instances of VMware vSphere, vCenter, NSX (formerly vShield Edge), DNS, and dependent SQL databases/database servers. It is important to emphasize that CloudConnect only manages (on these platforms) what subscriber is not able to control or manage from its vCloud Director control panel.

Shared Citrix Farm

CloudConnect manages a Citrix XenApp Farm that is shared by multiple Subscribers. CloudConnect manages the XenApp Farm and associated dependencies, such as the Microsoft Windows Active Directory Domain the Farm is joined to, the Citrix Delivery Controllers, and associated Databases. Subscriber will receive delegated Access to a Citrix Machine Catalog and Delivery Group upon enrollment, which is managed through the Software Utilities provided by CloudConnect.

Shared Citrix Access Gateway / NetScaler

CloudConnect manages various Citrix Web Interfaces, StoreFront Servers, Access Gateways, and NetScaler Gateways which are shared by multiple Subscribers. Subscribers, and more often End Users, use these Gateways and Web Servers to remotely access Desktop Applications deployed by the Subscriber.

Public Catalogs & Software Utilities

CloudConnect maintains various vCloud Director Public Catalogs containing Virtual Machine (“vApp”) Templates for rapid deployment of Servers, and Citrix Desktop Hosts. CloudConnect also maintains a Software Catalog with ISO images of the Software products available under the Microsoft Services Provider License Agreement, the Citrix Virtual Desktop Agent, VMware Tools, and CloudConnect Utilities. CloudConnect Utilities are developed by CloudConnect internally to simplify deployment of Virtual Machines on the CloudConnect platform.

CloudConnect keeps these Catalogs reasonably up-to-date with its currently supported software products and deployment scenarios.

Infrastructure and Licensing Usage Data

CloudConnect manages the collection of License Usage Data from Subscriber’s vCloud Director Virtual Datacenter for the purposes of billing the Subscriber. CloudConnect also collects Software Licensing usage data from inside the Operating Systems of Subscriber’s domain-joined Virtual Machines for those products which must be licensed under Microsoft Services Provider License Agreement. CloudConnect also reads Computer, User, Group, Domain, and Organizational Unit data from Subscriber’s Active Directory to process and aggregate the Licensing Usage Data.

Data Storage

CloudConnect manages various Storage Arrays and LUNs to store Virtual Machines and Virtual Machine data. CloudConnect replicates and/or performs backups of this data depending on the Storage Policy of associated with the LUN, and thus the Virtual Machine placed on that LUN.

Hypervisors

CloudConnect manages hypervisors running VMware ESXi, and joined to vSphere Clusters. CloudConnect manages the Distributed Resource Scheduler (DRS) configuration and High Availability (HA) configuration of these clusters. DRS balances Virtual Machine compute loads across the hypervisors within the Cluster by invoking vMotion. HA provides for restart of Virtual Machines that have become unresponsive and/or stopped running due to a hypervisor failure.

Provisioning of Subscriber’s Deployments

CloudConnect manages the provisioning of a Subscriber Initial Deployment. An Initial Deployment is the initial setup of the minimum resources required for Subscriber to assume the Organization Administrator Role of a dedicated vCloud Director Organization and Virtual Datacenter, including Edge Gateway and its default firewall rules. The Initial Deployment also includes the creation of a virtual machine which is promoted to a Domain Controller, for which Subscriber then assumes control, as well as a delegation of access to a dedicated Machine Catalog and Delivery Group in the Shared Citrix Farm. CloudConnect may deploy also provision additional Edge Gateways, Internet Numbers, and/or vCloud Director Organizations, Virtual Datacenters, and associated Domain Controllers, where necessary to support a Subscriber’s New Deployment(i.e. New mspCloud or New Private Domain). Note that each Subscriber is limited to one mspCloud deployment.

Scheduled Maintenance Windows

CloudConnect shall have the right to cause service interruptions between the hours of 10:00 p.m. and 5:00 a.m. for platform enhancements, updates, improvements, and fixes. CloudConnect posts notifications of Scheduled Network Maintenance on CloudConnect’s Support Resource Portal (http://support.cloudconnect.net) . CloudConnect will also provide an estimate of the Scheduled Maintenance Window completion time, however makes no warranty with respect to the estimate’s accuracy. Scheduled Maintenance Windows are not considered “downtime,” and as such are not eligible for any claim under CloudConnect’s Service Level Agreement (See CloudConnect Service Level Agreement).

Emergency Maintenance Windows

CloudConnect shall have the right to cause service interruptions without advance notice to Subscriber or Subscriber’s Private Domain Administrator during an emergency event. An emergency event exists when CloudConnect internally determines, at its sole discretion, that a service interruption is in the best interest of Subscriber(s) to repair or correct conditions including downtime, suspected security breach, impending system or hardware failure, or to apply a critical hotfix or security update. CloudConnect posts notifications of Emergency Maintenance and any associated Service Impacting Incident on the CloudConnect Support Resource Portal.

System Performance

CloudConnect warrants to Subscriber that the CloudConnect Platform will perform in a manner that does not unreasonably impede or restrict Subscriber or End Users from working productively, provided Subscriber adheres to the terms and conditions of this agreement, and uses CloudConnect in a supported configuration, with tested third party software applications, peripheral devices, properly functioning access points (computers, laptops, tablets, mobile phones, etc.), and an adequate internet/network connection.

Should Subscriber determine CloudConnect in a supported configuration unreasonably impedes or restricts Subscriber and/or End Users from working productively, Subscriber’s sole remedy shall be termination of this agreement within the termination window. Subscriber’s failure to terminate this agreement within the termination window constitutes an ongoing acceptance by Subscriber that the CloudConnect platform is performing in a manner that does not unreasonably impede or restrict Subscriber from working productively.

CloudConnect Service Level Agreement (SLA)

This Service Level Agreement and any remedies contained herein are applicable only to the CloudConnect Managed Services.

