Technical Proposal: Cloud Migration

SAP and NON-SAP System Managed Services

on MS Azure
Ref: - RFP Cloud Migration

For

RFP # Cloud Migration

Version :1.0

STATEMENT OF CONFIDENTIALITY

This document contains proprietary trade secret and confidential information to be used
solely for evaluating Cloud4C. The information contained herein is to be considered
confidential. Client, by receiving this document, agrees that neither this document nor the
information disclosed herein, nor any part thereof, shall be reproduced or transferred to other
documents, or used or disclosed to others for any purpose except as specifically authorized
in writing by Cloud4C.
 Table of Contents
Cover Letter ..................................................................................................................................................... 4
1 Executive Summary .............................................................................................................................. 5
2 Bidder Profile & Experience .............................................................................................................. 6
3 Cloud4C Value Addition ..................................................................................................................... 8
3.1 Cloud4C Competency on AZURE ................................................................... 11
3.2 Our Existing partnership with Oil and gas majors in the region ........................ 12
3.3 TEN Paradigms that define Cloud4C .............................................................. 12
3.4 Cloud4C SAP Portfolio ................................................................................... 13
3.4.1 SAP on Azure ................................................................................................ 14
3.4.2 SAP Certified Instances on Azure .................................................................. 17
3.5 Project Execution Team ................................................................................. 18
3.6 Cloud4C SOC Portfolio .................................................................................. 19

4 Understanding of Solution Requirement ................................................................................... 22

5 Proposed Solution .............................................................................................................................. 23
5.1 Proposed Architecture & Design ..................................................................... 23
5.2 Solution Technical Specification ..................................................................... 25
5.3 Engagement Methodology, Approach & Deliverables ...................................... 25
5.4 Scope of work, required technology, and tools used for migration ................... 30
5.5 Current state assessment approach ............................................................... 31
5.6 Readiness Planning (Pre-reqs, target state design) ........................................ 32
5.7 Migration and Cutover Planning & Scheduling ................................................ 39
5.8 Integration with OnPrem systems ................................................................... 44
5.9 Compute, Storage, Network Designs .............................................................. 45
5.10 SAP Applications Migration Approach ............................................................. 48
5.11 NON-SAP Application Migration approach ...................................................... 53
5.12 Cloud & Infrastructure Security Details ........................................................... 55
5.13 Proposed Solution Assumptions ..................................................................... 56

6 Project Methodologies & Approach ............................................................................................ 58

6.1 Project Management ...................................................................................... 58
6.1.1 Governance Structure .................................................................................... 59
6.1.2 Project Cadence ............................................................................................ 61
6.1.3 Project Risk Management .............................................................................. 61
6.2 Service Management ..................................................................................... 63
6.2.1 Service Delivery Processes ............................................................................ 63
6.2.2 Service Window Coverage & SLA’s ................................................................ 64

Page | 2
 6.2.3 Incident Management ..................................................................................... 66
6.2.4 Problem Management .................................................................................... 69
6.2.5 Change Request Management ....................................................................... 71
6.3 Proposed Timeline ......................................................................................... 75
6.4 Project Resources with Resumes ................................................................... 75

7 Terms and Conditions ....................................................................................................................... 82

8 Cloud4C Managed Services............................................................................................................. 83
8.1 Azure Platform Services ................................................................................. 85
8.2 Monitoring Services ....................................................................................... 88
8.3 OS Managed Services ................................................................................... 89
8.4 Network Managed Services ............................................................................ 92
8.5 Backup Managed Services ............................................................................. 93
8.6 Azure Sentinel SIEM Service ......................................................................... 94
8.7 Disaster Recovery Methodology ..................................................................... 95
8.8 SAP Managed Services .................................................................................. 99

9 References .......................................................................................................................................... 104

10 Conclusion ......................................................................................................................................... 110

Page | 3
Cover Letter

Dear ADC team,

Cloud4C Services Ltd thanks ADC for providing an opportunity to bid for SAP and NON-SAP Migration
to public Cloud.

We are excited about the opportunity to help you make this a productive and exciting partnership as a
potential vendor. We are cognizant of the effort it takes to a select ideal partners for the cloud journey,
so we very much appreciate the opportunity. Cloud4C meets all the requirements detailed in the RFP.
That’s illustrated in greater detail in this proposal. In the meantime, the following capabilities make us
confident that Cloud4C is the most qualified company for ADC Migration on Cloud.

We firmly believe that Microsoft + Cloud4C will be the right partner to support ADC in delivering
Managed Services including the testing (failover/failback), training, documentation and after go-live
support of the planned DR environment in Cloud. We believe the following value proposition uniquely
differentiate Cloud4C:

• An Experienced Team: We have the best experienced project team with proven skills at global scale
by delivering multi-cloud projects across the geographies through Center of Excellence (CoE) teams
that work very closely with Client.
• Differentiated Approach: Leverage our experience from the executed projects to address the
service needs and infuse innovation.
• Expertise & Skills: We have deep knowledge of SAP systems Azure Services and their functional /
technical maturity within the context of Project requirements. This allows us to provide ADC with clear
guidance to drive towards an effective solution.
• Modern Tools and Industry Assets – In addition to bringing a proven methodology to manage the
project, we also bring in our Cloud technology assets, to accelerate and improve the service quality
and reduce the risk.

As a closing note, we are very grateful for the opportunity to put forward our capabilities, we recognize
clarifications may be required, and should you have any, we would be very happy to discuss any aspect
of our proposal.

Thanks

Cloud4C

Page | 4
 1 Executive Summary
Cloud4C Services Company (hereinafter referred to as Cloud4C) is thankful to Arabian Drilling
Company (hereinafter referred to as ADC) for having provided an opportunity for submitting the
technical and commercial proposal in response to the ADC’s RFP “Cloud Migration & Disaster
Recovery”.

ADC is looking for a cloud technology partner who has the competent and capabilities to provide an end-
to-end migration and disaster recovery solution on a public cloud platform for its SAP and Non-SAP
workloads that are currently running on-premises datacenters of ADC. The objective of this project is to
enhance operational efficiency, reduce cost by using consumption-based approach, increase scalability
and agility as well as leveraging latest technology provisioned.

We believe that we are the right partner, who has the right expertise and experience with differentiated
tools, to envision and meet ADC business and IT objectives. To address these requirements, Cloud4C
being the trusted cloud technology partner is understanding the complexity and the scope associated
with this effort and believe that our proposed solution reflects that understanding.

In this project, Cloud4C is aiming to implement a cloud migration model, where we leverage our
experience in managing multiple cloud platforms to build a cloud-native environment that matches the
ADC strategy and objective.

Applying all global and local compliance and security standards that are specific to the governance
standards in KSA and provide CaaS - Compliance as a Service that includes continuous auditing, asset
discovery & monitoring, reporting, and audit support. Cloud4C runs the Cloud Adoption Framework
(CAF) – CLOUD PROVIDER certified and approved cloud adoption guidance and best practices.

We also run our own Project Delivery approach which is based on Centre of Excellence "CoE"
philosophy, providing expertise from all technology backgrounds where we commit to results and
outcome rather than the number of resources. We scale our resources up and down for each migration
phase as required, no matter how big or small the tasks are. We use a similar concept with our managed
service approach to ensure a smooth transition between implementation and operation.

Project Phases

At a high level, the Project will include following phases for ADC Cloud Migration Journey

Project Phases
Phase 0: - Assessment
- PoC as per ADC objectives
Phase 1: - Lift & Shift Migration as per Migration Plan (SAP & Non-SAP)
- SOC Services Setup
- Managed Services for Phase 1.
Phase 2: - ECC to S4 Conversion – (Not a part of current technical response)
- Resizing of environment for conversion if required
Phase 3: - App & DB Modernization – (Approach and Methodology)

SLA Proposed: Availability

99.9% or more for Production
95.0% for Non-Prod
RTO & RPO:
Near Zero RPO and 3 to 4 Hours RPO

Page | 5
2 Microsoft Compliance
Principle Requirement Response

Compliance - Regulatory alignment of vendor Microsoft will comply with all laws
services with data protection or other and regulations applicable to its
appropriate governance. provision of the Online Services,
including security breach
o Service notification law and Data Protection
Requirements. However, Microsoft
Organization is not responsible for compliance
with any laws or regulations
Control SOC
applicable to Customer or
1 o Service Customer’s industry that are not
generally applicable to information
Organization technology service providers.
Microsoft does not determine
Control SOC whether Customer Data includes
information subject to any specific
2 o Service
law or regulation. All Security
Organization Incidents are subject to the Security
Incident Notification terms below.
Control SOC Customer must comply with all laws
3 and regulations applicable to its use
of Online Services, including laws
o PCI DSS related to biometric data,
confidentiality of communications,
o C5 and Data Protection Requirements.
Customer is responsible for
Attestation o
determining whether the Online
CSA Star o Services are appropriate for storage
and processing of information
ISO 27001 subject to any specific law or
regulation and for using the Online
Services in a manner consistent
- Compliance with Saudi Aramco Third
with Customer’s legal and
Party Cybersecurity Standard (SACS-002)
regulatory obligations. Customer is
- Compliance to KSA national standards responsible for responding to any
related to cybersecurity, privacy, and data request from a third party regarding
Customer’s use of an Online
protection mandated by the following Service, such as a request to take
down content under the U.S. Digital
authorities: o NCA
Millennium Copyright Act or other
applicable laws.
- Ensure cloud services and resources
Azure undergoes a SOC audit by
comply with ADC’s geo restriction policies
an AICPA-accredited auditor twice a
(The site for hosting and storing company
year to verify the effectiveness of its
information must be within the Kingdom by
security controls in audit scope. The
31.09.2023) Azure and Azure Government SOC
2Type 2 System and Organization
Controls (SOC) 1 Type 2 - Azure
Compliance | Microsoft Learn
attestation report published by the
auditor explains the circumstances

Page | 6
 when access to customer data can
occur and how.
For the majority of customer-
initiated support requests, access to
customer data is not needed.
However, the most common
scenario by far involves a customer
opening a troubleshooting ticket
with Azure Support, and Support
subsequently obtaining an
authorization to access customer
resources that could potentially
include customer data. When
access to customer data is needed,
customers can manage that access.

Microsoft complies with the

international cybersecurity
standards.

Microsoft complies with all the

international cybersecurity
standards which NCA have followed
in the creation of its controls.

Microsoft does not have a local

datacentre in KSA.

3 Bidder Profile & Experience

Cloud4C being the largest and oldest HEC provider for
Company general background info: SAP globally, we have an in-depth experience in the
cloud space wherein we have moved multiple customers
to Azure along with setting up of DR.

MoTC, PSA, Doha Bank, QNB Bank, Baladna, Mashreq

Customer base: Bank, EQUATE petrochemical, RAK Ceramics, Al-
Shaya, ADX, LuLu, Avianca Airlines, Jumbo, etc.
We are a Global managed services player with 2,000+
Company size and organization: employees with 1,500+ dedicated staff in Service Delivery
& customer support. Cloud4C hosts In-house expertise
on various Azure Solutions & workload migration.
All support services are delivered through Global NOC &
SOC with 550+ Azure certified resources available on
24x7x365 for customers.

Brief Introduction of the company profile and our

Brief description of the company, capabilities and expertise to cater to the solution
including past history, present requirements is mentioned section 3 Cloud4C
status, future plans, etc.: Introduction

Page | 7
Experience and Track record in the field

S.I.NO Description Cloud4C Response

1 Description of the various Cloud4C is a born in the cloud, Application Focused
products and services that High-End Cloud Managed Services Player operating
the company offers globally.

A cloud evolution partner providing end to end cloud

managed services for enterprises; helping them gain total-
control of the cloud game now and in the future. Cloud4C is
a global company with Cloud footprint in Americas, India,
Europe, Middle East, and SEA & ANZ. We are present in 26
countries globally.

For details about our services – please visit

www.cloud4c.com

2 Description of the Cloud4C Services Private Limited is an unlisted private

ownership structure company.
Description: The company provides IT services. It offers
infrastructure and cloud management, professional system
integration, IT support, information security, and application
development services.
Products & Services: Infrastructure and cloud
management, professional system integration, IT support,
information security, and application development services.
Category: Service provider
Details about the organization structure for the Middle east
region is depicted below this table
3 Number of employees Cloud4C has around 2000 Employees, working across
across all the bidding multiple portfolios.
company’s legal entities The split will be around 80% of workforce on the services
delivery and remaining across different support functions
like sales, presales, marketing, Admin, Human resources,
finance, Administration including travel and logistics
4 Geographic location(s) of Global Presence - 26 countries | 52 locations | 4000+
development, sales, and Clients | Local in-country services.
support offices Please refer to below link for further details
https://www.cloud4c.com/contact-us

4 Cloud4C Value Addition

Cloud4C is a born in the cloud, Application Focused High-End Cloud Managed Services Player
operating globally. A cloud evolution partner providing end to end cloud managed services for
enterprises; helping them gain total-control of the cloud game now and in the future. Cloud4C is a global
company with Cloud footprint in Americas, India, Europe, Middle East, and SEA & ANZ. We are present
in 25 countries globally.

Page | 8
Cloud4C has a comprehensive service portfolio to cater to varied enterprise needs. Our team of certified
cloud Architects and engineers work with customer teams to enable their digital transformation from
beginning their journey through Cloud Adoption Framework

A Global cloud player with 2,000+ employees with 1,500+ dedicated staff in Service Delivery &
customer support. Cloud4C hosts In-house expertise on Network and Security services
All support services are delivered through Global NOC & SOC with all certified resources available
24x7x365 for customers.

Gartner Magic Quadrant 2021

Cloud4C, an application-focused, leading cloud managed services provider is recognized as a Visionary
in Gartner® Magic Quadrant™ for Public Cloud IT Transformation Services1. The report evaluated 16
top managed service providers and system integrators that deliver transformational IT outcomes through
specialized cloud-native solutions. Gartner evaluation each vendor based on the Ability to Execute and
Completeness of Vision to classify them into Leaders, Challengers, Visionaries and Niche players

Page | 9
 Cloud C proud to be recogni ed as a

isionary
in Gartner Magic Quadrant for
Pu lic Cloud T Transformation
Services

Cloud C is a cloud native managed services provider that differentiates Cloud C has experience supporting critical enterprise applications
itself by providing transformational yet cost effective services to including SAP and Oracle. Cloud C is a ma or SAP global provider for
enterprises with a focus on complex enterprise applications. It uses a SAP A A nterprise Cloud SAP C and is certified for SAP hosting
cloud factory model that is underpinned by integration of a wide range application management services cloud services and A A operations
of tools to accelerate time to value for clients. services.
-- Magicuadrant for Pu lic Cloud T -- Mar et uide for Pu lic Cloud Managed and
Transformation Services Professional Services Providers Asia Pacific

Few other mentions -- Mar et uide for ac up as a Service

-- endor dentification for SAP Application Service Providers

The Report mentions

• Understand the factors driving the growth cloud managed services adoption
• Learn why Cloud4C has been recognized as a Visionary for Public Cloud IT Transformation
• Explore our unique solutions fostering transformation in high-growth companies
Cloud4C Unique Value Addition
We are a Global cloud provider with 12+ years’ experience in Cloud & managed hosting. Our processes
are ITIL based & ISO certified. Our solution frameworks are on par with global standards with a holistic
approach to Client needs.
We are a Technology neutral & vendor agnostic company with experience & versatility to manage
multiple technology platforms.
se the Po er of overnance at Scale Support
Automation
eep your cloud estate compliant Dedicated support team to manage end to end
using automated governance policies services
Codify your Infrastructure using IAC
and blueprints SLA bound service management processes
Deploy resources in minutes consistently
Forecast udget and optimi e your Proper escalation matrix
without human errors
cloud cost using CMP Tools Cloud Certified professionals across all
Automate your daily repetitive tas s technologies

et the est of Cloud Monitor at a single

Protect your
environment glance
Get the best fit of your wor loads
Moderni e Applications
Integrate to CAF Protect your wor loads from threats by ave a uniform holistic approach in
Continuous Improvement se the leveraging advanced cloud security monitoring your entire cloud wor load
latest product features and upgrades solutions and stay compliant Leverage industry best centrali ed
Data Protection and usiness continuity monitoring tools automated
enablement Disaster Recovery solutions wor boo s self healing OTs to
proactively monitor and troubleshoot
brea fixes