Should Subscriber lose access to infrastructure (“downtime”) during a calendar month for a single continuous period totaling 2 hours or more, Subscriber shall be entitled to a refund dollar amount consisting of one half (1/2) of the previous calendar month’s subscription billing, provided however, said downtime is the direct result of a qualifying cause. For the purposes of this section, downtime does not begin until Subscriber has notified CloudConnect of such inability to connect to hosted desktops or applications, and ends when CloudConnect has notified Subscriber the condition has been fixed. Only downtime events caused solely by a CloudConnect-operated datacenter hardware device, and/or operating system used to deliver CloudConnect Managed Services, are eligible for SLA claims. Downtime arising out of a malfunction of Subscriber’s hosted operating system(s), or any software installed therein, is not eligible for SLA claims. Downtime arising out of (or proximately caused by) Scheduled Maintenance, and/or downtime caused by other parties or causes beyond the direct control of CloudConnect are not eligible for claims to compensation under this SLA. This SLA shall be Subscriber’s sole remedy against CloudConnect for any loss incurred due to downtime. Subscriber is limited to a maximum of one SLA claim each calendar month and such qualifying downtime event must have occurred during said calendar month (i.e. Subscriber may not bank, or “roll over” a subsequent SLA event or claim from a calendar month for a credit to be applied to an invoice in a latter billing period).

In order to receive compensation for a qualifying downtime event under this SLA, Subscriber must notify CloudConnect via email of its desire to collect under an SLA claim no later than 30 days after the SLA qualifying incident occurs. Failure to notify CloudConnect within this period shall constitute a waiver to any compensation or credit as provided by this SLA.

Should Subscriber lose access to hosted desktops or applications (“extended downtime”) for a continuous period of at least 48 hours or more in one occurrence, Subscriber may terminate this agreement without penalty. Said termination shall be Subscriber’s sole remedy for any loss arising out of extended downtime.

CloudConnect’s acceptance of an SLA claim and subsequent compensation shall not ever be construed as an admission of liability for downtime or extended downtime by CloudConnect. Nor shall said acceptance of an SLA claim and subsequent compensation ever be an admission by CloudConnect that a negligent act, error, and/or omission by CloudConnect has occurred. CloudConnect’s acceptance of an SLA claim and subsequent compensation shall never be construed as an admission of a breach of contract by CloudConnect or that CloudConnect has failed to perform a contractual obligation and/or duty.

Subscriber’s acceptance of SLA compensation shall constitute a final settlement and waiver of any claim for damages (future or otherwise) by Subscriber arising out of or attributable to said downtime or extended downtime.

Despite best efforts, no system, including CloudConnect, is completely immune from failure, downtime, or service interruptions. Subscriber should understand that the possibility for downtime exists with CloudConnect services even when CloudConnect performs all duties under this agreement. Subscriber must consider carefully this risk and the potential effect of downtime on its organization when choosing a hosted application service such as CloudConnect.

Notwithstanding the remedies provided by the Service Level Agreement, Subscriber shall hold CloudConnect harmless for any direct loss, indirect loss, and/or consequential damages arising out of or attributable to downtime and/or extended downtime.

Article V - CloudConnect Technical Support

Support Provided to Subscriber Only

For mspCloud deployments, CloudConnect provides Technical Support to the Subscriber and Subscriber’s direct employees only. For Private Domain deployments, CloudConnect provides Technical Support to the Subscriber, Subscriber’s direct employees, and under certain circumstances, and with prior approval of CloudConnect, to a third party designee, whom is among those principally responsible for the Deployment.

CloudConnect Technical Support agents are unable to engage directly with End Users on any support issue. Those to whom we provide Technical Support must have administrative access and remote console access to the system(s) affected.

Support Limited to the CloudConnect Platform

Except for Excluded Technical Issues, CloudConnect provides Technical Support as a consulting service for immediately reproducible issues that are part of The CloudConnect Platform. In addition, CloudConnect provides Technical Support for backend platform components to which Subscriber does not have access.

CloudConnect provides consult services for the following:

vCloud Director

Familiarization and Training on Control Panel features

Loss of Access to the vCloud Director Control Panel

Adding/Deploying Virtual Machines

Adding/Deploying Organization VDC Networks

Editing Virtual Machine Properties

Guidance on Guest OS Customization

Common Citrix Farm

Citrix Receiver

Registration with a Citrix Delivery Controller

ICA Connectivity to a registered Citrix Desktop Host affecting multiple users

Software Utilities

DesktopConfig

ServerConfig

DomainControllerConfig

How to override configuration settings applied by the Software Utilities

Virtual Machines

Loss of access to a virtual machine

Data Recovery limited by the Storage Policy associated with the affected Virtual Machine(s)

CloudConnect does not provide support for applications installed in any Virtual Machine hosted on CloudConnect, even when the software application license is obtained from CloudConnect.

CloudConnect does not provide technical support or root cause analysis for issues which are not immediately reproducible to a Technical Support agent.

Excluded Technical Issues

Except for general troubleshooting recommendations and the configuration of Citrix Receiver, CloudConnect is unable to provide support for the following:

On-Premise Issues, including but not limited to:

Third party hardware devices (laptops, desktops, any device not owned or operated by CloudConnect)

Peripheral devices

On premise networks and/or on premise networking devices

Software running on any third party device

On premise Internet Service Provider connections, including performance issues

Printing, scanning, etc.

Cloud Issues

Software Applications running on Subscriber’s Virtual Machine, even if the Software is licensed through CloudConnect.

User Profile and/or System State Corruption

Peripheral Device Integration

Citrix User Profile Management

Citrix HDX MediaStream for Flash

Root Cause Analysis

How CloudConnect Provides Support

CloudConnect Technical Support is a callback service, based on the severity of the issue described. Under certain circumstances, CloudConnect may change the severity with which a Support Ticket is originally classified if we deem its original classification is not consistent with the CloudConnect Support Policy.

Except for Service Outages, CloudConnect requires Subscriber to provide access to the affected system. CloudConnect Technical Support is unable to logon as or impersonate Subscriber’s access for security compliance. In most cases, the support engineer will invite Subscriber to join a remote meeting/screen sharing session where Subscriber then provides supervised access to the support engineer. The support engineer will then work with Subscriber towards a resolution for qualifying technical support issues.

Obtaining Support

Technical Support is rendered after a Ticket (“Case”) has been filed with CloudConnect. The Ticket allows you to track the progress of the case, and maintains a record of the case.

Subscriber may open a support case 24 x 7 x 365 using the CloudConnect Partner Support Resource Portal at https://support.cloudconnect.net or by calling CloudConnect 1-855-256-8343 option 1. Please note that emails to support@cloudconnect.net which are not in response to an existing support case will not be accepted and will delay opening your case.

Please note that when opening a Support Case, you will not be immediately transferred to an engineer. An engineer will make a best effort to begin working on your case as soon as possible, with the goal of contacting you via email or telephone within the Targeted Response Time.

Targeted Response Times

CloudConnect aims to provide Technical Support within the Targeted Response Time for each Priority, categorized below. Please note that the Targeted Response time is an estimate based on normal CloudConnect Ticket Volume.

PRIORITY (SEVERITY)	TARGETED RESPONSE TIME	BUSINESS HOURS
Service Outage - Affecting All Users	Less than 30 Minutes	24x7
High Priority - Limited Number of Users Affected	Less than 2 Business Hours	8am-6pm, Monday-Friday, Excluding Federal Holidays
Low Priority - Change Request or Provisioning Request	Within 12 Business Hours	8am-6pm, Monday-Friday, Excluding Federal Holidays
Consulting, Migration, Installation, Education, Best Practices Q&A	By Appointment	Tuesdays 8am-12pm, Thursdays 1pm-5pm

Delays Excused

Notwithstanding CloudConnect’s Service Level Agreement (SLA), Subscriber hereby excuses and releases CloudConnect from any liability arising out of or attributable to delays in CloudConnect responding to and/or providing a resolution to a technical support issue for a covered product or service. Said excuse and release also apply to any delay which extends downtime, or Subscriber’s limited use or enjoyment of, a CloudConnect product or service.

Business Hours

Business Hours are defined as Monday – Friday 8:00 am – 6:00 pm Eastern Standard Time, with all United States Federal Holidays and Massachusetts Patriots Day excepted.

Resolution Not Guaranteed

CloudConnect provides no warranty with respect to its ability to provide a resolution to all Technical Support issues even when an issue arises out of a covered product or service. Under certain circumstances, Subscriber may be required to redeploy or reinstall products and/or services to regain functionality previously enjoyed. While CloudConnect may provide guidance on such processes (“remedial action”), and except where Subscriber does not have control over the functions necessary to complete such processes, CloudConnect is not responsible to perform any remedial action on behalf of Subscriber or to Subscriber’s products and/or services.

Knowledge Base & Manuals (“Publications”)

CloudConnect maintains both Knowledge Base Articles and Instruction Manuals (the “Publications”) on the Partner Support Resource Portal. This provides resolutions to commonly reported issues for which no permanent solution yet exists. The Publications should only be used for CloudConnect hosted infrastructure as it is specific to CloudConnect’s implementation of the products we support. The Publications, and any information contained therein, are licensed for Subscriber’s use with the CloudConnect Platform only. CloudConnect reserves all rights including Copyrights of the Publications. Subscriber is strictly prohibited from copying, retransmitting, redistributing, and/or disseminating any part or all of the Publications without the expressed prior written consent of CloudConnect.

Technical Issues of Special Interest

Under certain circumstances, CloudConnect may, at its sole discretion, choose to provide support to a Subscriber for an issue not ordinarily covered by CloudConnect (Technical Issue of Special Interest). CloudConnect is not under any obligation to provide support for a Technical Issue of Special Interest, and such issues are generally not covered under the terms of this agreement. Technical Issues of Special Interest are technical issues that CloudConnect determines to be of exceptional importance, affect multiple subscribers, indicate a looming or underlying system-wide issue, and/or validate a new technology, configuration, or hotfix, which could benefit other subscribers. Should CloudConnect choose to provide technical support for a Technical Issue of Special Interest, such action is limited to the specific technical issue during the specific occurrence only and a resolution is not guaranteed. CloudConnect’s actions in providing support for an issue of special interest shall not constitute an assumption of liability for the specific support issue on an ongoing basis, nor shall it constitute an assumption of liability for any other technical issue not ordinarily covered by the terms of this agreement. CloudConnect is not required to classify support incidents nor shall CloudConnect be required to notify Subscriber when Subscriber is receiving support from CloudConnect for a Technical Issue of Special Interest versus a normal Technical Support issues.

Article VI - Billing and Payment

Billing

Subscriber is charged for Licenses and Resources that subscriber allocate during the Billing Period. CloudConnect charges based on an allocation (not usage) model. This means that when a resource or license meets the allocation criteria (as explained below), Subscriber become liable for charges associated with the resource or license based on the quantity allocated at the unit cost.

Licenses consist of any Software Application covered by the Microsoft Services Provider Licensing Agreement (SPLA), which is installed on any Operating System hosted by CloudConnect. Operating Systems are not considered a Software Application under this Agreement. Note that even if Subscriber installs a covered Software Application using media or license keys obtained from a third party, Subscriber will still be charged for applicable license usage; Subscriber may not use Subscriber’s own retail-purchased or SPLA Microsoft Licenses on CloudConnect infrastructure. For a current list of Software Products and associated unit prices, please contact subscriber’s CloudConnect sales representative.