Page | 10
 4.1 Cloud4C Competency on AZURE

Advanced specializations:

Cloud4C has achieved 9 advanced specializations to be a proven partner with validated technical
capabilities to deliver specialized services in a specific solution area. The list of areas is as below

• Kubernetes on Microsoft Azure

• Linux and Open-Source
• Database Migration to Microsoft Azure
• Modernization of Web Applications to Microsoft Azure
• SAP on Microsoft Azure
• Windows Server and SQL Server Migration to Microsoft Azure
• Microsoft Windows Virtual Desktop
• Threat Protection
• Networking Services in Microsoft Azure
• Analytics on Microsoft Azure

Competencies: Cloud4C has proven capabilities to demonstrate technical capabilities in Microsoft

products or technologies.
• Gold Application Integration
• Gold DevOps
• Gold Data Analytics
• Gold Application Development
• Gold Cloud Platform
• Gold Datacenter
• Gold Cloud Productivity
• Gold Security
• Silver Data Platform
• Silver Small and Midmarket Cloud Solutions

Page | 11
 4.2 Our Existing partnership with Oil and gas majors in the region

4.3 TEN Paradigms that define Cloud4C

• Cloud4C believes in harnessing the combined knowledge of a team of experienced professionals
rather than create silos of expertise with subject
matter specialists.
• Strive to implement full scale automation in all
processes.
• Tried & tested Standard operating
Procedures made by a vast pool of experience.
• Centre of Excellence philosophy to assimilate
the combined knowledge of each individual for
providing innovative services
• Creating Industry specific frameworks on
AZURE platform
• Experience in servicing Clients across all
industry verticals in challenging environments.
• Services supported by underlying AZURE
infrastructure, fully managed by Cloud4C
• Bringing enterprise grade security within the
reach of every Client.
• Focusing on reducing the TCO through Cloud
adoption leveraging AZURE native services.
• Total ownership philosophy that ensures Client satisfaction at every stage of the project.
Managing- complex cloud environments
Cloud4C work closely with ADC to understand unique requirements and challenges, delivering the tools,
management and expertise needed throughout the entire cloud lifecycle. A journey to cloud without
losing control.
• Total Control of SLA at Application Login.
• Total Control of Security
• Total Control of Compliance
• Total Control over Speed to Market

Page | 12
 Advantages of the Centre of Excellence
Certifications & Compliances:
(COE) Model:
• ISO 27001 – Information Security • 24*7 System Monitoring & Management
Management System from Central/Local NOC/SOC.
• ISO 9001:2015 – Quality Management • COE model promotes expertise based on
System cumulative knowledge pool
• ISO 20000-1 – IT Service Management
• Responsive Support Staff
System
• ISO 22301 – Business Continuity
• Highly Skilled Resources
Management System
• ISO 27017 – ISMS Cloud Security • Mature IT Service Management
• ISO 27018 – Management System for
• Single Point of Contact
Protection of PII in Public Cloud
• PCI DSS – PCI Certified cloud
• SME on demand
framework design
• SOC-1, SOC-2 - Organization wide
• Adherence to Quality and Governance
security Audit process
• SAP Certified for Cloud Hosting, SAP
• Service Level Management
Premium Partner (SAP HEC).
• Expert MSP / Global Gold Partner for
Azure

4.4 Cloud4C SAP Portfolio

Cloud4C has been delivering SAP environments to its customers since 2009 and has been
continuously expanding the service portfolio to provide the latest technology advancements & its
benefits to all Organizations. Cloud4C has also been working with SAP as one of their global premium
suppliers to provide their PaaS offering SAP C “SAP A A nterprise Cloud” to their clients. We
are one of the Top 3 Premium suppliers, delivering SAP HEC with the most expanded service portfolio
comprising of multiple 3rd party products.

Cloud4C has been successfully delivering SAP workloads on cloud (SAP community cloud), a
framework which includes certified system types to run SAP HANA workloads, adequate cloud
security, required backup and resiliency with SLA driven service framework. This framework can be
designed to deliver higher SLA for mission critical enterprise applications to enterprises. Processes &
certifications are the first step in validating our efforts on SAP delivery, where Cloud4C possesses
SAP certifications in Cloud services, Hosting services, HANA operations & SAP Application
Management.

Today Cloud C is serving 3 500 customers across the globe spanning all industry verticals. World’s
best companies have trusted and accredited Cloud4C for the value delivered to their esteemed
organizations.

Cloud4C follows the concepts of vendor agnostic & no technology lock-in, by allowing customers to
leverage newer technology platforms freely. Existing SAP cloud framework can be delivered on not
only Cloud4C PODs, but also on any of the Hyperscale platforms.

Other than SAP certifications, process certifications include ISO 27001, ISO 27017, ISO 27108, ISO
22301, ISO 9001, and SOC-1 & SOC-2.

Page | 13
4.4.1 SAP on Azure
Bring unparalleled performance to your entire SAP estate with Azure. Reliably run and deploy
popular SAP products and solutions within minutes—on a secure, scalable, and enterprise-proven
cloud platform.

Trust a partnership built on decades of experience

In 2017, Microsoft and SAP expanded an alliance lasting more than two decades by enabling
Microsoft to use SAP S4/HANA to enhance financial analysis and SAP to migrate critical SAP
S/4HANA systems to Azure. The result is a joint ecosystem that brings unique insights and rich
product integration to help make the most of running SAP solutions and applications in the cloud—
accelerating your performance, productivity, and innovation with seamless enterprise-class support.

Increase your scale and performance with SAP-certified infrastructure

Get high-performance SAP-certified infrastructure for SAP HANA applications such as SAP
S/4HANA and SAP NetWeaver-based applications such as SAP Business Suite or ECC on AnyDB.
Run your SAP applications with your choice of database, including SAP HANA, SQL Server, Oracle
Database, IBM Db2, and SAP ASE, on your choice of operating system, including Windows, SUSE
Linux, Red Hat Enterprise Linux, and Oracle Linux.

When it comes to running SAP HANA for mission critical SAP deployment, Azure offers the most
scalable platform of any cloud provider. Azure is the only cloud provider that offers single node scale
up configurations up to 24 TB while also offering a cost effective and high performance VM
infrastructure that’s certified for SAP A A.

Page | 14
Page | 15
Enterprises looking to adopt SAP HANA workloads can definitely look forward to Cloud4C who will
provide SAP on Cloud framework on platform of their choice, with assured performance using certified
& purpose-built systems, service assurance by delivering SLA up to application layer & most
importantly, optimized cost propositions.

Page | 16
 4.4.2 SAP Certified Instances on Azure
SAP HANA Applications on Azure
Both Azure and SAP have worked together to certify the Azure platform for the following SAP
Business Solutions.
▪ SAP Business Suite including ERP, CRM, HCM, SRM, PLM, and SCM.
▪ SAP Net weaver ABAP and JAVA Technology Stacks
▪ SAP Hybris
▪ SAP Business Warehouse and BPC on HANA
▪ SAP Business Objects
▪ SAP BW/4 HANA
▪ SAP Business One
SAP Application Mapping with Azure (SAP Notes: 1928533)
The prerequisites mentioned by SAP in SAP Notes 1928533 has been used to ensure full
supportability and optimal performance of SAP systems on Azure
SAP Notes 1928533:
Azure offers Infrastructure services that can be utilized for deployment of the SAP Products. Cloud4C
has shortlisted the following instances which are certified by SAP for running the HANA Production
Environments.
The mapped Azure instance types (server sizes) are supported in 2-tier or 3 –tier configurations and
can be used as application server(s) as well as a pure database server.
The following instances have been mapped to provide SAP Instances to the Azure Certified Instance:

Page | 17
 4.5 Project Execution Team
Summary of the proposed project execution team is mentioned below. Cloud4C will not have any
partnerships or will perform subcontracting to other entities for executing the project scope.

Role Tasks Performed

Cloud4C Program
• Serve as the primary point of contact for the Cloud4C team.
manager
Exp: 15+ years • Make key program decisions, help escalate unresolved problems to
the executive steering committee, and clear program roadblocks.
• Manage and coordinate the overall program and all projects.
• Take responsibility for resource allocation, risk management,
program priorities, and communication with executive management.
• Approve or delegate approval of final deliverables.
• Take responsibility for program momentum and velocity.
• Coordinate the activities of the team to complete deliverables
according to the master program schedule.
• Take responsibility for issue and risk management, weekly status
communication, and the weekly status meeting.
• Shares experiences across similar customers to assist with
completeness of migration playbook planning.
Azure Architect
• Guides Managing of Azure setup inclusive of technical tasks.
Experience: 10+ Years
• Shares experiences across similar customers to assist with
completeness of migration playbook planning.
• Assists with onboarding of the services and inclusion of Customer-
specific tasks for each in-scope migration strategy.
• Supports Pilot phase planning.
SAP Consultants
• Leads onboarding and Managing of SAP setup.
• Demonstrates SAP support functionality.
Experience – 8+ Years • Assists with tooling reviews and demonstrations.

Page | 18
 Role Tasks Performed
Azure networking
• Part time and timeboxed
consultants
Experience – 5+ years • Assist with the design the overall solution.
• Provide guidance based on Cloud4C -recommended practices.
• Perform the Azure Advanced Networking environment assessment,
planning, and build/remediation activities.
• Assists the Customer with network subnet and routing changes
associated with the rapid server migration strategy.
Monitoring Team
• 24*7*365 Remote Monitoring.
• Performs planning activities and informs the process section of the
migration plan.
• Performs unit-based migration activities according to the migration
plan.
• Responsible for support/ monitoring and managing of ongoing
services issues

4.6 Cloud4C SOC Portfolio

We believe that with prevailing complexities and evolving cyber threats, enterprises can no longer
manage their Cyber security postures with islands of security products and myriad of logs generated
from various layers of the enterprise digital ecosystem, dispersed across datacenters and now cloud.
The evolution of the SIEM comes from years of hard experience and adaptation to manifest the role of
the security control, that deals with collection of security information that comes up in the form of logs
and events and managing them from a single interface.

Page | 19
Cloud4C Managed SOC operations

End to End Managed Security services for the customer

Feature of our Managed Security Services includes

• Real-Time Log & Data Collection
• Event Correlation

Performs Event, Risk, Anamoly, Historical Multi device based event correlation in order to
discover any security threats.
• Log management To meet compliance and Audit requirements.
• Compliance - Regulatory compliances ensure that the system is meeting the regulations and
legislations set out by the local governments and banks.
• Threat Intelligence Feeds

Threat intelligence feeds are a continuous stream of threat data such as the IOCs. As the name
suggests, these feeds are to be fed to technologies like SIEM.
• Real-Time Notification & Alerting

IAny event matching to Correlation, administrator and monitoring teams get the real-time
notifications, and alerts as to what should be done to mitigate the cyber threats.
• Prioritization - Helps in prioritizing critical, high , medium, low events based on the logs collected.
• Analytics & AI, Reporting & Dashboards- Leverages artificial intelligence to provide holistic view
of the logs and analytics on dashboards and facilitates for reporting.
• Historical correlation- With the help of the historical correlation, we assist enterprises to analyze
the logs and data of the past events.
• Automated Response - It is predesigned program by the SIEM solution to provide an automatic
response for all the incoming messages that minimizes human intervention.
• Advanced Analytics – Sentinel solution Provides big data security with the help of user behavior
and user analytics that will help enterprises to detect the threats both internally and externally.
• Data Examination

Page | 20
 • Enterprises can now examine the data more diligently with the help of SIEM security to ensure
military grade security around their workloads.
• Data Obfuscation
• With data obfuscation profile, all the data would be masked by the system so that no one else
can see the data.
• Risk Manager – Cloud4C helps the enterprises to configure the firewalls, switches, routers, and
third-party sources that will be helpful in identifying security and compliance risks.
• Incident Forensics - Cloud4C helps to trace back to the attacks through a systematic step-by-
step process within a short span of time.
• Data Retention for Compliance Requirements – We suggest Enterprise to decide as to how long
the data can be retained in the system, which is crucial in forensics.
• Opensource & inhouse application log integration
• Log data can be collected and integrated from various opensource application that will help
enterprises to have single -pane of dashboard for monitoring and alerting.
• Advanced threat intelligence
• Vulnerability scanning
• Vulnerability Assessment and Penetration testing – One time activity
• Security Governance
• Cyber Threat Intelligence

Business Benefits:
• Increased Visibility
Enhance your incident reports and improve your investigations using security and non-security data
collected from across your organizational infrastructure.
• Greater Context
Cloud C’s team collects and prioriti es threat intelligence from multiple data points to help with
security investigations.
• Higher Efficiency
Cloud C’s team collects and prioriti es threat intelligence from multiple data points to help with
Improve security operations and streamline investigations by using ad-hoc searches in addition to
static, dynamic and visual correlations.

Support Capabilities

Support Area Capability

Security Events Detection by Customer Security Controls √
Security Events Detection by Security Correlation Rules √
Initial Incident Identification & Analysis √
Initial Incident Investigation, Triage and Classification √
Incident Notification and Escalation √
Initial Incident Containment recommendations √
Recurrent Incident Mitigation Strategy recommendation √
Escalated Incident Response & Investigation √
Escalated Incident Forensic Analysis (IR & Forensics Investigation) √
Post-mortem Analysis (within the determined retainer period) √

Page | 21
 5 Understanding of Solution Requirement
Cloud4C will manage the entire Migration Project for SAP and NON-SAP. The landscape will include
the Production, Pre-production Testing and Development instances along with the DR. Cloud4C team
will also manage the hosting platform also. And will also fulfill the below set of expectations from a
managed service provider

• Assessment & Migration blueprint for SAP and Non- SAP environment
• Sizing and defining architecture on target Azure cloud.
• Create Blueprint consisting of Migration approach, methodology and plan
• Deploy Landing Zone in target cloud environment
• Migration of SAP landscape to compatible SAP versions, Operating System and
database to Cloud ( Azure) by leveraging SAP Activate Methodology for SAP
• Setup and configuration of High Availability and Disaster recovery for identified
Production Landscapes.
• Phase wise Migration of the identified workloads to Target Cloud Environment with
minimal disruption
• Testing and Cut over from source
• Ongoing Managed Services support
• Cloud Training Program for ADC Team

Page | 22
 6 Proposed Solution

6.1 Proposed Architecture & Design

DC Region UAE North

Security Monitor
Centre
Azure
Bastion

Azure Azure Key

Sentinel Vault
Ga teway Subne t
Fortinet FW Web Dispatcher And Cloud
Bastion Azure
On-Premises Network Connector DMZ SAP Router Commvault Server Subnet Azure Service Automation
Log Analytics

vne t vne t
peering peering

Dev Env QAS Env Prod Env

SAP

ECC SUI TE BW HANA DB Syb as e DB ECC Suite BW HANA DB Syb as e DB ECC SUI TE ECC SUI TE HANA D B HANA DB

Availability set Availability set

BO Buil der Serv er M ax DB Syb as e DB BO Buil der Serv er M ax Db Syb as e DB BW BW Syb as e DB Syb as e DB

Availability set Availability set

APP Subne t DB Subne t APP Subne t DB Subne t APP Subne t DB Subne t

Dev/QA Env Prod Env

Traffic Manager

NON SAP
APP 1 APP 2 SQL DB SQL D B SQL DB
APP 1

Availability set Availability set

APP APP SQL DB SQL DB APP 2 SQL DB

Availability set Availability set

APP Subne t DB Subne t APP Subne t DB Subne t

DR Region
UA E Centeral

Security Monitor
Centre

Azure
Bastion
Azure Azure Key
Fortinet FW Sentinel Vault

Web Dispatcher Cloud Bastion

SAP Router Azure
Conector Subnet Azure Service Automation
Log Analytics

vne t pee ring

vne t pee ring

SAP-Prod NON SAP-Prod

ECC SUI TE ECC SUI TE HANA DB HANA DB

APP 1 SQL D B

Availability set Availability set Availability set Availability set

BW BW Syb as e DB Syb as e DB
APP 2 SQL DB
Availability set Availability set Availability set Availability set
APP Subne t DB Subne t APP Subne t DB Subne t

Page | 23
Architecture Overview

• SAP System environment includes – Production, Quality, Development & DR

• Azure DC location will be UAE North
• Azure DR location will be UAE Central
• Separate subscriptions for each Tier.
• All the naming conventions for resources are created as per the Microsoft CAF.
• HUB & SPOKE model is proposed with proper segregation of traffic between V T’s. 3rd Party
VA’s li e FortiGate/Fortinet Active/Standby has been considered at perimeter layer security
with High available solution.
• Site to Site VPN has been considered for On-Premises connectivity from Azure.
• Standard DDoS protection has been considered as all the applications/services are Internet
facing.
• Azure L4 Load balancers are considered for Network load balancing for servers.
• A network security group (NSG) to filter inbound traffic to, and outbound traffic from, a virtual
machine (VM)
• Any communication request should be sent to the Customer team to allow the rules at the
Firewall end between classified subnets and two different environments.
• Any Outbound communication to Internet should be via the firewall.
• VNet is deployed in the default Resource Group and read-only access is provided to it.
• Public IPs are used for FortiGate firewall and SAP router in this environment.
• Tags for virtual machines are in place for ease of identification.