Depending on the software product, the software Licenses may be licensed per named User, or per the vCPU count of the Operating System on which the software is installed. For software products licensed per named user, a license is allocated when the following are both true (1) the software application is installed on an Operating System hosted by CloudConnect and (2) a user is authorized to remotely access the software application installed. Once a user license is allocated, it is allocated for the entire billing period, regardless of when the license is allocated. For software products licensed per vCPU, the license is allocated when the software is installed on an operating system hosted by CloudConnect. Additional licenses are allocated when the vCPU count is increased on the Operating system hosted by CloudConnect. Once a processor license is allocated, it is allocated for the entire billing period, regardless of when the vCPU is added.

Note: Where Microsoft SQL Server Standard is installed on a virtual machine with Windows Remote Desktop Service role enabled, such SQL Server instance shall be licensed per named user account, authorized to access such system. Where Microsoft SQL Server Standard is installed on a virtual machine without Windows Remote Desktop Services role enabled, such SQL Server instance shall be licensed per dual core license as provided under the SPLA. Microsoft SQL Server Enterprise is always licensed per dual core license, regardless of the operating system’s installed roles.

In consideration of the privilege of managing software applications on CloudConnect, Subscriber agrees (1) to comply with all terms of the Microsoft End User License Agreement, (2) to not distribute, disseminate, copy, reproduce, or install any Software media provided by CloudConnect on any Operating System not hosted by CloudConnect, (3) to not reverse engineer, distribute, copy, or in any way interfere with and/or dilute the intellectual property attached to any software product provided by CloudConnect.

Resources consist of Data Storage (Storage), Virtual Random Access Memory (Memory), and Virtual Processor Cores (“Virtual Processors” or "vCPU”). Resources are measured based on the timespan for which the resources are allocated by subscriber. Storage is allocated upon the instantiation of any virtual machine disk, regardless of the power state of the virtual machine it is attached to. Storage is charged per gigabyte per month (per Gigabyte-Month). Memory and vCPU are allocated when a virtual machine’s properties contain such resource in a given quantity and the virtual machine is in a powered-on state. Memory is charged per gigabyte per month (per GB-Month) of allocated Memory, and vCPU is charged per vCPU per month (per Core-Month) of allocated Cores (i.e. vCPU).

The rate Subscriber is charged for each Resource will vary based on the Storage Policy (also referred to as Storage Profile) applied to the virtual machine containing the allocated resources. The Storage Policy corresponds to a specific data protection and/or availability policy for the virtual machine. For a current list of rates and a description of the Storage Policy service offerings please contact subscriber’s CloudConnect sales representative.

Where technically feasible, resource allocations are prorated. Please note that all pro-rata calculations are best-effort approximations based on a discrete and arbitrary time-interval sampling (but in no case shall such time-interval sampling exceed one calendar month) of the virtual machine’s resource allocation and Storage Policy Placement.

CloudConnect virtualizes computing resources (including, but not limited to, storage, vCPU, and memory). The resources being used are not necessarily reservations of the allocations set by Subscriber. Rather CloudConnect hypothecates and comingles the underlying hardware across multiple subscriber allocations and the rates subscriber is charged for resource allocations assume this comingled hardware use. While CloudConnect aims to provide Subscriber with performance that mirrors subscriber’s actual usage, the actual hardware being consumed will generally be less than Subscriber’s allocation. As such there may be occasions when subscriber do not receive an actual usage and/or performance benchmark that corresponds to the allocation for which subscriber is charged.

Sales Tax

Certain CloudConnect products are subject to Massachusetts Sales Tax, regardless of the location of Subscriber’s business or the location where the Services are consumed. Generally allocated software licenses are taxable, and Infrastructure resources are considered not taxable. This may change as Sales Tax laws change.

To obtain relief from Sales Tax as a Reseller, Subscriber must be registered to collect Sales Taxes in the Commonwealth of Massachusetts, and Subscriber must file Form ST-4 with CloudConnect. Sales Taxes will only then be removed prospectively upon receipt of Subscriber’s Massachusetts Form ST-4.

Payment

Payment is due upon receipt of Subscriber’s invoice, which is generated the day after the Billing Period.

Subscriber shall maintain reputable Credit Card or Bank Account information on file with CloudConnect, and Subscriber also agrees to keep such account in good standing with Subscriber’s financial institution.

Subscriber hereby authorizes CloudConnect to charge the amount due (or submit ACH debit request) to Subscriber’s financial institution when any payment amount becomes due under this Agreement.

Late Charges

Subscriber shall become liable to CloudConnect for a minimum finance charge of $50 for any payment not received ten days after the invoice due date (the grace period). Subscriber shall continue to accrue late charges at a rate of 18% per year (pro-rated to the nearest month) until Subscriber’s account becomes current.

Remedy for Nonpayment

If payment has not successfully processed within 30 days’ of the invoice date, CloudConnect may suspend Subscriber’s service, until such time as Subscriber’s account becomes current. Suspension of Subscriber’s hosted infrastructure will cause downtime and prevent Subscriber from interacting with Subscriber’s data, software applications, system settings, and hosted desktops. Said downtime is not eligible for any SLA claim. Subscriber hereby agrees to indemnify, defend, and hold harmless, CloudConnect for any claim and/or any loss (including to Subscriber’s End Users and/or a third party) arising out of, or attributable to, CloudConnect’s suspension of Subscriber’s services due to Subscriber’s nonpayment for said services.

Reactivation of Disconnected Service

Should Subscriber’s hosted infrastructure become deactivated, CloudConnect will reactivate Subscriber’s hosted infrastructure upon receipt of all past due amounts, late charges, and interest. CloudConnect will also assess a reactivation fee of 3% of the outstanding account balance. This reactivation fee must be paid at the time of reactivation.

Abandonment

Should Subscriber’s account become 90 days past due, CloudConnect shall deem Subscriber’s hosted environment to be abandoned. CloudConnect may at any time following the 90th day the account becomes past due, permanently remove and delete Subscriber’s hosted infrastructure, applications, operating systems, all data contained therein, and all backup and replica data produced by CloudConnect (removal and deletion), provided CloudConnect has served Subscriber with at least 30 days’ advance notice of said removal and deletion via certified US Mail (return receipt requested) to Subscriber’s last known principal address or place of business. Said notice may be initiated upon Subscriber’s account becoming 60 days past due in order to facilitate removal and deletion upon Subscriber’s account becoming 90 days past due.

Subscriber shall defend, indemnify, and hold CloudConnect harmless for any claim arising out of CloudConnect’s deletion of Subscriber’s hosted infrastructure and all data contained therein provided such deletion was the result of Subscriber’s Abandonment.

Subscriber’s Insolvency

Should Subscriber become insolvent, CloudConnect will, upon submission of satisfactory evidence of such insolvency or Chapter 11 filing, provide for the export of Subscriber’s data (vmdk format only) on physical data storage media to Subscriber within 30 days of Subscriber’s request regardless of Subscriber’s account status. Subscriber shall still be liable for any cancellation fees, data export fees, and late charges, however CloudConnect will not require Subscriber’s account become current in order to facilitate the export of Subscriber’s data.

Payment Disputes, Limitation on Lookback

Subscriber should check all CloudConnect invoices upon receipt of such invoice for any error. Subscriber must notify CloudConnect of any payment dispute or discrepancy in price, quantity, or product, no later than 30 days from receipt of such invoice. CloudConnect will evaluate the error, and if necessary, correct the error within 7 days of receipt of dispute. Subscriber shall pay any balance upon receipt of CloudConnect’s correction. Should Subscriber fail to check invoices upon receipt and/or fail to within 30 days of receipt notify CloudConnect of any invoicing error or payment dispute, Subscriber waives any claim to a monetary adjustment for any incorrect or disputed dollar amount on said invoice.

Price Changes

CloudConnect reserves the right to change the unit price for any service offering, provided Subscriber is notified of said change 30 days’ in advance.

Article VII - Upgrade Policy / Lifecycle Management

Statement on Sustainability

It is CloudConnect’s goal to assist Subscriber in sustaining its Cloud investment over the long term. As such, CloudConnect strives to provide validated standard operating procedures for Subscriber to upgrade Virtual Machines and applications.

No Operating System is supported forever, as such Subscribers with a long term outlook, should be cognizant of the reality of upgrading.

Generally there is no additional licensing cost or change in licensing cost when upgrading an Operating System to a new release, except where dictated by the OEM Vendor, or when an Edition change coincides with the upgrade process.

New Operating Systems

Due to software co-dependency, Subscribers are not always eligible for software upgrades when the software is released to manufacturing by the software vendor. CloudConnect must verify all software components are available and supported across platforms. CloudConnect must also verify and test the software with the CloudConnect Platform. Generally, new Microsoft Operating Systems will be available for newly provisioned systems no later than six months following the date Citrix Systems begins supporting the new Microsoft Operating System. For use cases where the Microsoft operating system is not used in conjunction with a Citrix product, CloudConnect will make the operating system available to Subscriber for newly provisioned systems upon being supported by VMware.

Upgrading the Operating System of a Production Virtual Machine

For Operating Systems licensed through CloudConnect, there are generally two paths for upgrading the Operating System. The Subscriber is responsible for implementing these upgrades. In many circumstances it makes sense to upgrade every second or third release, rather than every release. This maintains stability in the environment by reducing the overall change-rate over time.

In-Place Upgrade

The In-Place Upgrade generally consists of taking a snapshot image of the environment, running a preparation utility, mounting the new OS media, running the in-place upgrade, and running a post-upgrade configuration utility. This process will generally be the least labor-intensive option, however depending on the overall health of the OS, it may not be successful. Be sure to discuss expectations with any End Users prior to proceeding with an in-place upgrade. In-Place Upgrade may not be available

Parallel Upgrade

The Parallel Upgrade generally consists of deploying a new Virtual Machine for a purpose homologous to the Virtual Machine being decommissioned. Applications must be installed on the new system, data, and user profiles must then be migrated. This process is generally more successful, requires less down time, however may be more labor intensive depending on the environment.

CloudConnect does not perform upgrades or installations of new products (including Operating Systems) running inside Subscriber’s Virtual Machines. Subscriber is solely responsible for performing these upgrade tasks.

Article VIII - Legal

Microsoft Software Services

MICROSOFT CORPORATION requires CloudConnect to notify its Subscribers of the following limitations, and conditions of use for which Subscriber agrees to be bound:

No High Risk Use. The Products/Services are not fault-tolerant. The Products are neither designed nor intended for use in a situation where the Product’s failure could lead to death or serious bodily injury of any person, or to severe physical or environmental damage (“High Risk Use”). Subscriber is not licensed to use the Products in, or in conjunction with, High Risk Use. High Risk Use includes, for example: aircraft or other modes of human mass transportation, nuclear or chemical facilities, and Class III medical devices under the U.S. Food, Drug, and Cosmetic Act.

Subscriber is prohibited from removing, modifying, or obscuring any copyright, trademark or other propriety rights notices that are contained in or on the Products.

Subscriber is prohibited from reverse engineering, decompiling, or disassembling the Products, except to the extent that such activity is expressly permitted by applicable law.

To the extent permitted by applicable law, all warranties by Microsoft and any liability by Microsoft or its suppliers for any damages, whether direct, indirect, or consequential, arising from this Service shall not apply or extend to Subscriber.

Subscriber accepts that Microsoft is not required to provide technical support for these services, and except where provided for by CloudConnect, Subscriber is responsible for its own technical support for the Software Services.

Subscriber understands Products and Software Services are proprietary technologies created by Microsoft, and

Subscriber shall not cause, suffer, permit, or allow infringement of or detriment to Microsoft’s rights to its intellectual property.