Backup solution

Here for this project considering the multiple workload we have proposed Commvault as a backup
solution

Page | 24
 6.2 Solution Technical Specification
The solution proposed is to be executed in multiple phases. Primarily the project will be divided into 2
sections:

Initialization: This would include Phase – 0 i.e.

- Engagement & Mobilization of Resources
- Discovery & Assessment of the workloads in scope for Migration.
- PoC on the Hyperscale to validate the required performances of the Applications & Databases.

Execution: This would include Phase – 1 & Phase – 2 i.e.

- Lift & Shift Migration as per agreed Migration Methodology, approach & Plan.
- Testing & Validation of the Migrated Workloads.
- On-boarding of workloads to 24*7 Managed Services
- Resizing of the environment (as and when applicable).

Project Phases
Phase 0: - Assessment
- PoC as per ADC objectives
Phase 1: - Lift & Shift Migration as per Migration Plan (SAP & Non-SAP)
- SOC Services Setup
- Managed Services for Phase 1.
Phase 2: - ECC to S4 Conversion – (Not a part of current technical response)
- Resizing of environment for conversion if required
Phase 3: - App & DB Modernization – (Approach and Methodology)

SLA Proposed: Availability

99.9% or more for Production
95.0% for Non-Prod
RTO & RPO:
Near Zero RPO and 3 to 4 Hours RPO

6.3 Engagement Methodology, Approach & Deliverables

Cloud4C Cloud Adoption Framework

Cloud4C execution strategy incorporates proven and leading industry methodologies, experienced
personnel, and a highly responsive approach to managing deliverables.
Below is the strategy how project will be developed and deployed with a proposed timeline of events,
and reasons for why we suggest developing the project as described.

The below flow illustrates the Cloud4C high-level engagement model

Page | 25
Coud4C – Assessment & Migration Approach
Below is a high-level workflow of workload engagement & workload assessment. Cloud4C will work with
customer key stakeholders & define the outcomes based on business motivation and objective.

Stage 1 Discovery and Assessment

Page | 26
Discovery

Assessment

Stage 2 Migration and Blueprint

Page | 27
 *

Analysis and Blueprint

Page | 28
Secure Landing Zone Setup

Landing Zone Readiness

Page | 29
 6.4 Scope of work, required technology, and tools used for migration
Cloud4C has prepared the scope of work document based on the information provided in the RFP and
the subsequent responses to the clarification questions. Cloud4C with its global expertise of migrating
and providing managed SAP and Azure Platform and NON-SAP system services solutions shall provide
reliable, accountable, and trusted to manage the ADC diverse infrastructure that will be hosted Azure
cloud environment. The environment will be proactively monitored and managed - 24/7/365.

For Cloud4C, the scope is to migrate and manage the SAP and SAP environment on Azure landscape–
for the ADC environment using A ure’s native solution and third-party technology as applicable.
Provision of ITSM solution for service management

At a high level, the proposed solution includes for ADC Setup

• Discovery & Assessment

o Assessment of Infrastructure including SAP Landscape
o Assessment of Network, Security, Business Continuity and Compliances
Requirement
• Blueprinting
o Prepare migration approach and methodology
o Prepare Migration Project Plan
o Landing Zone Design
• Landing Zone Build/Review
o Landing Zone Build as per design or perform review of existing landing
zone for enhancement required to onboard the new environment as
spoke
• SAP and NON-SAP Workload Migration
o Migration of Workload - SAP and NON SAP Landscape
o Setup of DR for the identified production workload on Azure
Scope o Setup of VM and setup replication using ASR for application instances
o Setup HANA Replication using HANA System Recovery
o setup of DB replication using ASR or DB native tools
o Setup of VM and Migration using ASR for application instances
o Create VM with necessary OS version and patch level for DB VM
o Migration of Databases using native tools
o Implementation of Security Tools and Compliance Control using Azure
native tools (If required)
o Enforcing Azure Policies and Azure Blueprints
o Setup Monitoring configuration
o Setup Backup Configuration
o Verification and Testing
o Preparation of Azure runbook
• Hyper care Support
• Managed Services
o 24 x 7 managed services for SAP and Migrated infrastructure on Azure
Cloud including the tools and processes to manage the environment.

Page | 30
 o Level 1 Monitoring Support, Level 2 & level 3 management & admin
support
o SAP Basis Support
o Azure platform Support
o Operating System Administration
o Database Administration
o Backup Administration
o Disaster Recovery Management
o Co-ordination with Microsoft, for Level 3 / 4 Support for issue resolution.
o Program Governance and Management

• Requirement analysis and Migration approach Plan

• Detailed Design Document
• Documented ADC Cloud Adoption Plan Document covering the
deployment scope
o Preparation of SAP and NON-SAP environment on Azure
o Migration of SAP and NON SAP Environment as per design
Deliverables o Deployment of application server as per design
o DB Replication using native tools
o Business continuity plan and methodology which includes
▪ Backup with Commvault Backup.
• System testing and UAT.
• Knowledge Transfer to Customer Support team.
• User handover of project with runbook on Azure

Dependencies • Current client environment firewall rules, S2S, P2P VPN tunnels details
• Network layout design of current deployments (If connectivity required)
• Access to existing SAP HEC Environment for the import of data to Azure.

• Assessment and Blueprinting

• Landing zone Build
• Migration of SAP and NON-SAP system to Azure cloud (As per BOQ)
• Applications\Database Inventory.
• Infrastructure Inventory.
• Cloud Candidates Workloads Ready for CLOUD PROVIDER Cloud.
• Target Infrastructure Size for the Workloads Migration.
• Identify the Cloud Migration Candidates
• Define the migration Type for the Cloud Candidates.
Exit Criteria • Migration Plan for CLOUD PROVIDER Cloud.
• Identify the low Hanging Applications for CLOUD PROVIDER Migration.
• Workloads Segregation.
• Replication and Cutover of Servers on CLOUD PROVIDER.
• Migrate Runbook.
• Post Migration Stabilization.
• DR Landing Zone Build.
• Setup DR Replication.
• Post DR Replication Stabilization.
• Ongoing Managed Services Support

6.5 Current state assessment approach

Page | 31
As Per section 5.3

6.6 Readiness Planning (Pre-reqs, target state design)

Azure Cloud Migration Approach

Cloud4C will work in partnership with Customer on a three-phase Prepare, Pilot, and Migrate program
as illustrated in the following diagram. The purple Customer deliverable acceptance gate boxes
indicate Customer-controlled approval gates that require acceptance per the deliverable acceptance
process.
The Prepare phase will consist of a series of workshops that will be used to align on an end-to-end
process combining technical and business activities, tooling, and automation required for a successful
migration program. This phase will end with a pilot-ready Version 0.1 of the Azure Migration Playbook,
the initial migration catalog of discovered assets, and the baseline velocity plan.
The Ready phase will consist of Azure platform readiness will be performed and Azure Landing zone
will be deployed and required compliance controls will be established.
The Pilot phase will consist of taking a set of selected applications and working through the migration
playbook. Feedback will be used by Customer and Cloud4C to jointly review and agree on upgrades to
the migration playbook. This phase will end with a revised and migration-ready Version 1.0 of the
migration playbook.
The Migrate phase will consist of implementing the defined migration playbook across applications and
business units at scale to achieve velocity in the migration program. This phase may lead to identified
improvements that will be reviewed and added to the migration playbook via a defined governance
process. During this phase, scale velocity migration teams may be added, based upon application
backlog, to the limits defined in the Work Order.

During the three-phases, Cloud4C will use a change management approach that focuses on
encouraging application owners to adopt new behaviors to engage with the Application Migration
program, helping the Customer achieve return on investment at the velocity define in this work order.
Cloud4C will produce evidence that the new ways of working by application owners positively
influence the desired business outcomes of the overall program. In addition, Cloud4C will help the
customer develop the ability to drive behavioral changes and measure potential benefits on their own
after the program concludes.
An iterative approach will be followed in the Migration phase covering the Assessment, Planning and
Migration

Prepare Phase

Page | 32
During the Prepare phase, the focus will be on the discovery & Assessment activities and the
preparation of the Azure Migration Playbook following activities will be performed

Category Description

Program planning:
Cloud4C
❖ Establish the core team and lead kickoff meeting.
activities
❖ Lead program initiation workshops.
❖ Work with the Customer to understand and document a key stakeholder relationship
map and stakeholder matrix.
❖ Develop Pilot and Migrate plans including business unit or application team onboarding
processes and communications.
❖ Establish a program management plan, including a schedule and financial, quality,
deliverable, and communication plans.
❖ Establish the baseline velocity plan.
Azure Migration Playbook planning:
❖ Lead technical envisioning workshops.
❖ Support tooling reviews and align on migration process.
❖ Update the migration playbook template to include Customer-specific processes.
Azure Advanced Networking (Environment):
❖ Host network assessment workshop to review in-scope source datacenters, destination
A ure regions xpressRoute’s tied to ones etwor Virtual Appliance architectures
and Carrier Hotel architectures/locations, inclusive of hardware recommendation.
❖ Develop Azure Advanced Networking plan.
Build Azure Landing Zone Blueprint for ready phase
Initial discovery:
❖ Collect data, including server, database, and application inventory data using available
tools and Customer Configuration Management Database (CMDB) data.
❖ Prepare the Azure Migration Catalog and upload initial inventory data.

Program planning:
Customer
❖ Attend the kickoff meeting and planning workshops.
activities
❖ Define the onboarding process for the team including remote access.
❖ Assist with Pilot and Migrate plans including business unit or application team
onboarding processes and communications.
❖ Provide input into the baseline velocity plan.
Azure Migration Playbook planning:
❖ Attend the technical envisioning workshops.
❖ Facilitate any necessary communication or information in preparation for requests that
might result from information-gathering exercises.
❖ Prepare Customer-provided environments.
❖ Provide a point of contact for each location or time zone that is in scope for delivery.
Azure Advanced Networking (environment):
❖ Attend network assessment workshop and respond to requests for initial network data
collection.
❖ Review deliverables at the end of the assessment and planning phase.
❖ Provide technical information required for Cloud4Cteam to be able to complete the build
and remediation activities.
❖ Verify Cloud4C team has adequate permissions to allow for deployment and
configuration within the customer environment.
❖ Make decisions where options are presented.
❖ Complete necessary submissions and approvals for change management.
❖ End-user and stake holder communication as deemed necessary as part of the change
management process.
❖ Make sure that the Cloud4C team has access to source/target environments.
❖ Define maintenance window for the cutover.
❖ Perform production cutover and rollback, if necessary.
Initial discovery:
❖ Resolve problems when servers cannot be reached for inventory.
❖ Ensure all the tools pre-requisites are provided accordingly.

Page | 33
 Category Description

❖ The program plan has been accepted.

Exit criteria
❖ The migration playbook has been accepted.
❖ The baseline velocity plan has been accepted.
❖ The Customer will coordinate the use of tools with internal security teams; this includes
Key
providing required permissions.
assumptions

Ready Phase

During the ready phase, the focus will be on the Landing zone deployment activities and the
preparation of the Azure Migration readiness the following activities will be performed.

• Landing Zone Preparation on Azure

Cloud4C o Landing Zone Preparation & Blueprint
activities ▪ Azure Tenant -> Management Group -> Subscription -> Resource
Group
▪ Azure Admin users [Azure AD P2 PIM, MFA, Just-in-time-access
▪ Bastian Host
▪ Azure Policy Deployment
• Resource Group, Resource Lock, Resource Tag
• Network & Security [VNet, Peering Policy, UDR, NSG,
Application GW, WAF, ER SKU]
• Compute & Storage [Allowed SKU, Images, placement group,
Scale Set audits approved dis ’s & si e encryption policy
access policy]
• Security & Monitoring
• Azure Blueprints – Standard / Custom
o Landing Zone Build
▪ Azure Resource Group
▪ Azure AD / DNS
▪ Azure Network [Hub / Spoke]
▪ Azure Compute & Storage accounts
▪ Azure Bastion Host
▪ VM Placement Groups / Scale Set
▪ Azure Monitor
▪ Network watcher
▪ Backup and Disaster Recovery
o Landing Zone Security
▪ Azure NSG / Azure FW or 3rd Party NVA with traffic rules
▪ Azure AG with WAF or 3rd Party AG with WAF
▪ Azure VPN or VPN on NVA
▪ Azure DDoS subscription
▪ Azure Disk Encryption
▪ WAF rules – OWASP top 10 or custom
▪ Microsoft Defender for Cloud
• Assessment & Security recommendation
• Secure Score
• Just in time access
• Adaptive Application Control
• Regulatory compliance dashboard and report – only infra
layer
• Threat protection / DR for VM’s
• Threat protection for PaaS services
▪ Azure Sentinel – Default with limited scope on building the connector,
playbook, reporting and alerting
• Security Tools & Compliance control mapping on Azure
• Business continuity plan and methodology
o Backup

Page | 34
 o Disaster Recovery
• Deploy Azure Migrate/ASR replication appliance
Customer • Current environment landscape details
activities • Changes required on Customer DC for the setup
• Current client environment security posture (Firewall Rules, VPN, Security tools,
Compliance control mapping)
• Network layout design of current deployments
• In case if VM’s with dependencies readiness state there might be need to discuss
with application vendor / application developers / client IT team to make a plan for OS
update, DB update or application update
Exit criteria
• Landing zone is ready with the required controls
• The migration Project has been created.
• The baseline velocity plan has been accepted.

Pilot and Migrate Phase

The Pilot and Migrate phases include the same general approach with a key difference around velocity
and scale potential.
• During the Pilot phase, Azure Migration Factory will be initiated, and the onboarding of remaining
primary velocity migration team members and the migration factory will be activated. Scale velocity
migration teams will not be activated; the key outcome of the Pilot phase is to prepare the
migration-ready release of the migration playbook to support at-scale migrations.
• During the Migrate phase, the same approach as the Pilot phase will be repeated, with the ability
to scale to multiple applications in parallel with the migration-ready release of the migration
playbook. During the Migrate phase, Cloud4C will recommend when to increase or decrease scale
velocity migration team count (up to the limits defined in the Work Order) based upon migration
backlog and forecasting for the following months.
• The candidates that will be considered for the Pilot and Migration will follow the below criteria:
o Legacy systems (Windows 2003 and Windows 2008) with a 10-20% failure acceptance
o Candidates for Rapid Subnet Migration
o Applications with least dependencies
o Loosely coupled applications
o Applications with lower business criticality and progress as the playbook is mastered.
• In case of migration failure due technical issues, the workload is moved to a later wave and the
root cause analysis will be handled by the CoE team, another workload is taken instead.

Category Description

Cloud4C Additional discovery:

activities
• Collect data, including server, database, and application inventory data using available
tools and Customer Configuration Management Database (CMDB) data.
• Upload inventory data into the Azure Migration Catalog.
Rapid Server Migration assessment:
• Conduct the rapid server migration assessment workshop.
• Perform initial target environment virtual machine sizing.
• Complete the migration strategy assignments.
Application Migration assessment:
• Complete application support team interviews through email or by phone to identify
application collections and dependencies.
• Define applications as identified by the Customer; Service Map can be used to assist
with this process.