Subscriber agrees to allow CloudConnect to disclose information about Subscriber and Subscriber’s agreements with CloudConnect where required by the Microsoft Services Provider Level Agreement, which may be amended from time to time and is available for review from CloudConnect, LLC upon written request by Subscriber.

Privacy

Notwithstanding qualified disclosures under this agreement, CloudConnect will not intentionally share or disseminate information about Subscriber or Subscriber data with third parties. CloudConnect reserves the right to disclose information about Subscriber and or Subscriber’s data to third parties when required by law, court order, or to cooperate with a law enforcement investigation. CloudConnect may provide access to Subscriber’s hosted environment to third parties on a need to know basis. Examples of this scenario may include third party technical support personnel to troubleshoot issues specific to Subscriber’s hosted environment. CloudConnect may also be contractually obligated to share demographic information about Subscriber to comply with software licensing requirements from reputable vendors such as Microsoft and Citrix. The information disclosed, and agreements CloudConnect maintains with such reputable vendors is available to Subscriber upon request. CloudConnect will never disclose any information that is ordinarily prohibited by law, unless directed to do so by court order.

Because of the Microsoft Active Directory architecture, CloudConnect must publish the first name, last name, and universal principal name (UPN) of each mspCloud user account in the mspCloud’s Global Catalogue. First names, last names and UPNs may be viewed by any other CloudConnect mspCloud End User. Subscribers not wishing to have such information published should contact CloudConnect for guidance on enabling List Object Mode on their mspCloud Active Directory Domain Controller.

CloudConnect may actively monitor and log internet traffic from Subscriber’s hosted infrastructure. CloudConnect generally examines these logs for attempted communications with known/suspected malicious IP addresses as well as geographic regions with elevated incidence of cybercrime (such as countries suspected of engaging in industrial espionage against the United States). CloudConnect shares this logged information with reputable IP address reputation service providers to collaborate on the discovery of malicious IP addresses and respond to cyber threats. CloudConnect uses masquerade technologies to protect Subscriber’s privacy when this information is shared with IP reputation services. For additional information on this service, contact CloudConnect.

CloudConnect reserves the right to internally monitor user activity and collect user behavioral statistics for internal purposes.

Right to Comply with Authorities where Subscriber has not breached Acceptable Use

CloudConnect shall have the right to comply with any and all information requests from government authorities with appropriate jurisdiction, where CloudConnect determines, in its sole discretion, such information request to be lawful. Such right to comply shall extend to instances where Subscriber may not have breached Article III of this agreement (“Acceptable Use”).

Subscriber shall indemnify, defend, and hold harmless CloudConnect for any loss arising out of or attributable to any such information request, and/or CloudConnect’s determination that such information request is lawful. Information Request shall include, but not be limited by, law, injunction, mandamus, subpoena, court order, law enforcement and/or agency directive, and/or Executive Order, requesting one-time delivery of, and/or ongoing access to, any and all data stored on the CloudConnect Platform, including Subscriber’s data, platform metadata, platform session data, platform TCP/IP connections, and/or platform audit logs.

Insurance

CloudConnect shall purchase and maintain insurance from responsible insurance companies licensed to conduct the business of insurance in the Commonwealth of Massachusetts that meet the following minimum requirements:

Cyber Liability $2,000,000 per occurrence / $2,000,000 aggregate

Errors and Omissions $2,000,000 per occurrence / $2,000,000 aggregate

General Liability $2,000,000 per occurrence / $2,000,000 aggregate

CloudConnect’s insurance generally provides coverage when a qualifying act, error, and/or omission by CloudConnect directly causes qualifying damages to Subscriber. Subscriber is not an additional insured under any CloudConnect insurance policy. CloudConnect’s insurance does not cover Subscriber for losses to third parties as a result of Subscriber’s acts of negligence. Subscribers who license or maintain personally identifiable information, health records, intellectual property, and/or other high risk data should strongly consider purchasing their own data privacy liability insurance coverage. Storing personally identifiable information on a CloudConnect server does not imply liability of CloudConnect should such data be compromised, nor will CloudConnect’s insurance pay any such claims.

CloudConnect will promptly furnish Subscriber with insurance certificates and/or list Subscriber as a Certificate Holder with appropriate policy cancellation notice upon request of Subscriber.

Subscriber’s Compliance with Information Security Laws and Regulations

CloudConnect is a multi-tenant public cloud. It is the responsibility of Subscriber to determine if Subscriber is required to comply with industry standards or regulations including HIPAA, 201 CMR 17, PCI, FIPS, SAS 70, and others. The Subscriber as an entity is responsible for its own compliance with such standards and regulations pertaining to information security and electronic data processing systems. CloudConnect will, upon request of Subscriber, provide written documentation detailing certain technical and security specifications of the CloudConnect Platform. Subscriber shall use such documentation for no other purpose than to determine whether or not Subscriber is able to comply with applicable regulations and industry standards once utilizing the CloudConnect Platform. Subscriber agrees not to disclose such information to any third party, and Subscriber understands there are limits to the amount of technical information CloudConnect can disclose to Subscriber because of CloudConnect’s own security policies.

CloudConnect does manage and perform certain security services for all subscribers. CloudConnect may also distribute security information, alerts, patches, and recommended technical configurations to Subscriber. Subscriber should not assume these security services imply Subscriber’s compliance with Industry Standards, Regulations and Laws, which may govern Subscriber with respect to information security and electronic data processing systems. Subscriber should retain the services of a professional security consultant or auditor where needed to determine if additional security measures are required for compliance, or if the CloudConnect platform prevents Subscriber from achieving compliance.

Subscriber’s Default and CloudConnect’s Remedy

Should Subscriber default on any covenant of this agreement, CloudConnect shall have the right to terminate this agreement and/or disable software services, provided Subscriber has not cured such default seven days’ after receipt of notice of default from CloudConnect. This default remedy shall not limit or prejudice any other remedies specified in this agreement. Subscriber shall indemnify, defend and hold CloudConnect harmless from any loss arising out of or attributable to CloudConnect’s termination of Subscriber for default.

CloudConnect’s Default and Subscriber’s Remedy

Should CloudConnect fail to perform an obligation under this agreement, and said failure to perform gives rise to a technical glitch, which substantially interferes with Subscriber’s ability to conduct its ordinary course of business, CloudConnect shall be considered in default of this agreement. Subscriber must notify CloudConnect in writing of the alleged default and associated technical glitch, as well as the impact on Subscriber’s business no later than seven days after discovery of said glitch by Subscriber. Said notice shall be served via certified US Mail return receipt requested, or via Federal Express. CloudConnect shall have ten business days to either cure the alleged default, or postmark a Notice of Dispute, which shall include a reasonable justification for CloudConnect’s dispute of the alleged default. Should CloudConnect fail to cure or issue written Notice of Dispute to Subscriber by the tenth business day thereafter, Subscriber, as sole remedy, may terminate this agreement. Should CloudConnect issue a Notice of Dispute, Subscriber may initiate arbitration proceedings consistent with the provisions of Disputes Under this Agreement. Should Subscriber fail to initiate said arbitration proceedings within thirty days’ of receipt of Notice of Dispute, said default of CloudConnect shall be considered cured.

Persistent Default

Should Subscriber or CloudConnect default under this agreement for the same reason on more than one occasion, then either party may exercise their default remedies without affording the other an opportunity to cure said default.

Termination by Subscriber

Subscriber may terminate this agreement upon thirty Days’ notice to CloudConnect.

Termination by CloudConnect

Notwithstanding the provisions of Subscriber’s Default and CloudConnect’s Remedy, CloudConnect may terminate this agreement at any time provided CloudConnect provides Subscriber with six months advance notice of its intent to terminate.

Responsibilities upon Termination

Upon termination by either party (including for termination arising out of the default of either party), Subscriber shall be ultimately responsible for migrating Subscriber from Subscriber’s Hosted Infrastructure, to Subscriber’s new environment. Subscriber may request CloudConnect provide Subscriber’s virtual machines in Open Virtualization Appliance (OVA). CloudConnect will charge Subscriber $2.00 per Gigabyte of data exported plus reasonable costs incurred during the process (shipping, storage media, etc.). Any Microsoft or Citrix software exported by Subscriber in OVA format is considered not licensed at time of export. Subscriber will be required to obtain retail licenses from Microsoft and Citrix to run the Microsoft or Citrix software normally licensed under the SPLA or CSP programs.

No Interference by Subscriber

Subscriber agrees not to take any action against CloudConnect, which could adversely affect or jeopardize another subscriber’s use of CloudConnect services or cause business interruption to another subscriber, or cause temporary or permanent loss of access to hosted infrastructure.

Subscriber to Indemnify, Defend, and Hold CloudConnect Harmless

To the fullest extent permitted by law, Subscriber hereby agrees to defend, indemnify, and hold CloudConnect harmless for any loss, including losses to third parties, arising out of or attributable to Subscriber’s use or resale of the CloudConnect Platform.

To the fullest extent permitted by law, Subscriber hereby agrees to defend, indemnify, and hold CloudConnect harmless for any loss, including losses to third parties, arising out of or attributable to any of Subscriber’s End User’s use of the CloudConnect Platform.

Subscriber agrees to defend, indemnify, and CloudConnect harmless for any loss arising out of or attributable to subscriber’s failure to comply with the terms of this agreement and/or any loss arising out of or attributable to the negligent acts, errors, and/or omissions of Subscriber, or arising out of or attributable to the applications installed by Subscriber, and/or peripheral devices installed by Subscriber.

Subscriber agrees indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to the actions or inactions of a third party, malicious party, or hacker, and/or any loss arising out of a cause beyond the direct control of CloudConnect. Subscriber further agrees to indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to faults, bugs, defects, and/or security vulnerabilities in any software code installed by Subscriber as well as faults, bugs, defects, and/or security vulnerabilities in any software that is provided by CloudConnect (including software manufactured by or services provided by, Dell, Microsoft, Symantec, Vyatta, VMware, Citrix, Zoho Corporation, ThreatSTOP, Symantec, Open DNS, TowardEX, and/or Verizon Communications) or used by CloudConnect to deliver software services to Subscriber.

Subscriber further agrees to indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to faults, bugs, defects, and/or security vulnerabilities in any hardware or firmware used by Subscriber in connection with CloudConnect, as well as faults, bugs, defects, and/or security vulnerabilities in any hardware that is provided by CloudConnect for Subscriber’s use and/or used/operated by CloudConnect to deliver software services to Subscriber.

Subscriber agrees to indemnify, defend, and hold CloudConnect harmless from any claim arising out of or attributable to CloudConnect’s failure to update or patch any faults, bugs, defects, and/or security vulnerabilities in any hardware, firmware, software, operating system, script, certificate, and/or other software, application, API, script, and/or computer code running or residing on the CloudConnect Platform.

Subscriber agrees to indemnify, defend, and hold CloudConnect harmless from any claim for any loss, including losses to third parties, arising out of, or attributable to the loss, corruption, and/or theft of Subscriber’s data and/or such loss, corruption, and/or theft of any of Subscriber’s End User’s data, regardless of the manner in which such loss occurs.

Limitation of Damages

CloudConnect shall never be liable to Subscriber for any claim for damages, which is not covered by an insurance policy in effect by CloudConnect’s at the time of the alleged cyber breach, negligent act, error, and/or omission. Nor shall CloudConnect ever be liable to Subscriber for any claim for damages that exceeds what CloudConnect’s insurance policies shall pay (policy limits) less any previous claims paid by the insurance carrier to any party during the policy term.