Page | 35
Category Description

• Collect application server assignments from the existing change management

database, when available.
• Perform initial target environment virtual machine sizing.
• Complete the migration strategy assignments.
Rapid Server Migration planning and migration
• Define the high-level process that includes premigration, migration, and UAT/post-
migration activities for the subnet or server group.
• Define tooling selection based upon server OS versions and desired outcomes.
• Install and validate tooling functionality within source/target environment.
• Define any operating system or Microsoft SQL Server automated upgrades.
• Define any environmental post-migration script-based automation to be injected into
the migration.
• Define any Azure IaaS management configuration to be applied to migrated servers.
• For subnet migration, identify servers that are not supported by tooling and
recommended for evacuation prior to subnet cutover.
• For subnet migration, coordinate subnet cutover plan with Customer.
• Coordinate the migration activities including premigration, migration, and UAT/post-
migration activities for the subnet or server group.
• Perform migration activities using selected tooling.
• For subnet migration, perform cutover activities in coordination with Customer.
• Perform Azure native management configuration following Customer standards.
Application Migration planning and migration
• Define the high-level process that includes premigration/pre-UAT, migration, and
UAT/post-migration activities for the application.
• Conduct deeper application support team and administrator interviews, as needed.
• Define tooling selection based upon server OS versions and desired outcomes.
• Install and validate tooling functionality within source/target environments.
• Define any operating system or Microsoft SQL Server automated upgrades.
• Define any post-migration script-based automation to be injected into the migration.
• Define any Azure native management configuration to be applied to migrated servers.
• Perform database migration planning, if required.
• Collect pre-UAT/UAT test plan from application support team.
• Document the application migration plan.
• Perform final architecture and migration plan review with Customer.
• Coordinate the migration activities including premigration/pre-UAT, migration, and
UAT/post-migration activities for the application.
• Perform migration activities using selected tooling following application migration plan.
• Perform database migration, if included in application migration plan.
• Perform Azure native management configuration following Customer standards.
Supporting Services
• As requested, perform supporting services independent of migration strategy
assignment in support of a Customer-led migration or a separately scoped application
modernization workstream.
Azure Migration Playbook Update
• Review and recommend updates to the migration playbook.
Customer Additional discovery:
activities
• Prepare Customer-provided environments.
• Provide a point of contact for each location or time zone that is in scope for delivery.
• Resolve problems when servers cannot be reached for inventory.
Rapid Server Migration assessment:
• Attend the rapid server migration assessment workshop.

Page | 36
Category Description

• Identify target subnets and server groups for rapid server migration.
• Approve migration strategy assignments.
Application Migration assessment:
• Provide a list of applications and associated servers/databases, if known. If not known,
this will affect the Migration phase velocity and overall timeline.
• Identify application owners/support teams and provide initial application information.
• Provide technical artifacts such as an architectural diagram and any documentation.
• Provide access to application stakeholders such as architects, developers, and
administrators for assessment interviews.
• Respond to requests for initial data collection.
• Provide access to an existing configuration management database solution if one
exists.
• Deploy agents, if required by assessment tools.
• Approve migration strategy assignments.
Rapid Server Migration planning and migration
• Provide access to all servers in subnet or server group.
• Make decisions within 3 business days when migration options are presented.
• Approve tooling selection based upon server OS versions and desired outcomes.
• Present any environmental post-migration script-based automation to be injected into
the migration.
• Prepare and share UAT test plan with Cloud4C.
• For subnet migration, evacuate out of scope workloads on a subnet prior to subnet
cutover.
• Coordinate cutover plan with Cloud4C.
• Complete necessary change management submissions and approvals.
• Make sure network connectivity exists between existing systems and servers that are
to be migrated.
• Perform user and stakeholder communication as deemed necessary as part of the
change management process.
• Verify that the Cloud4C team has access to source and target environments.
• Manage, monitor, and back up the target environment following receipt of the UAT
acceptance form.
• Perform application-level troubleshooting, if necessary.
• Perform UAT and report UAT results to Cloud4C. UAT must occur during the post-
migration support timeline.
• Perform client, storage, supporting server, DNS, load-balancer, and network side
configurations and changes.
• Perform source server decommissioning.
Application Migration planning and migration
• Provide access to all servers and databases in application.
• Provide access to application support teams for planning and respond to interview
requests through email and phone within 3 business days.
• Make decisions within 3 business days when migration options are presented.
• Approve tooling selection based upon server OS versions and desired outcomes.
• Present any post-migration script-based automation to be injected into the migration.
• Prepare and share pre-UAT/UAT test plan with Cloud4C.
• Perform final architecture and migration plan review with Cloud4C.
• Complete necessary change management submissions and approvals.
• Make sure network connectivity exists between existing systems and servers that are
to be migrated.
• Perform user and stakeholder communication as deemed necessary as part of the
change management process.
• Verify that the Cloud4C team has access to source and target environments.

Page | 37
Category Description

• Manage, monitor, and back up the target environment following receipt of the UAT
acceptance form.
• Upon request, support application-level troubleshooting.
• Perform UAT and report UAT results to Cloud4C. UAT must occur during the post-
migration support timeline.
• Perform client, storage, supporting server, DNS, load-balancer, and network side
configurations and changes.
• Perform source server decommissioning.
Supporting Services
• If desired, document supporting services requests in support of a Customer-led
migration.
• Provide access to all servers and databases requested as part of supporting service.
• Provide access to application support teams for planning and respond to interview
requests through email and phone within 3 business days.
• Make decisions within 3 business days when migration options are presented.
• Review and approve deliverables.
• Complete necessary change management submissions and approvals.
• Make sure network connectivity exists between existing systems and servers that are
to be migrated.
• Perform user and stakeholder communication as deemed necessary as part of the
change management process.
• Verify that the Cloud4C team has access to source and target environments.
• Manage, monitor, and back up the target environment following receipt of the UAT
acceptance form.
• Upon request, support application-level troubleshooting.
• Perform UAT and report UAT results to Cloud4C. UAT must occur during the post-
migration support timeline.
• Perform client, storage, supporting server, DNS, load-balancer, and network side
configurations and changes.
• Define the maintenance window for the cutover.
• Perform production cutover and rollback, if necessary.
Azure Migration Playbook Update
• Review and approve recommended updates to the migration playbook.
Exit criteria Rapid server migration assessment:
(per iteration)
• Initial Azure server sizing has been completed.
• The Rapid Server Migration assessment has been completed and migration strategy
approved by the Customer or referred for Application Migration assessment.
• Customer has accepted the Rapid Server Migration assessment report.
Application migration assessment:
• The application has been defined in Azure appropriate migration strategy template
from the migration playbook.
• Initial Azure application sizing has been completed.
• Customer has accepted the application assessment report.
Rapid Server Migration
• Customer has accepted the UAT.
• The post-migration support window has expired.
Application Migration
• The pre-UAT/UAT test plan has been shared with Cloud4C.
• Customer has accepted the Application Migration plan.

Page | 38
 Category Description

• Cloud4C must obtain UAT Acceptance from the owning application team that they
have successfully run their documented UAT test and they are ready to transition to
operations.
• The post-migration support window has expired.
Supporting Services
• Customer has accepted the Application Migration plan.
• UAT has been completed and the post-migration support window has expired.
Azure Migration Playbook Update
• Customer has accepted the updated migration playbook.

Key
assumptions • The Customer will coordinate the use of tools with internal security teams; this includes
providing required permissions.
• Source and target environments—virtual or physical—are healthy.
• Migration factory resources assigned to perform migration activities have required
permissions.
• Sufficient network bandwidth is available between source and target environments.
Generally, this is at least 5Gbps for Rapid Server Migration and 1Gbps for all other
migration strategies. Insufficient network bandwidth might result in reduced migration
velocity.
• Maintenance windows exist for cutover activities.
• Any administration, management, or configuration changes after the production
cutover must be performed by the Customer.
• Cloud4C will execute the agreed to Application Migration Plan, following standard
Customer planning and change management procedures. Should the migration fail,
the rollback plan will be implemented as defined in the Application Migration Plan.
Following the post migration support period, Cloud4C will provide Customer with a list
of vacated assets that can be decommissioned.
• For application reinstallation, application installation media should be provided to the
Cloud4C migration factory for migration planning and is compatible with target
workloads.

6.7 Migration and Cutover Planning & Scheduling

During the migration process, software tools replicate virtual machines, applications, and data on Azure.
At this time, you might also decide to containerize existing applications to make them migration ready.
Once targeted virtual machines, applications, and data are migrated, optimization can begin.

Page | 39
The Environment Migration will be conducted into batches based on dependencies and availability of
the application owners the plan prepared.
All the stages from assessment to post migration activities will be covered under the Cloud4C Migration
Plan.

All the above stated steps in order are described below: -

1. Pre-Migration Activities: - This is the planning phase after the assessment. In this phase,
assessment outcomes were studied and Cloud4C will provide recommended appropriate tools
for migration based on the assessment reports.
2. Migration (Repeated Weekly): - After planning, actual migration tasks are carried out weekly
as whole migration is done in weekly batches so that DUBAI HOLDING Daily tasks are not
affected. These tasks are sub-divided as –
a. Foundation: - In this phase, migration tools decided in heavy assessment will be
deployed in DUBAI HOLDING environment. Checks will be performed on the tool to
ensure its proper functioning. This is a one-time task

Page | 40
 b. Replication Prep: - In this phase, preparations for replication process will be carried out
like ensuring VM availability, connectivity etc.
c. Replication: - In this phase, actual replication will be carried out. On-prem machines to
be migrated will be duplicated to Azure
d. Validation: - In this phase, various checks will be carried out on the duplicated Azure VM
to ensure that it functions as expected. If any anomaly happens, Cloud4C will take
necessary steps
e. Cutover: - In this phase, control will be transferred to validated Azure VMs while on-prem
servers will be shut down. This usually will happen with consent of DUBAI HOLDING in
the non-working or agreed hours (of DUBAI HOLDING)
f. Post-Migration: - In this phase, monitoring will be done on the functioning of Azure VMs
for a while to ensure smooth ascent to cloud
g. Rollback: - In this phase, if any of the VMs malfunctions during the monitoring phase,
Cloud4C will transfer the control back to on-prem for a while as Cloud4C takes care of
the issue
3. Post Migration Activities: - After migration, Cloud4C will provide following services
i. Post cutover White Glove Support
ii. On Prem Decommission
Workload Assessment & Migration Blueprint - Migration RACI
Services Cloud4C ADC Microsoft
Engagement and Planning
Discovery workshop for CAF based assessment and workload
R A, C C, I
migration
Implement Microsoft azure tools in customer environment
- Implement VM for running Azure Migrate Service in
customer environment
R A, C C, I
- Install dependency visualization: Microsoft monitoring
agents, dependency agent, log analytics for machines with no
internet connection
Run assessment of VMware, Hyper-V, Physical Server based
R A, C C, I
workload
Run assessment of MySQL, PostgreSQL & Oracle DB based
R A, C C, I
workload (Manual)

Run application Assessment for modernization R A, C C, I

Assessment of security controls and tools deployed in current

R A, C C, I
environment

Prepare infrastructure security assessment report with security

R, A C, I C, I
tool mapping on Azure (Azure Native Security Tools)

Identify new security tools (for to be state) R, A C, I C, I

Assess the current firewall rules and prepare the NSG rules for
R A, C C, I
Azure & other firewall / networking NVA rules on Azure

Plan for ExpressRoute, S2S and P2S VPN configuration R A, C C, I

Page | 41
Understanding of client backup policy and plan for backup on
R A, C C, I
Azure
Planning for monitoring parameters, resource tag naming
R A, C C, I
convention & automation.
Identify tools for migration (Default Azure Migration Tool) R, A C, I C, I
Prepare migration approach and TCO R, A C, I C, I
Preparing Migration Blueprint
Migration Blueprint Document (As per deliverables agreed)
- Infrastructure as is and to be report
- Landing Zone Design
- Network (FW, VNET, ER, VPN GW, LB, DDoS)
- Security Tools Mapping
R, A C, I C, I
- Compliance Control Mapping
- Monitoring & Automation
- Migration Approach and Methodology
- Backup and DR Plan
Migration approach and tools
Preparing for Azure Landing Zone & Creation on Landing
Zone
Landing Zone Preparation & Initialization
Create Azure Tenant / Admin Users / Subscription under CSP /
R A, C C, I
EA
Create Azure Portal Users with administrator rights / RBAC on
R A, C C, I
Azure
Create Resource Group with specific resource policy R, A C, I C, I
Deployment of Azure Policy and Configuration as per
organisation SOP
• Resource Group Resource Loc Resource Tag
• etwor & Security [Vnet Peering Policy DR SG
Application GW, WAF, ER SKU]
R,A C,I C,I
• Compute & Storage [Allowed S Images placement group,
Scale Set audits approved dis ’s & si e encryption policy
access policy]
• Security & Monitoring
• A ure lueprints – Standard / Custom
Landing Zone Build
Integrate on premise AD with Azure (If required) as per client
R A, C C, I
access policy (pass thru authentication)
Network
Create Virtual Network Space with CIDR Block (Region
R, A C, I C, I
Specific)
Create Address Space (to be non-conflicting with customer
R, A C, I C, I
range if any)
Create Subnet with IP assignment schema R, A C, I C, I
Create NSG and configure traffic in/out policy R, A C, I C, I

Page | 42
Implement networking gears - NVA or Azure Firewall at Azure
R, A C, I C, I
subscription perimeter and define network routing policy

Configure VNET Peering R, A C, I C, I

Implement S2S VPN connectivity on NVA or Azure VPNGW R, A C, I C, I

Configure express route circuit on Azure (Customer to procure

R A, C, I C, I
ER link)
Deploy LB / WAF from marketplace or on Azure Application
R, A C, I C, I
GW
Compute and Storage
Create Storage Account R, A C, I C, I
Monitoring
Configure Azure Monitor R, A C, I C, I
Configure Azure Network Watcher R,A C,I C,I
Configure Azure log analytics space R,A C,I C,I
Business Continuity
Planning for Backup and Replication Methodology R, A C, I C, I
Security
Configure firewall / other networking gears - NVA R, A C, I C, I
Configure rules on LB and WAF [Azure or NVA] R, A C, I C, I
Configure DDoS Protection on Azure if opted R,A C,I C,I
Configure disk encryption policy - Key Vault R,A C,I C,I
Configure WAF rules - OWASP top 10 R,A C,I C,I
Configure Azure Security Center R,A C,I C,I
Configure Azure ATP R,A C,I C,I
Configure Sentinel with agreed scope R,A C,I C,I

Page | 43
 6.8 Integration with OnPrem systems
Azure VNet can integrate on-premises networks through private network connections between the on-
premises network and the Azure Cloud Environment.
The following graphic and subsequent descriptions explain the different ways to connect an on-
premises network with the Azure virtual network:

• Point-to-site VPN: this type of connectivity helps establish the connection between a single
PC and a VNet with changes to the existing network. It can be used to provide encrypted
communications between a client and the VNet via the internet. Secure Socket Tunnelling
Protocol (SSTP) is used in establishing encrypted communication for this connectivity. The
VPN device is not required to implement point-to-site connectivity, but it requires the Azure
VPN gateway at the on-premises side.

• Site-to-site VPN: In this type, the connection is established between the VPN devices and the
Azure VPN Gateway. This type of connection provides VNet access to any on-premises
resource via the internet. It uses an IPSec VPN to establish secure communication between
on-premises resources and the Azure VNet gateway via the internet. A VPN device is required
on-premises to establish site-to-site connection.

• Azure ExpressRoute: Unlike point-to-site and site-to-site VPNs where the connection is over
the internet, Azure ExpressRoute is used to set up a direct private connection between an on-
premises network and a VNet. Compared with similar connectivity options, this type of
connectivity is secure, reliable, and fast, as the traffic traverses through a private network and
not the internet.

Page | 44
 6.9 Compute, Storage, Network Designs

DC Mapping
Env VM Name SAP Module DB To be OS No of vRA vHDD DB Total Azure Instance Type
Cores M GB Storage Storage
DEV SAP HANA DB Appliance HDB Server HANA SLES 11 SP 4 40 / 2 384 5000 300 5300 E48ds_v4(48 vcpu 384 GB Memory)
DEV SAP ECC - Suite On Hana CI+APP Server HANA SLES 15 SP 1 3 24 220 230 450 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV SAP BW On Hana CI+APP Server HANA SLES 12 SP 4 2 24 250 25 275 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV / QAS Enterprise Portal CI+APP+DB Server ASE SLES 15 SP 1 2 24 200 70 270 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV / QAS Content Server CS Server+Webdispatcher MaxDB SLES 15 SP 1 2 8 200 100 300 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV SAP Fiori Netweaver Gateway CI+APP+DB Server ASE SLES 15 SP 1 1 8 300 50 350 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
QAS SAP HANA DB Appliance HDB Server HANA SLES 11 SP 4 40 / 2 512 5000 400 5400 M64ls (64 vCPU 512 GB Memory) SAPS 66600
QAS SAP ECC - Suite On Hana CI+APP Server HANA SLES 15 SP 1 4 32 220 220 440 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
QAS SAP BW On Hana CI+APP Server HANA SLES 12 SP 4 2 24 250 25 275 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
QAS SAP Fiori Netweaver Gateway CI+APP+DB Server ASE SLES 15 SP 1 2 8 200 50 250 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV/QAS SAP Solution Manager CI+APP+DB Server ASE SLES 15 SP 1 4 32 650 200 850 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV/QAS Workforce Performance Builder APP server MSSQL Windows 2012 R2 4 24 700 100 800 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
DEV/QAS SAP Business Objects APP server Windows 2012 R2 8 38 500 30 530 D8s_v4 (8 vCPU, 32 GB Memory) SAPS 8710
PRD SAP HANA DB Appliance HDB Server HANA SLES 11 SP 4 40 / 2 768 5000 700 5700 M64s (64 vCPU 1024 GB Memory) SAPS 67315
PRD SAP ECC - Suite On Hana CI+APP Server HANA SLES 12 SP 4 8 80 320 700 1020 E8s_v4 (8 vCPU 64 GB Memory) SAPS 8710
PRD SAP BW On Hana CI+APP Server HANA SLES 12 SP 4 2 24 250 80 330 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
PRD Enterprise Portal CI+APP+DB Server ASE SLES 12 SP 4 2 24 200 70 270 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
PRD Content Server CS Server+Webdispatcher MaxDB SLES 12 SP 4 2 8 200 120 320 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
PRD SAP Fiori Netweaver Gateway CI+APP+DB Server ASE SLES 12 SP 4 1 8 300 50 350 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
PRD SAP Solution Manager CI+APP+DB Server ASE SLES 12 SP 4 4 32 650 300 950 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
PRD Workforce Performance Builder APP server MSSQL Windows 2012 R2 4 24 700 100 800 E4s_v4 (4 vCPU 32 GB Memory) SAPS 4178
PRD SAP Business Objeects APP server Windows 2012 R2 8 38 500 30 530 D8s_v4 (8 vCPU, 32 GB Memory) SAPS 8710

Env VM Name SAP Module DB To be OS No of vRA vHDD DB Total Azure Instance Type
Cores M GB Storage Storage
DEV SAP Webdispatcher + Web Server SLES 15 SP 1 2 8 50 0 50 D2s_v4 (2 vCPU, 8 GB RAM) SAPS 2178
SAP Cloud Connector
QA SAP Webdispatcher + Web Server SLES 15 SP 1 2 8 50 0 50 D2s_v4 (2 vCPU, 8 GB RAM) SAPS 2179
SAP Cloud Connector
PRD SAP Webdispatcher + Web Server SLES 15 SP 1 2 8 50 0 50 D2s_v4 (2 vCPU, 8 GB RAM) SAPS 2180
SAP Cloud Connector
PRD SAP Router (For SAP Support) n/a SLES 15 SP 1 1 8 50 0 50 D2s_v4 (2 vCPU, 8 GB RAM) SAPS 2181
Env VM Name SAP Module DB To be OS No of vRA vHDD DB Total Azure Instance Type
Cores M GB Storage Storage
DEV + QAS ADCAssets & RFID System MSSQL DB+App Server MSSQL Windows 2012 R2 4 16 700 200 900 D4s_v4 (4 vCPU, 16 GB Memory) SAPS 4178
DEV + QAS Electronic Personnel on Board MSSQL DB+App Server MSSQL Windows 2012 R2 2 24 200 100 300 E2s_v4 (2 vCPU 16 GB Memory) SAPS 2178
(Bio-Metric Time / Attendence)
DEV + QAS INTELEX (QHSE System) MSSQL DB+App Server MSSQL Windows 2012 R2 2 12 200 100 300 E2s_v4 (2 vCPU 16 GB Memory) SAPS 2178
PRD ADCAssets & RFID System MSSQL DB+App Server MSSQL Windows 2012 R2 4 16 700 300 1000 D4s_v4 (4 vCPU, 16 GB Memory) SAPS 4178
PRD Electronic Personnel on Board MSSQL DB+App Server MSSQL Windows 2012 R2 2 24 200 100 300 E2s_v4 (2 vCPU 16 GB Memory) SAPS 2178
(Bio-Metric Time / Attendence)
PRD INTELEX (QHSE System) MSSQL DB+App Server MSSQL Windows 2012 R2 6 16 200 100 300 D4s_v4 (4 vCPU, 16 GB Memory) SAPS 4178
PRD ManageEngine Service Desk MSSQL DB+App Server MSSQL Windows 2012 R2 2 32 450 200 650 E2s_v4 (2 vCPU 16 GB Memory) SAPS 2178
PRD ManageEngine DesktopCentral MSSQL DB+App Server MSSQL Windows 2012 R2 2 16 500 300 800 E2s_v4 (2 vCPU 16 GB Memory) SAPS 2178
(Patch Management)
PRD Domain Controller (AD) Windows 2012 R2 3 24 200 200 D4s_v4 (4 vCPU, 16 GB Memory) SAPS 4178
PRD AZURE SYNC Windows 2012 R2 2 16 150 150 E2s_v4 (2 vCPU 16 GB Memory) SAPS 2178

Env VM Name Workload DB To be OS No of vRA vHDD DB Total Azure Instance Type

Cores M GB Storage Storage
Mgmt Firewall VM Firewall Vm fortinet Azur Linux 4 16 128 0 128 D4s_v4 (4 vCPU, 16 GB Memory) SAPS 4178
Markert Place
Mgmt Backup VM Commvault Vm Linux 8 32 1024 0 1024 D8s_v4 (8 vCPU, 32 GB Memory) SAPS 8710

Azure BOQ
Service Service type Custom name Region Description
category
Storage Storage P6 (64 GB)-14 UAE Managed Disks, Premium SSD, LRS Redundancy, P6 Disk Type 14 Disks; Pay as you
Accounts North go
Storage Storage P10 (128 GB)-14 UAE Managed Disks, Premium SSD, LRS Redundancy, P10 Disk Type 14 Disks; Pay as you
Accounts North go
Storage Storage P15 (256 GB)-24 UAE Managed Disks, Premium SSD, LRS Redundancy, P15 Disk Type 24 Disks; Pay as you
Accounts North go
Storage Storage P20 (512 GB)-10 UAE Managed Disks, Premium SSD, LRS Redundancy, P20 Disk Type 10 Disks; Pay as you
Accounts North go
Storage Storage P30 (1024 GB)-2 UAE Managed Disks, Premium SSD, LRS Redundancy, P30 Disk Type 2 Disks; Pay as you
Accounts North go
Compute Virtual E4s_v4-14 UAE 14 E4s v4 (4 vCPUs, 32 GB RAM) (3 year reserved), Linux, SUSE Linux Enterprise +
Machines North Patching only (Pay as you go); 0 managed disks – S4; Inter Region transfer type, 5 GB
outbound data transfer from UAE North to East Asia
Compute Virtual E4s_v4-2 UAE 2 E4s v4 (4 vCPUs, 32 GB RAM) (3 year reserved), Windows (License included), OS
Machines North Only; 0 managed disks – S4; Inter Region transfer type, 5 GB outbound data transfer
from UAE North to East Asia
Compute Virtual E8s_v4-1 UAE 1 E8s v4 (8 vCPUs, 64 GB RAM) (3 year reserved), Linux, SUSE Linux Enterprise +
Machines North Patching only (Pay as you go); 0 managed disks – S4; Inter Region transfer type, 5 GB
outbound data transfer from UAE North to East Asia
Compute Virtual M64ls-1 UAE 1 M64ls (64 vCPUs, 512 GB RAM) (3 year reserved), Linux, SUSE Linux Enterprise +
Machines North Patching only (Pay as you go); 0 managed disks – S4; Inter Region transfer type, 5 GB
outbound data transfer from UAE North to East Asia

Page | 45
Compute Virtual E48ds_v4-1 UAE 1 E48s v4 (48 vCPUs, 384 GB RAM) (3 year reserved), Linux, SUSE Linux Enterprise +
Machines North Patching only (Pay as you go); 0 managed disks – S4; Inter Region transfer type, 5 GB
outbound data transfer from UAE North to East Asia
Compute Virtual M64s-1 UAE 1 M64s v2 (64 vCPUs, 1024 GB RAM) (3 year reserved), Linux, SUSE Linux Enterprise
Machines North + Patching only (Pay as you go); 0 managed disks – S4; Inter Region transfer type, 5
GB outbound data transfer from UAE North to East Asia
Compute Virtual D8s_v4-2 UAE 2 D8s v4 (8 vCPUs, 32 GB RAM) (3 year reserved), Windows (License included), OS
Machines Windows North Only; 0 managed disks – S4; Inter Region transfer type, 5 GB outbound data transfer
from UAE North to East Asia
Storage Storage P6 (64 GB)-4 UAE Managed Disks, Premium SSD, LRS Redundancy, P6 Disk Type 4 Disks; Pay as you go
Accounts North
Compute Virtual D2s_v4-4 UAE 4 D2s v4 (2 vCPUs, 8 GB RAM) (3 year reserved), Linux, SUSE Linux Enterprise +
Machines North Patching only (Pay as you go); 0 managed disks – S4; Inter Region transfer type, 5 GB
outbound data transfer from UAE North to East Asia
Storage Storage P6 (64 GB)-1 UAE Managed Disks, Premium SSD, LRS Redundancy, P6 Disk Type 1 Disks; Pay as you go
Accounts North
Storage Storage P10 (128 GB)-6 UAE Managed Disks, Premium SSD, LRS Redundancy, P10 Disk Type 6 Disks; Pay as you
Accounts North go
Storage Storage P15 (256 GB)-7 UAE Managed Disks, Premium SSD, LRS Redundancy, P15 Disk Type 7 Disks; Pay as you
Accounts North go
Storage Storage P20 (512 GB)-2 UAE Managed Disks, Premium SSD, LRS Redundancy, P20 Disk Type 2 Disks; Pay as you
Accounts North go
Storage Storage P30 (1024 GB)-2 UAE Managed Disks, Premium SSD, LRS Redundancy, P30 Disk Type 2 Disks; Pay as you
Accounts North go
Compute Virtual E2s_v4-6 UAE 6 E2s v4 (2 vCPUs, 16 GB RAM) (3 year reserved), Windows (License included), OS
Machines North Only; 0 managed disks – S4; Inter Region transfer type, 5 GB outbound data transfer
from UAE North to East Asia
Compute Virtual D4s_v4-4 UAE 4 D4s v4 (4 vCPUs, 16 GB RAM) (3 year reserved), Windows (License included), OS
Machines North Only; 0 managed disks – S4; Inter Region transfer type, 5 GB outbound data transfer
from UAE North to East Asia
Compute Virtual Firewall VM UAE 2 D4s v4 (4 vCPUs, 16 GB RAM) (3 year reserved), Linux, (Pay as you go); 1 managed
Machines North disk – P10; Inter Region transfer type, 5 GB outbound data transfer from UAE North
to East Asia
Compute Virtual Commvault UAE 1 D8s v4 (8 vCPUs, 32 GB RAM) (3 year reserved), Linux, (Pay as you go); 1 managed
Machines Server VM North disk – P30; Inter Region transfer type, 5 GB outbound data transfer from UAE North
to East Asia
Storage Storage Backup_Storage UAE Block Blob Storage, General Purpose V2, LRS Redundancy, Hot Access Tier, 15 TB
Accounts North Capacity - Pay as you go, 10 x 10,000 Write operations, 10 x 10,000 List and Create
Container Operations, 10 x 10,000 Read operations, 100,000 Archive High Priority
Read, 1 x 10,000 Other operations. 1,000 GB Data Retrieval, 1,000 GB Archive High
Priority Retrieval, 1,000 GB Data Write
Storage Storage Backup_Storage UAE Block Blob Storage, General Purpose V2, LRS Redundancy, Cool Access Tier, 10 TB
Accounts North Capacity - Pay as you go, 10 x 10,000 Write operations, 10 x 10,000 List and Create
Container Operations, 10 x 10,000 Read operations, 100,000 Archive High Priority
Read, 1 x 10,000 Other operations. 1,000 GB Data Retrieval, 1,000 GB Archive High
Priority Retrieval, 1,000 GB Data Write
Security Microsoft UAE Logs ingested - 33 GB Basic logs per day, 9 GB Analytics logs per day; Azure
Sentinel North Monitor Retention - 3 months of Data Retention, 0 months of Data
Archive; Azure Monitor Data Restore - 300 Basic log queries per day, 1400
GB data scanned per query, 2000 GB Data Restored, 0 days data restored;
Azure Monitor Search Queries and Search Jobs – 0 queries per day, 0 GB
data scanned per query of Search Queries, 0 queries per day, 0 GB data
scanned per query of Search Jobs
Security Microsoft UAE Microsoft Defender for Cloud by Resource: 0 Plan 1 servers x 730 Hours, 36 Plan 2
Defender for North servers x 730 Hours, 0 Container vCores x 730 Hours, 0 App Service nodes x 730
Cloud Hours, 0 SQL Database servers on Azure, 0 SQL Database servers outside Azure x
730 Hours, 0 MySQL Instances, 0 PostgreSQL Instances, 0 MariaDB Instances x 730
Hours, Cosmos DB 0 RU/s x 730 Hours, 0 x 10,000 Storage transactions, 0 Key Vault
transactions, 0 x 1 million ARM API calls, 0 x 1 million DNS queries; Microsoft
Defender for Cloud for IoT: 0 x 100 committed devices for agentless monitoring, 0
IoT Hub Devices, 0 x 25,000 IoT Hub Message transactions
DevOps Azure UAE Log analytics: 2 GB Daily logs ingested; Application Insights: 0 GB Daily logs ingested,
Monitor North 3 months Data retention, 0 Multi-step Web Tests; 36 resources monitored X 1
metric time-series monitored per resource, 0 Log Alerts at 5 Minutes Frequency, 0
Additional events (in thousands), 0 Additional emails (in 100 thousands), 0
Additional push notifications (in 100 thousands), 0 Additional web hooks (in
millions)
Networking Azure UAE 730 Hours, 5 GB Outbound Data Transfer
Bastion North