Subscriber shall indemnify, defend, and hold CloudConnect harmless for any loss, downtime, or delay, arising out of or attributable to any natural disaster or manmade disaster, Act of God, act of a civil or military authority, riot, social unrest, Act of War, certified act of terrorism, widespread utility outage, fire, flood, earthquake, tornado, hurricane, storm, casualty or loss of or at any Colocation Facility or Self-Operated Facility, utility or HVAC disruption at any Colocation Facility or Self-Operated Facility, downtime by CloudConnect’s Internet Services Provider(s), hardware failure, and/or other incident of force majeure.

No Consequential Damages

Under no circumstances shall CloudConnect ever be liable to Subscriber for consequential or indirect damages (including, but not limited to, business interruption or lost profits) arising out of or attributable to CloudConnect’s performance or failure to perform under this agreement. CloudConnect shall never be liable to Subscriber for any business interruption claim.

No Punitive or Penalty Damages

Under no circumstances shall CloudConnect be liable to Subscriber for any punitive, penalty, and/or multiple damages, including any liability or expense arising from any claims, losses, damages, suits, judgments, litigation costs, and attorney's fees. CloudConnect shall never be liable to Subscriber for any interest on any claim or attorney’s fees.

No Personal Liability

Subscriber shall hold harmless both individually, and collectively, the officers, directors, managers, agents, shareholders, members, employees, owners, and affiliates of CloudConnect from any personal liability for any claim under this agreement.

Unless Subscriber is a natural person or Subscriber’s Private Domain Administrator is a natural person CloudConnect shall hold harmless both individually and collectively, the officers, directors, managers, agents, shareholders, members, employees, owners, and agents of Subscriber from any personal liability for any claim under this agreement. In the case where Subscriber or Subscriber’s Private Domain Administrator is a natural person, said person’s liability shall only extend in so far as liability permits under this agreement.

Waiver of Right to Trial by Jury

Both parties hereby waive their right to a Trial by Jury for any dispute or claim arising out of this agreement.

Disputes under this Agreement

In the event a dispute shall arise between the parties to this agreement, it is hereby agreed that the dispute shall be referred to the AMERICAN ARBITRATOR’S ASSOCIATION (the “Arbitrator”), for arbitration in accordance with the applicable United States Arbitration and Mediation Rules of Arbitration. The Arbitrator's decision shall be final and legally binding and judgment may be entered thereon.

The non-prevailing party of the arbitration shall bear all Costs of Arbitration for both parties, unless otherwise directed by the Arbitrator. Costs of Arbitration shall not include attorney’s fees.

Jurisdiction

This agreement shall be governed by the laws of THE COMMONWEALTH OF MASSACHUSETTS and, where applicable, THE UNITED STATES OF AMERICA.

Amendments to this Agreement

No future amendment of this agreement shall be binding unless such amendment is made by CloudConnect and CloudConnect provides at least thirty days’ notice of such amendment to Subscriber prior to the date such amendment shall take effect. Proper notice may include an email notification sent to Subscriber’s most recent email address.

Subscriber may request amendments; however Subscriber is prohibited from amending this agreement without the Written Consent of CloudConnect.

No oral agreements of any kind shall in any way amend or alter this agreement. A party’s actions or failure to act shall never be construed as an amendment or consent to amendment of this agreement.

Written Consent

For the purposes of this agreement, Written Consent shall mean a document furnished by the consenting party, for the sole purpose of providing consent. Said document shall explain in writing what is being consented to, and said document shall be signed and dated by an authorized member of the consenting party. The cashing and/or endorsing of a check shall never constitute written consent by any party.

No Waiver

Except where action is required under the terms of this agreement, the failure of either party to complain or notify the other party of a default shall never constitute a waiver to the either parties’ rights or remedies contained herein. This clause is limited to claims of default only.

Supremacy

This agreement shall be the supreme governing document of Subscriber’s contractual relationship with CloudConnect and vice versa. Where a conflict arises between this agreement and any other previous, current, or future agreement, written or oral, this agreement shall prevail.

Severability

Should any clause, paragraph, or section of this agreement be rendered null, void, invalid, or nonbinding in any in any legal or arbitration proceeding, the surviving clauses, sections, paragraphs, thoughts, and/or ideas shall remain in full force and effect.

Survivability

Any indemnification, or financial obligation owed by either party under this Agreement shall survive the Termination of this Agreement and remain in force until satisfied to the extent permissible by law.

Transfer of this Agreement

This Agreement may be transferred by Subscriber to a third party upon receipt of written consent of CloudConnect to complete such transfer. All of Subscriber’s CloudConnect services must remain with one single account and may not be split or divided into separate or sub accounts.

Exhibit A – End User License Agreement

This indemnification and hold harmless agreement made this ___ day of ___________________ 20___ by and between ______________________________________________________ (“Subscriber”) and ______________________________________________________________ (“End User”).

WHEREAS: End User hereby acknowledges receipt of the CloudConnect Acceptable Use Policy and agrees to the terms contained therein, also available online at www.cloudconnect.net/company/terms.

WHEREAS: End User hereby acknowledges and agrees that a remotely hosted platform requires reliable Internet Access in order to access and use End User’s data.

WHEREAS: End User hereby acknowledges that no Information Technology Platform including Cloud Platforms, regardless of how well-designed are immune from downtime, data loss, data corruption, and/or data theft.

NOW THEREFORE: Notwithstanding any other agreements between the parties, and in consideration of End User’s and Subscriber’s dependence on the Managed Services provided by CloudConnect, LLC (“CloudConnect”), a Massachusetts Limited Liability Company with principal offices at 10 Tech Circle Natick, Massachusetts 01760. End User hereby agrees to indemnify, defend, and hold harmless, collectively and severally, both CloudConnect and Subscriber for any claim brought by any party for any loss, arising out of or attributable to End User’s use of The CloudConnect Platform, provided such loss is attributable to the destruction, theft, and/or temporary or permanent loss of access to end User’s data, or provided such loss is attributable to end User’s misuse of the CloudConnect Platform and/or violation of the Acceptable Use Policy.