Page | 46
DR Mapping
Replication
Env VM Name SAP Module DB To be OS No of Cores vRAM vHDD GB DB Storage Total Storage type Duing Normal Hours During DR Drill
M64s (64 vCPU 1024 GB Memory) M64s (64 vCPU 1024 GB Memory)
PRD SAP HANA DB Appliance HDB Server HANA SLES 11 SP 4 40 / 2 768 5000 700 5700 Live SAPS 67315 SAPS 67315
E8s_v4 (8 vCPU 64 GB Memory) SAPS
PRD SAP ECC - Suite On Hana CI+APP Server HANA SLES 12 SP 4 8 80 320 700 1020 Offline 8710
E4s_v4 (4 vCPU 32 GB Memory) SAPS
PRD SAP BW On Hana CI+APP Server HANA SLES 12 SP 4 2 24 250 80 330 Offline 4178
E4s_v4 (4 vCPU 32 GB Memory) SAPS E4s_v4 (4 vCPU 32 GB Memory) SAPS
PRD Enterprise Portal CI+APP+DB Server ASE SLES 12 SP 4 2 24 200 70 270 Live 4178 4178
E4s_v4 (4 vCPU 32 GB Memory) SAPS E4s_v4 (4 vCPU 32 GB Memory) SAPS
PRD Content Server CS Server+Webdispatcher MaxDB SLES 12 SP 4 2 8 200 120 320 Live 4178 4178
E4s_v4 (4 vCPU 32 GB Memory) SAPS E4s_v4 (4 vCPU 32 GB Memory) SAPS
PRD SAP Fiori Netweaver Gateway CI+APP+DB Server ASE SLES 12 SP 4 1 8 300 50 350 Live 4178 4178
E4s_v4 (4 vCPU 32 GB Memory) SAPS E4s_v4 (4 vCPU 32 GB Memory) SAPS
PRD SAP Solution Manager CI+APP+DB Server ASE SLES 12 SP 4 4 32 650 300 950 Live 4178 4178
E4s_v4 (4 vCPU 32 GB Memory) SAPS E4s_v4 (4 vCPU 32 GB Memory) SAPS
PRD Workforce Performance BuilderAPP server MSSQL Windows 2012 R2 4 24 700 100 800 Live 4178 4178
D8s_v4 (8 vCPU, 32 GB Memory) SAPS
PRD SAP Business Objeects APP server Windows 2012 R2 8 38 500 30 530 Offline 8710
SAP Webdispatcher + D2s_v4 (2 vCPU, 8 GB RAM) SAPS 2180
PRD SAP Cloud Connector Web Server SLES 15 SP 1 2 8 50 0 50 Offline
D2s_v4 (2 vCPU, 8 GB RAM) SAPS 2181
PRD SAP Router (For SAP Support) n/a SLES 15 SP 1 1 8 50 0 50 Offline
D4s_v4 (4 vCPU, 16 GB Memory) SAPS D4s_v4 (4 vCPU, 16 GB Memory) SAPS
PRD ADCAssets & RFID System MSSQL DB+App Server MSSQL Windows 2012 R2 4 16 700 300 1000 Live 4178 4178
E2s_v4 (2 vCPU 16 GB Memory) SAPS E2s_v4 (2 vCPU 16 GB Memory) SAPS
Electronic Personnel on Board 2178 2178
(Bio-Metric Time /
PRD Attendence) MSSQL DB+App Server MSSQL Windows 2012 R2 2 24 200 100 300 Live
D4s_v4 (4 vCPU, 16 GB Memory) SAPS D4s_v4 (4 vCPU, 16 GB Memory) SAPS
PRD INTELEX (QHSE System) MSSQL DB+App Server MSSQL Windows 2012 R2 6 16 200 100 300 Live 4178 4178
D4s_v4 (4 vCPU, 16 GB Memory) SAPS D4s_v4 (4 vCPU, 16 GB Memory) SAPS
PRD Domain Controller (AD) Windows 2012 R2 3 24 200 200 Live 4178 4178
E2s_v4 (2 vCPU 16 GB Memory) SAPS E2s_v4 (2 vCPU 16 GB Memory) SAPS
PRD AZURE SYNC Windows 2012 R2 2 16 150 150 Live 2178 2178

Azure BOQ

Service Service type Custom Region Description

category name
Storage Storage P6 (64 GB)-8 UAE Managed Disks, Premium SSD, LRS Redundancy, P6 Disk Type 8 Disks;
Accounts Central Pay as you go
Storage Storage P10 (128 UAE Managed Disks, Premium SSD, LRS Redundancy, P10 Disk Type 2 Disks;
Accounts GB)-2 Central Pay as you go
Storage Storage P15 (256 UAE Managed Disks, Premium SSD, LRS Redundancy, P15 Disk Type 14 Disks;
Accounts GB)-14 Central Pay as you go
Storage Storage P20 (512 UAE Managed Disks, Premium SSD, LRS Redundancy, P20 Disk Type 1 Disks;
Accounts GB)-1 Central Pay as you go
Storage Storage P30 (1024 UAE Managed Disks, Premium SSD, LRS Redundancy, P30 Disk Type 3 Disks;
Accounts GB)-3 North Pay as you go
Compute Virtual M64s-1 UAE 1 M64s v2 (64 vCPUs, 1024 GB RAM) (3 year reserved), Linux, SUSE
Machines Central Linux Enterprise + Patching only (Pay as you go); 0 managed disks – S4;
Inter Region transfer type, 5 GB outbound data transfer from UAE
Central to East Asia
Compute Virtual E2s_v4-2 UAE 2 E2s v4 (2 vCPUs, 16 GB RAM) (3 year reserved), Windows (License
Machines Central included), OS Only; 0 managed disks – S4; Inter Region transfer type, 5
GB outbound data transfer from UAE Central to East Asia
Compute Virtual D4s_v4-3 UAE 3 D4s v4 (4 vCPUs, 16 GB RAM) (3 year reserved), Windows (License
Machines Central included), OS Only; 0 managed disks – S4; Inter Region transfer type, 5
GB outbound data transfer from UAE Central to East Asia
Compute Virtual E4s_v4-4 UAE 4 E4s v4 (4 vCPUs, 32 GB RAM) (3 year reserved), Linux, SUSE Linux
Machines Central Enterprise + Patching only (Pay as you go); 0 managed disks – S4; Inter
Region transfer type, 5 GB outbound data transfer from UAE Central to
East Asia
Compute Virtual E4s_v4-1 UAE 1 E4s v4 (4 vCPUs, 32 GB RAM) (3 year reserved), Windows (License
Machines Central included), OS Only; 0 managed disks – S4; Inter Region transfer type, 5
GB outbound data transfer from UAE Central to East Asia
Storage Storage ASR_storage UAE Page blobs (Unmanaged Disks included), Standard, LRS Redundancy,
Accounts Central General Purpose V2, 2 TB Capacity, 100 Operations for Unmanaged
Disks, 10,000 Write operations for Page Blobs, 10,000 Write additional
IO units, 10,000 Read operations for Page Blobs, 10,000 Read additional
IO units, 10,000 Delete operations for Page Blobs
Management Azure Site UAE 0 Customer instances, 5 Azure instances
and Recovery Central
governance

Page | 47
 Compute Virtual D4s_v4-1 UAE 1 D4s v4 (4 vCPUs, 16 GB RAM) (3 year reserved), Linux, (Pay as you
Machines FW Central go); 1 managed disk – P10; Inter Region transfer type, 5 GB outbound
data transfer from UAE Central to East Asia
DevOps Azure UAE Log analytics: 0 GB Daily logs ingested; Application Insights: 0 GB Daily
Monitor Central logs ingested, 3 months Data retention, 0 Multi-step Web Tests; 11
resources monitored X 1 metric time-series monitored per resource, 0
Log Alerts at 5 Minutes Frequency, 0 Additional events (in thousands), 0
Additional emails (in 100 thousands), 0 Additional push notifications (in
100 thousands), 0 Additional web hooks (in millions)
Security Microsoft UAE Microsoft Defender for Cloud by Resource: 0 Plan 1 servers x 730 Hours,
Defender Central 11 Plan 2 servers x 730 Hours, 0 Container vCores x 730 Hours, 0 App
for Cloud Service nodes x 730 Hours, 0 SQL Database servers on Azure, 0 SQL
Database servers outside Azure x 730 Hours, 0 MySQL Instances, 0
PostgreSQL Instances, 0 MariaDB Instances x 730 Hours, Cosmos DB 0
RU/s x 730 Hours, 0 x 10,000 Storage transactions, 0 Key Vault
transactions, 0 x 1 million ARM API calls, 0 x 1 million DNS queries;
Microsoft Defender for Cloud for IoT: 0 x 100 committed devices for
agentless monitoring, 0 IoT Hub Devices, 0 x 25,000 IoT Hub Message
transactions

6.10 SAP Applications Migration Approach

Primary scope is migration of SAP landscape to compatible SAP versions, Operating System, and
database on Cloud by leveraging SAP Activate Methodology.
▪ Migration of SAP Landscape (as mentioned in Table 2: ADC Current SAP Landscape) to Cloud.
▪ SAP sizing and defining SAP architecture on target cloud.
▪ Setup and configuration of High Availability and Disaster recovery for identified SAP Production
Landscapes.
▪ Operating System script remediation post migration.
▪ Two Weeks of Post Go-Live Support only for SAP Landscape Migration. This doesn’t include
normal application support.

Migration Process: SAP Production Environment:

The Migration/Upgrade of Production Environment will be executed into 4 high level phases:
▪ Pre-Migration Activities
▪ Migration Activates
▪ Post-Migration Activities
▪ Rollback.

Page | 48
The current SAP Landscape based on SUSE Linux 12 / Win 2012 R2 and HANA1.0/ ASE16 / MaxDB
7.6/ MSSQL 2012/16 OS/DB platform hosted on-premises will be migrated to Cloud leveraging various
tools such as SAP’s standard tool Software Pac age Manager SWPM Cloud’s migration tool A A’s
HSR /ASE native database replication tool SRS.

AS-IS & TO-BE ADC SAP Landscape

Migration Methodologies

Expected
Migration Methodology SAP Landscapes Tools Used Technical
Downtime

Methodology-1 • EHP7 for SAP • SAP SWPM (Software < 4 Hours

(HANA system ERP 6.0 SP18 Package Manager) (Near Zero
replication using • SAP BW 7.4 • SAP HDBNSUTIL using Downtime)
Database Native Tools. ) SP13 SAP HANA Cockpit or
HANA Studio

Methodology-2 • SAP EP -SAP • SAP SWPM (Software ~ 4-8 Hours

(Export/Import using NW AS JAVA - Package Manager)
SAP Standard Tools. ) 7.5
• SAP Solution
Manager JAVA
7.2 SP3
Methodology-3 • SAP Content • SAP SWPM ~ 4-8 Hours
(Backup/Restore using Server 6.5 • MaxDB , ASE DB
Database Native Tools. ) • SAP NW backup/restore native
Gateway 7.5 tool
SP12
• SAP Solution
Manager ABAP
7.2 SP3
Methodology-4 • SAP Business • SAP BI promotion ~ 4-8 Hours
( Export/Import using Objects 4.1 management tool
SAP BI Tools. )

Methodology-5 • SAP WBP • SAP Ready-installer < 4 Hours

(Re-install and Re- • SAP Web (Near Zero
configure using SAP dispatcher Downtime)
Standard Tools ) • SAP Cloud
connector
• SAP Router

Page | 49
Methodology -1 (HANA System Replication.)

Methodology 2 (Export/Import using SAP standard Tools.)

Methodology-3 (Backup/Restore using Database Native Tools. )

Page | 50
Methodology-4 ( Export/Import using SAP BI Tools. )

Methodology-5 (Re-install and Re-configure using SAP Standard Tools )

Page | 51
Estimated Production Downtime or Blackout Period

The migration of Production Environment will be executed over the weekend to have minimum business
impact.

Inflight Projects and Change Freeze Management

Target Architecture

SAP Production Landscape will be installed in AZURE by adhering to the following design
principles for achieving High availability and Disaster Recovery:

Architecture
High Availability Disaster Recovery
Component
SAP Central Linux Cluster Solution -or- Windows Server AZURE ASR, RSYNC etc.
Services Failover Cluster etc.
SAP Application VMs distributed between Availability sets AZURE ASR, RSYNC etc.
Server behind AZURE standard load balancer.

Page | 52
 Synchronous HANA system replication Asynchronous HANA system
HANA Database between HANA databases in availability sets. replication between HANA
Server databases in two regions.

High Availability

igh Availability will be provided for SAP RP’s A A database layer. Standard reference architecture
on AZURE would be implemented as per the diagram below.

Disaster Recovery

Disaster recovery setup will be provided for SAP RP’s A A database layer. Standard reference
architecture on AZURE would be implemented as per the diagram below.
ASR -Azure site recovery is used to replicate the VMs of ASCS/SCS, SAP application Pool and
Native database replication tools to synchronize the database layer.

6.11 NON-SAP Application Migration approach

Primary scope is migration of NON-SAP landscape to compatible Operating System, and database on
Cloud by leveraging migration Methodology.

▪ Migration of Workload (as mentioned in Table ADC Current NON-SAP Landscape) to Cloud.
▪ Workload sizing and defining SAP architecture on target cloud.
▪ Setup and configuration of High Availability and Disaster recovery for identified Production
Landscapes.
▪ Operating System script remediation post migration.
▪ Two Weeks of Post Go-Live Support only for SAP Landscape Migration. This doesn’t include
normal application support.

Page | 53
Migration Methodologies

Application Platforms Migration

Azure Migrate and Azure Site Recovery

Minimizes time-intensive, error-prone manual processes by automatically converting your source
servers from physical, virtual, or cloud infrastructure to run natively on Azure. It further simplifies your
migration by enabling you to use the same automated process for a wide range of applications.

MSSQL Database Platforms Migration

• MSSQL Version 2012 + CU11 and Later Clustered Instances AO\AG

o Microsoft Migration Assistant Native Replication Through AO\AG.

Page | 54
 • MSSQL Version 2012 + CU11 and Later Non-Clustered Instances

o Azure DMA will be used to migrate DB instances to the target instances

• MSSQL Server versions 2005, 2008, 2008R2, 2012 and 2016 Full load (Enterprise)

o Azure DMA will be used to migrate DB instances to the target instances

• MSSQL Server versions 2000

o Azure Site Recovery tool will be used (Lift-and-Shift)

6.12 Cloud & Infrastructure Security Details

Azure security is one of the best reasons to use Azure for your applications and services is to take
advantage of its wide array of security tools and capabilities. These tools and capabilities help make it
possible to create secure solutions on the secure Azure platform. Microsoft Azure provides
confidentiality, integrity, and availability of customer data, while also enabling transparent accountability.

Security Services considered for ADC

Service Description
Microsoft A cloud workload protection solution that provides security management and
Defender for advanced threat protection across hybrid cloud workloads.
Cloud
Azure Key A secure secret store for the passwords, connection strings, and other information you
Vault need to keep your apps working.
Azure Monitor A monitoring service that collects telemetry and other data, and provides a query
logs language and analytics engine to deliver operational insights for your apps and
resources. Can be used alone or with other services such as Defender for Cloud.
Azure Sentinel SIEM Solution

We recommend using 3rd Party NVAs as Perimeter Firewall in HA in the DC/DR site to manage and
allow traffic flow between the hybrid network of On-premises & Cloud environments.

SI No Tools Description Service Residency

1 External Firewall Fortinet NVA Fortinet NVA - Azure MP provided on Azure
2 HBSS Host VA with IDS/IPS Microsoft Defender for Cloud
3 Bastion Host Bastion Service Azure Bastion Service
4 SIEM Azure Sentninel EPS/FPM

Page | 55
 6.13 Proposed Solution Assumptions
SAP System Assumptions

• Customer and Cloud4C will work jointly on identifying the mitigation path / alternatives for identified
risks.
• Customer to initiate DB Backup well within time to minimize migration duration.
• Customer will provide the list of instances to be migrated to target Cloud.
• Project management and weekly status reporting will be required throughout the course of the
migration. Cloud4C shall nominate a Project manager to take care of these activities and SAP shall
also depute a Project manager for the tenure of the projects
• All the interfaces, Job Management and Promotion Management would be handled by
SAP/Customer.
• Dual Maintenance of transports in SAP ECC & BW Landscape will be handled by Customer.(If part
of Landscape)
• Cloud4C may require up to two (2) weeks to assemble a Project team. Cloud4C reserves the right
not to start the Project until Cloud4C has assembled a Project team.
• A hard development-freeze will be imposed from start of Regression/User-Acceptance testing; a
soft development-freeze may be applicable from the migration of development systems.
• The estimated Project schedules will be shared once the list of instances to be migrated is
received by Cloud4C.
• Decommissioning of the infra would happen only after confirmation from both customer and
Cloud4C.

SAP Scope Inclusions

• Primary scope is migration of SAP landscape from On Prem to Azure Cloud by leveraging SAP
Activate Methodology.
• Post successful migration of SAP Landscape ERP6.0 EHP6, ERP6.0 EHP upgrade to EHP8
• SAP sizing and defining SAP architecture on target cloud.
• Basis support for fixing function Integration Testing and remediation of interfaces or
communication channels with any third party non–SAP applications.
• Setup and configuration of Disaster recovery for identified SAP Production Landscapes if it
currently exists in source. Otherwise, to be discussed and aligned on the cost estimates to setup
DR / HA.
• Operating System script remediation post migration.
• Four Weeks of Post Go-Live Support only for SAP Landscape Migration. This doesn’t include
normal application support.

SAP Scope Exclusions

• System refresh of SAP systems On-Premise and setup of staging environment On-Premise or
C4C.
• Implementation of any new functionalities or new developments
• Any Functional / ABAP support during the project – If this support is needed it has to be called out
clearly and Digital team from Cloud4c will be involved.
• Any non/partially implemented SAP process / module.
• System Volume, Stress Testing, Load Testing, Benchmarking Testing.
• Solution Manager 7.2 re-installation and configuration.
• SAP Solution Manager Configuration like technical monitoring and EWA setup for Production SAP
systems
• Implementation of any functionalities on Solution Manager like CHARM, ITSM, etc..
• System administration and performance tuning at OS/DB and network levels required to be done
On-Premises.
• Data collection, cleaning, or validation from the current SAP/ non-SAP systems.
• Modification or development of existing or new interface and communication channels.

Page | 56
• System/Database backup, restore and recover on source environment On-Premise
• SAP ABAP Custom Code remediation post migration.
• SAP ABAP Modifications and Adjustments (SPDD, SPAU and SPAU_ENH), if required.
• Procurement of any software license.

General Project Assumptions

Assumptions
DC Region: UAE North
1
DR Region: UAE Central
Compute capacity has been considered as per details provided in Calc Sheet and additional
2 requirements will be handled as per CR process
3 IaaS sizing based on customer data, customer to validate the same & provide sign off.
4 Client to provide licenses for Applications & Databases
5 Application Functional Support is excluded
Backup storage has been considered as per Policy for commercial calculation & will be charged
6
additionally as per retention policies

ASR Prerequisites: to be validated & confirmed by customer

- Assuming all Source OS are supported for ASR replication
7 - ASR Replication VM to be provisioned by Customer at Primary site to enable replication
- Necessary permissions / ports are open for ASR replication
- detailed pre-requisites to be shared in Solution document
8 SAPS benchmarked per Instance - Please refer Instance types
9 Assuming Cloud4C CSP will be used for deployment - Customer tenant under C4C CSP
10 Customer should provide all necessary information for Cloud4C to perform this project
This proposal and pricing is based on Cloud4C standard solution design, the information
provided by the Customer at the time of preparation of this proposal, and on the pre-requisites,
11
assumptions and terms and conditions mentioned in this proposal. The proposal’s pricing and
terms are subject to change in case any of the above conditions changes
ASR replicated VM's will be powered on during DR Drills / DR invocation.
12
Additional PAYG charges may be applicable during this activity
VM sizing & Disk sizing as per customer recommendation & acceptance, any change during
13
the project phase will be treated as CR.
14 All SAP licenses are customer provided
16 Assuming 3yr Contract
Anything not explicitly mentioned in the scope of work will be considered out of Cloud4C
17
deliverable.
18 Azure Commercial Estimates subject to change based on actual usage / Solution change
For RI (Reserved Instances) If the contract is terminated before 3 years - penalty of 12% will be
19 charged on VM's which are under 3 years RI only. Max refund as per microsoft will be 50K USD
depending on the remaining period and penalty amount
20 Express Route & Its associated charges are excluded
21 It is recommended to run the environment in PAYG for first 3 months before converting to RI
During the Migration period the VM’s will be on PAYG and Customer will be billed on actual
22 consumption
Additional disks & other services may also be provisioned during migration period
23 Estimates proposed are for Post migration period - once the VM's are coverted to RI

Page | 57
 For PAYG VM's - the estimation is based on fixed hours usage & may vary based on actual
24
usage.

Inclusion
SAP NON SAP Workload Migration and Azure Platform Management & Managed Services as
1
per SOW
2 Cloud4C licenses as per BOQ
3 OS Licence Windows and SLES
Exclusion
1 Customer side network connectivity / Internet availability to connect to Cloud4C Cloud
2 Cross connect / MPLS termination charges are excluded
3 Customer Application Licenses & Support
4 Customer Business application configuration / client-side configuration / App monitoring
5 Any Onsite resource deployment
6 Customer Application functional & development Support
7 Azure Express Route/ Link termination charges to be borne by customer
8 Compliance Certification / Auditor appointment & its associated charges
9 Customer Application security controls and validation testing
10 Any provisioning at Client DC
11 Database Licenses (except if specified)
12 SAP Functional SAP
13 Customer Application customisation and management
14 Functional business logic and processes of organization
15 Load Testing of application and stress testing of infrastructure
16 Helpdesk for customer internal / Business users
17 Disaster Recovery Site Network convergence & DR declaration

7 Project Methodologies & Approach

7.1 Project Management
Cloud4c will assign a dedicated SPOC for client who will act as single point of contact. A detailed project
plan with timelines will be submitted to customer after the due diligence phase.
Service Delivery for customer will be performed as per ITIL framework using centralized service desk
which will act as a single point of contact for all incidents or alerts. Every incident will have a unique
ticket ID which will be used as a reference number for tracking the same. Cloud4c will ensure that the
flow of ticket is smooth and as per defined process. Resolution of incident will be performed by multiple
teams working in conjunction with each other. Resolver group includes PM, L2& L3 resources with a
technology CoE & OEM if required.

Core of the Project Management will be as follows:

• Participating in internal review calls to understand the scope & assumptions
• Kick off meeting with the Customer
• Preparing a detailed project plan
• Responsible for smooth execution of the project
• Coordinating with internal team for implementation
• Participating in timely review with the Customer
• Timely updating the status

Page | 58
 • Handover to Service Delivery for routing issues

Project Manager will be responsible for preparing & maintaining the following documents:
• Project Charter
• Project Plan
• Risk register
• Issue Register
• CMDB
• Lesson Reports

7.1.1 Governance Structure

Cloud4C recognizes that Governance is an essential component for successful contract management
and ongoing Client–Cloud4C relationship. To ensure a long-lasting and mutually rewarding relationship,
Cloud4C governance model is based on the following principles:
• Simplicity and flexibility in the governance structure facilitating ease of communication
• Proactive multi-tiered governance approach and structure

• Mutual trust and respect based on transparency

• Well-defined objectives and service levels and measurable performance indicators
• Transparent and live status reports

• Well-defined roles and responsibilities

• Well-defined and agreed interfaces between parties
• Open communication between Parties
• Deployment of the most suitable and experienced resources on a regular basis

Goals and Objectives:

The goal of creating a governance model is to ensure that Cloud4C is viewed by key stakeholders in
Customer as an integral component of CUSTOMER IT organization. Therefore, Cloud4C governance
team shall, during the transition period and continuously over time, work with CUSTOMER to achieve
the following goals:
• Identifying and solving structural issues that hinder end-to-end performance of IT service delivery
• Allowing Customer full control over its overall IT strategy, architecture, and associated plans,
while providing Customer with recommendations and views on industry best practices

Page | 59
 • Focusing on measurable results in the areas that are critical to Customer `s business and
objectives
• Delivering of high-quality IT services to meet Customer business needs
• Providing a central repository for all standard operational management procedures and practices
• Delivering high satisfaction levels for Customer`s Participants
• Developing the business rationale and benefits of any proposed changes and communication of
these to Customer IT
• Eliminate and mitigate business risks with appropriate planning and monitoring of current trends
• Working within the mutually agreed-upon structure for execution of processes and procedures

Reports: -
Cloud4C will provide periodic reports categorized into the following two types to Customer giving it
insight into the Operational performance of the team.
Service Support Reports – These reports will enable transparency into the day-to-day operations.
They will provide a unified infrastructure view and detailed insight into health of the infrastructure
components.
Disaster Recovery Reports – These reports underpin the business aspects that Cloud4C takes into
consideration to maintain a steady and satisfying relation.
All SLA and KPI reports will be customized and generated as per Customer service levels, the data
and reports will be real time and will be pulled out for individuals as per the custom access provided.

Page | 60
 7.1.2 Project Cadence

Cloud4C has designed a governance process which will facilitate a transparent model where ADC Team
will have visibility into the day-to-day operations and progress of the project. The model provides for
clear communication and prioritization which helps in addressing issues. The governance process
addresses the following three levels of relationship reviews:
Strategic – where at an executive management level, Cloud4C and ADC Team can maintain and grow
the partnership, resolve significant issues, set direction, approve strategic changes and plan for the
future.
Tactical – where through regular review meetings Cloud4C and ADC Team can ensure that progress is
being made according to the overall objectives of the project.
Operational – where we can work on a day-to-day basis to deliver services and respond to requests,
problems and queries, in line with the objectives of the project.
Cloud4C believes that the proposed organization model and governance structure will give maximum
benefit to ADC. However, Cloud4C is open to engaging in a collaborative dialogue with ADC to explore
other models or refine the suggested models.

7.1.3 Project Risk Management

Cloud4C also propose schedules for ongoing risk and trend analysis to monitor exposure levels.
Contingency steps are documented to situationally roll back migrated Microsoft Azure workloads and
confirm the integrity of:
• Monitoring & reporting
• Security
• Workflow deployment
• Workload balance
The following general procedure will be used to manage active issues and risks during the program:
• Identify: identify and document program issues and risks (potential issues that could affect the
program).
• Analyze and prioritize assess the potential impact and determine the highest priority risks and
issues that will be actively managed.
• Plan and schedule: determine the strategy for managing priority risks and issues, and identify
a resource who can take responsibility for mitigation and remediation.
• Track and report: monitor and report the status of risks and issues.
• Escalate: escalate to program sponsors the high impact issues and risks that the team is
unable to resolve.

Page | 61
 • Control: review the effectiveness of risk and issue management actions.
Active issues and risks will be regularly monitored during the program.

Escalation Matrix

Transition Phase

Page | 62
 7.2 Service Management

Cloud4C delivers the Managed Delivery services using our Hybrid Delivery Framework driven by ITIL
processes. We use an established operating model which aims to address the services and solutions
required by ADC project. At the same time, it allows to provide cost benefits as we are utilizing the
offshore resource model. This model also results in increased productivity, efficiency and maximize the
contribution of every team member.

7.2.1 Service Delivery Processes

Help Desk / Service Desk

A Service Desk is a primary IT service called for in IT service management (ITSM) as defined by the
Information Technology Infrastructure Library (ITIL). It is intended to provide a Single Point of Contact
("SPOC") to meet the communication needs of both Users and IT employees. But also to satisfy both
Customer and IT Provider objectives "User" refers to the actual user of the service, while "Customer"
refers to the entity that is paying for service.

The ITIL approach considers the service desk to be the central point of contact between service
providers and users/customers on a day-to-day basis. It is also a focal point for reporting Incidents
(disruptions or potential disruptions in service availability or quality) and for users making service
requests (routine requests for services).

Service Desk Deliverables:

Deliverables Key Roles and Tasks

Incident Detection &  Receive End-User calls/ emails
Recording  Incident logging
Incident Classification • Classify Incident as per Customer Severity Definition
Investigation & • Diagnosis of Incident through questioning end-user
Diagnosis
Initial Support  Resolution of Standard Problems using SOPs and Knowledge
Base
 Remote Troubleshooting of Desktops
Escalation  Escalate to Field Support or appropriate technology resources
 Advance Notification of Critical Incidents
Incident Closure  Follow-up with support groups and close incident after user
acceptance
Trend Analysis  Perform regular trend analysis of Help Desk Incidents
 Initiate appropriate Problem/ Change Management process

The below flow illustrates the Cloud4C AIOps supported service delivery based on ITIL
ITIL Based Delivery Process

Page | 63
 7.2.2 Service Windo Coverage & SLA’s
Cloud4C considers a key goal for Service Level compliance is to maintain and improve service quality
by closely managing SLA performance and targets. This includes the instigation of actions to improve
under-performing services. These activities would help to develop and maintain a service orientated
relationship between Cloud4C and ADC by establishing effective lines of communication to understand
service expectations. Following are the factors considered to frame SLAs.

Service Operations Process:

Service Levels:
The below table describes the various Service Levels-
The Incidents and Service Requests are classified into the following severity levels

Page | 64
 Urgency
3 - Low 2 - Medium 1 – High
Issue prevents Issue prevents the
Incident Priority Service or major
the user from user from
portion of a
performing a performing critical
service is
portion of their time sensitive
unavailable
duties. functions
• Degraded Service
3 – Low

Levels but still

P3 P3 P2
processing within SLA
constraints

• Degraded Service
Levels but not
2 – Medium

processing within SLA

constraints or able to
perform only minimum P2 P2 P1
Impact

level of service
• t appears cause of
incident falls across
multiple functional areas

• Maximum number of
customers are affected
1 – High

for customer
• Pu lic facing service is P1 P1 P1
unavailable
• Any item listed in the
Crisis Response tables

Service Levels:
The below table describes the various Service Levels-
The Incidents and Service Requests are classified into the following severity levels

Call Severity Matrix

• P1 Incident: Any incident reported as a complete Stop, Down, Outage will be Critical and needed

Page | 65
 to be highest priority.
• P2 Incident: Any Incident reported for slow performance in Service, Latency and Packet drops or
Service Performance alerts which are creating high impact on ADC business.
• P3 Incident: All Service Requests will be treated as P3, excluding a few of them which are having
business urgency. Incidents which are not creating business impact and urgency will be prioritized
as P3.

* Disclaimer:
Cloud4C will use reasonable efforts to resolve problems as quickly as possible. However, Cloud4C
offers this service based on a combination of third-party Hardware & Software; for instance - Cloud4C
will not offer any service credits to the ADC in case of non-availability of application due to a problem
with the Managed SOC Services. In such cases, Cloud4C will work with the ADC to remedy problems
at the earliest.

7.2.3 Incident Management

The objective of Incident Management is to restore services within the defined and agreed SLAs, by
processing incidents quickly and effectively, by providing initial triage support with escalation to
additional support teams as required.
Incident will be triggered from the following two channels, Monitoring System and Business
Users/End users.
We follow the ITIL Industry best practices, as well as customized incident management processes to
resolve the incidents as per the agreed SLAs. Following picture depicts the stages involved in Incident
Management.

Page | 66
 RACI Alert Tickets

Activities C4C NOC C4C SME Team C4C PM ADC Service Desk

Event Detection &

A I R,C A
Filtration
Detect Event A I R,C A
Filter Event A I R,C A
Record In System Log File A I R,C A
Event Correlation &
A I R,C A
Response
Acknowledge Event A I R,C A

Page | 67
Event Correlation A I R,C A
Classify Event A I R,C A
Log Event A I R,C A
Auto Response A I R,C A
Corrective Action R A R,C R
Raise Incident A I,C R,C A
Review & Closure R A R,C R
Review Resolved Events R A R,C R
Update CMS and close
R A R,C R
events

RACI for Incidents

Incident Management Cloud4C Cloud4C PM ADC

Initiate Incident R C A,R

Escalation from the requestor I A,R
SLA breach Alert A
Detection & Recording R,C,I
Collect & Record Info C I R,AC
Validate User Profile Data C I A,R,C
Validate CI Information C I A,R,C
Classification and Initial Support C I A,I
Assign Proper Category C I,S A,I
Assign Impact Code C I,S A,I
Assign Severity C I,S A,I
Generate Incident Record C I,S A,I
Inform Incident Reference to user C I,S A,I
Refer KEDB C R,C A,I
Assign to the support group specialist C I AI
Investigation and Diagnosis A R I
Initial Investigation and Diagnosis A C R,I
Update Working & Reassign to SD A C R,I
Gather information from User A C R,I
Validate Priority A C R,I
Validate Category A C R,I
Refer KEDB for Existing Workaround /
A C R,I
Solution
Carry out Detailed Diagnosis A C R,I
Update Working and Assign to Vendor A C R,I

Page | 68
 Follow-up With Vendor R A R,I
Resolution & Recovery A R C,I
Carry out the task for the incident resolution A R C,I
Carry out the task to recover A R C,I
Update Work log and resolve Incident A R C,I
Confirmation & Closure R I A,C
Confirm resolution with user R I A,C
re-open the incident R I A,C
Ask user to provide feedback and close
R I A,C
incident record
Provide feedback & close incident record R I A,C
Major Incident R A I
Accept Major Incident R I A,C
Review Incident Details A I R,C
Open Conference Bridge R R A,I
Tech team will join the Technical bridge in 10
R,A R,A A,I
Min
Involve Related Support Groups C R,A I
Determine Stakeholders for communication R,A R,A A,I
Coordinate Resolution R,A R,A A,I
Collect Status and Update Incident Record R,A R,A A,I
Communicate on Status to Stakeholders R,A R,A A,I
Perform Post Mortem and Prepare Incident
R,A R,A A,I
Report

7.2.4 Problem Management

A problem is the unknown, underlying cause of one or more incidents. Problem Management focuses
on arriving at permanent solutions to known errors in Information Technology services. However, a
temporary workaround may be documented in a known error record and employed to reduce the impact
of the problem while the permanent resolution is in progress.
Proactive problem management would focus on identifying the underlying problems through trend
analysis with the objective of rectifying them before creating incidents. As per the existing process, all
problems and known issues would be owned, managed, and tracked by the C4C Lead who would work
closely with the ADC Problem Manager, who would lead the Problem Management function.
Problem status would be reported according to reporting requirements and only those problems, that
have had a root-cause analysis conducted and a long-term resolution, would be closed. Known issues
would be populated in the Known Error database and SIP action items are created and maintained by
the Level 3 and above SME teams in conjunction with the Service Desk.

Page | 69
 Problem Management Process

Problem Management (RCA) - Stages

Problem Management - RACI

Problem Management C4C NOC C4C PM C4C SME C4C Quality ADC
Raise Problem Ticket A,R I C I I
Trend Analysis(Recurring Incidents) A,R I C I I
Review, Audit Customer Feedback R R C I I
Input From Other Processes R C I A I
Detection & Recording C S S I
Identify the Problem A,R I I,R I,R I
Record the problem A,R C S,R S,R I
Classification & Initial Assessment A,R R A,R A,R I
Assigning problem to Level2 /Onsite team A,R R A I I
Inform the Requester/Customer A,R R C I I

Page | 70
 Investigation & Diagnosis I R A R I
Investigate and diagnose the problem I R A R I
Update KEDB and inform stakeholders I A A R I
Error Control & Resolution I R A C I
Error assessment I R A C I
Determine the resolution procedure I R A C I
Submit the RCA including ETR I R A C I
Raise RFC as applicable I R A C I
Provide resolution I R A C I
Confirmation & Closure I R A,R A I
Update the KEDB I R A,R A I
Review and confirm resolution I R A,R A I
Attach RCA report & Close the Problem I R A,R A I

7.2.5 Change Request Management

Cloud4C believes that Customer will follow a rigorous change control procedure to ensure the effective
roll out of a change into the production system. Cloud4C team will be part of the CAB who is
responsible for the implementation of change at DC site where Cloud4C will perform the risk analysis
of any change and identify the impact of that change onto the existing system. Cloud4C in
coordination with Application owners will also work out a Roll Back plan in case of things not working
properly.

Timelines of any change will be in lines with the timelines defined by CAB and as per criticality of the
change
A complete process covering Problem & Change Management as per ITIL process is showed below:

The platform may require additional capacity in the infrastructure to support organic growth or sudden
increase in transaction volume and usage. Any Infrastructure changes that are to be accommodated to
hardware addition or configuration changes must be supported through emergency or rapid change
control once identified through a change management process including SLA reviews. Extended
capacity planning that requires additional physical infrastructure modifications has to be completed

Page | 71
within 5 to 7 business days. This will also be handled through change management process including
SLA reviews.

Both Customer and Cloud4C will avoid emergency hardware provision through planned capacity and
growth review allowing for proactive planning for capacity changes. Customer will have final say for
change prioritization and scheduling the change for execution

The list of activities for release management shall include, but not be limited to:
- Evaluating Production Readiness of Changes based on predefined checklist
- Tracking all the production fixes and maintenance activities going in or overlaying by new changes
- Opening all the CRQs related to holding production jobs and/or executing the deployment scripts
- Opening support bridge if required, for Severity 1
- Conducting Post Mortem analysis as needed
- Tracking new production fixes due to install related issues and install the same in mid-month
releases

Delay for consideration and completion of Change Requests

Delay for
Category Completion Time
consideration
Minor 1 hour 4 hours or other longer period fixed by the Client
Medium 4 hours 2 days or other longer period fixed by the Client
Major 1 Business Day 10 days or other longer period approved by the Client

The matrix above shows the delays of handling and resolution for changes based on their characteristic
Minor / Medium / Major.

Definitions
Standard Change
Pre-Approved changes are typically pre-approved and require no CAB approvals. However, a
business level approval would be mandatory. These changes are low risk, low impact with
High frequency changes.
Normal Change
A change that requires Change Management approval, and encompasses the majority of changes
which carry High/Medium Risk, High/Medium Impact.
Emergency Change
A Change that must be introduced as soon as possible, with response to a Priority 1 or Priority 2
Production incident.

Project Change Control Procedure:

The following process will be followed if a change to this Scope document is required:

• A Project Change Request (PCR) will be the vehicle for communicating change. The PCR must
describe the change; the rationale for the change and the effect the change will have on the
project.
• The designated Project Manager of the requesting party will review the proposed change and
determine whether to submit the request to the other party.
• Both Project Managers will review the proposed change and recommend it for further
investigation or reject it. Cloud4C will specify any charges for such investigation. A PCR must be
signed by authorized representatives from both parties to authorize investigation of the

Page | 72
 recommended changes. The investigation will determine the effect that the implementation of
the PCR will have on price, schedule and other terms and conditions of the Agreement.
• A written Change Authorization and/or PCR must be signed by authorized representatives from
both parties to authorize implementation of the investigated changes.
• Given the nature of the project, it is important to have a clear and well-defined change control
procedure to ensure a proper, systematic and documented approach for changing scope of work
to be performed. All necessary changes to the scope shall be executed via this change control
procedure.
• All changes should recorded and then evaluated, authorized, prioritized, planned, tested,
implemented, documented and reviewed in a controlled manner.
• All changes performed or executed must have a Change Request
• Changes to infrastructure must not occur without a Change Request.
• A Roll Back Plan must be in Place to avoid unplanned downtime – A Customer Centric
Approach.
• A Change Request may take the form of:
➢ A formal Request for Change from a Client
➢ A Request Ticket for standard or pre-approved changes
• All Change Work must occur in the context of an Incident, a Problem or a Change Request.
• All required fields in the Change Portal to be filled religiously.
• Standard Changes usually takes 4 to 48 hours to implement the Change, on a best effort basis.
• Normal Changes usually takes 48 to 72 hours to implement the Change, on a best effort basis.
• Emergency Changes usually takes 4 to 8 (Business) hours to implement, on a best effort basis
• Cloud4C Technical Management holds final decision, if a change is a Normal Change or
Emergency Change

A.2.1 Change Initiation

A change is initiated by a Request for Change (RFC). This is done by filling out a copy of the form in
section 'Request for Change Form' The membership of the Steering Committee will be agreed to by the
parties in writing. Either party may change its personnel by notifying the other party of the change in
writing. The Steering Committee will evaluate the RFC for technical validity and its impact on the project.
If approved by the Steering Committee, the RFC will be forwarded to Cloud4C. If disapproved, the
reasons will be provided to the RFC initiator.

A.2.2 Cloud4C Response

Cloud4C will, within Fourteen (14) days of receiving an RFC approved by the Steering Committee,
provide a written acknowledgment of receipt and an estimation of the time and effort required analyzing
the RFC.
Following receipt of the written approval of the estimate and agreement to pay the cost, if any, Cloud4C
will, within thirty (30) days or the time specified in the estimate, perform the analysis and repair the
change...

A.2.3 CUSTOMER Approval

Customer approval is required for the Assessment of Change Impact submitted by Cloud4C. When an
RFC requires a change to the cost or schedule or when a change is required to the Agreement executed
between Customer and Cloud4C, the change must be approved by the Customer authorized
representative in writing. Once approved by Customer, the RFC is added to the Agreement
.
If the RFC is not approved by the appropriate authority, the owner will take no action on the same.

Change Request Management - RACI

Page | 73
 C4C
C4C
Change Management ADC Onsite CAB/ECAB
PM
SME
Initiate Request for Change (RFC) R,A,I I C
Classify RFC A,R,C I,R -
Review RFC R,C A C
Return RFC to Customer R,A,C R C
Assign/Review Priority & Category R,A,C R C
Review RFC for completeness & Accuracy R,C,I C A
Perform Emergency Change R,A,I R C
Request Emergency Change R,C,I A, R C
Email/System Approval R,I A C
Execute the Change as per plan R,A,I I C
Inform Requestor & Close RFC R,A,I C I
Perform Standard Change R,A,C I -
Assign Change R,A,C I -
Schedule Change R,A,C I -
Carry out Implementation Task R,A,C I -
Update Requestor & Close RFC R,A,C I -
Perform Normal - Change R,S,A I,C R,I
Assign Change R,C,I A, R C
Identify Resources R,I I C
Prepare Detailed Plan R,A,I I C
Co-ordinate Implementation R,A,I I I
Implementation Authorization/Approval R,A,I I C
Inform Requestor & Close RFC/BRD R,A,I I C
Change Review and Closure R,C A,R I
Post Implementation review R,C A I
Closed RFC A,C R I

Page | 74
 7.3 Proposed Timeline

7.4 Project Resources with Resumes

Cloud4C has provided profiles of resources who we envisage to be part of the project engagement.
Cloud4C will try to accommodate these resources for the ADC project subjected to availability of them
during the project execution phase.

Sr. Cloud Architect

Executive Summary:
Azure Cloud Architect with 10+ years of experience in the specification and delivery of high-availability
secure infrastructure projects including data centers, Cloud Services, Identity Security, Data Integrations
and Modern Apps DevOps. Passionate about technology and innovation, a delivery focused
professional with a proven track record in challenging and demanding environments. Solid business
judgment and strong desire to tackle complex business and technical problems. Capable of determining
keys issues and synthesizing information into cohesive conclusions.

Recent Projects:
• Designed the Public cloud solutions for US, EMEA, APAC and Middle East Customers.

Page | 75
 • Cloud Migrations, Assessments, and Migration strategy plans.
• Developing and Establishing Security Governance of Cloud Digital Projects for Enterprise
Organizations.
• Expertise in Transforming the Application from Monolithic to Microservice based architecture.
• Expertise in designing the solutions on cloud for Cloud Native and Blockchain Services in
Azure Cloud.
• Expertise in designing the Cloud identity Solutions for SPA & Multi-tenant Apps.
• Azure Resource Automation with Devops.
• Designing the Data Integrations and IOT Solutions.
• Experience the rearchitecting the obsolete cloud services architecture.
• Experience in providing Cost Optimization Solutions on Public Cloud Architecture.

Experience Summary:
✓ Total Number of Virtual Machines Migrated: 180+
✓ Database Migrations: 15+
✓ Application Modernization: 25+
✓ Data Integrations: 3
✓ Disaster Recovery in Cloud: 50+

Migration Projects Executed:

Client: Entertainment and Private Held Finance Company, Middle East

Project Summary
▪ Total Number of Virtual Machines Migrated: 180+
• Database Migrations: 15+
• Application Modernization: 25+
• Data Integrations: 3
• Disaster Recovery in Cloud: 50+
Project Highlights
▪ Migrated the Critical applications like Microsoft AX, SQL DWH.
▪ SQL Database Migration to Azure SQL and MI.
▪ Data lake Integrations with BI DWH.
▪ Data Integrations using Azure Data Factory to Move the data between the D365 and Azure SQL
database.
▪ Designing Cloud Network Arch. with 10+ sites leveraging Express route.
▪ Migrating the Middle Tier Service to Azure Logic Apps Integrating with API Management.
▪ Implemented IaaC and PaaC Using Devops.
▪ Azure IOT Hub Solution for BMS System.
▪ DR Solution in cloud for the VM’s which are in On-Premise.
▪ Migrated & Modernize In-house & Ecommerce applications to Container based.
▪ Designed the Cloud Native Multi-tenant apps solutions.
▪ Deployed Windows Virtual Desktop for 500+ Users.
▪ Implemented the Apps which can be Leverage Azure B2B Solutions.
▪ Identity Security for the applications hosted on Cloud Platforms

Client: Beverage Company, Geo presence (USA, APAC, EMEA)

Project Summary

Page | 76
 ▪ Total Number of Virtual Machines Migrated: 380+
▪ Database Migrations: 30+
▪ Application Integration: 35+
Project Highlights
▪ Migrated the Business-Critical applications like HRMS, ERP, Analytics.
▪ Designed the Cloud Virtual Network Architecture with more than 10 Virtual network and with 3
Express Circuits connecting to different regions.
▪ Migrated the Virtual Machines with HA leveraging Multi-regional approach.
▪ Implemented Secured Virtual Network restricting East-West Traffic using Virtual Appliance.
▪ Refactor the Database to Azure SQL Databases and NO SQL DB.
▪ Re-architect and Migrated the applications to Azure Web app and ACS with Multi-regional HA
leveraging Traffic Manager and AGW.
▪ Designed the Automated workflow process for Beer Manufacturing unit using Logic Apps, Azure
Functions, Event Grid & Azure Service Bus.
▪ Redesigned the Big data analytics process to leverage using Azure HD Insight with the
combination of Azure Data lake and Azure Storage.
▪ Migrated ADFS RPT SSO Application to Azure AD.
▪ Implemented Enterprise Integration between ERP and Azure Block chain services.

Sr. Program Manager

Executive Summary:
• CERTIFIED – PMP, Six Sigma Green Belt
• 18+ years of Experience spanned across IT Infrastructure, Project Management, ERP &
Workforce Management Systems
• Expertise in ITSM - Service Operations, Change Management, Request Management, Problem
Management, Vendor Management
• Excellence in Business Communication, Client Management, Team Management, Risk
assessment and driving Continuous Improvement throughout Service Lifecycle
• Managed Service, Global Delivery teams, Resource Optimization, Outsourcing: Delivered
multiple outsourcing & managing service contracts across multiple geography, Realignment of
resources for cost efficient IT, Transition manager.
• Responsible for IT Infrastructure, Operations support, Software development, New projects and
End User support. Formulating strategy and Leading Digitization projects for the
organization, Creating Digital and Mobility space.
• Delivering new trading systems, forex, core transactions, mobile, user platforms and financial
services software development projects, to build a new robust AWS & K8S based system
accommodating large number of CI/CD processes, Build software of AI Machine Learning, AI
Predictive Models, Cognitive Computing, Data Science, Smart Mobility, Application Conceive,
Plan and Implement Digital Transformation projects for Website, Payment Systems, Omni
Channels, Lead Generation, CRM, Kiosks, Web Transactions and others, Managing software
development team, Owning software stack, Support entire application lifecycle, release
management and production software development life cycle.

Recent Projects:

Page | 77
Cloud, Automation and RPA Projects
Large scale migration to Amazon and Azure cloud services, Banking End of Day automation using
Atomic CA, Employee On boarding, IT Monitoring PRTG and other tools, events to Actions and
resolutions, UI Path to automate service desk and business processes, Automation of data feed process
to MIS reporting, Email screening and workflow, Approval and workflow automation, AML automation
and compliance reporting, multiple projects in RPA solutions using UI Path and other conventional
technologies, implemented several OCR solutions through the full project life cycle of scanning, imaging
and automation to business solutions. Digital Transformation projects
Omni channels, Payment gateways, Easy Online web channels for payments, Mobile payments and
mobile applications for customer search, improving customer communications using Online channels,
Kiosk applications and payments system, POS machines implementation, Loyalty cards, Online
payment instruction system, Rewards programs, Currency cards, Organization to Digitization and
Website User Experience.

IT Security Projects
PAM projects, SIEM Tools Implementation (ArcSight, Arcos, Qradar, Logrhythm, Trend Micro),
Implementation of SOC teams, IT Procedure and governance, Firewall security and rules cleanup,
Threat Protection systems, Data Loss Prevention (DLP), Mimecast, Cloud Access Security Broker
(CASB), Patch Management, Multi-factor Authentication, Regulatory Compliance like PCI Compliance,
GDRP, Banking, Intrusion Management, Endpoint Security, Ever greening of network devices, servers
and OS

IT Operations and Infrastructure

• Large Scale Data Center Set-up, Relocation and Migration , Disaster Recovery Management,
High Availability Solutions,
• Databases and Application Servers migrations, Storage Migration, Enterprise Backup Solution
Implementation
• Pure scale Implementation, Oracle Real Application Cluster, SQL Clusters, server Clustering,
Always on.
Software Development, ERP and Implementation
• Core Banking Implementation, Forex and Trading Software Implementation, Application
Migration to New Version Of OS, Database, WebSphere and middleware, Application
development and enhancements for business software like Mobile banking, Internet banking,
Intranet, Integration Services, SWIFT message integrations,
• Data Mart And Business Intelligence, Data Integrator, MQ / MB Upgrade Project, Siebel Data
Load (EIM) and Extraction Tool from Various System, Banking projects like Core Banking,
Credit cards, Retail Lending systems, Fraud Guard, Portal, Internet Banking, Mobile Banking,
Interactive Voice Recognition Systems, Service Desk, Cross Selling and other Critical Business
Applications
• Aviation Projects, RADIX Upgrade, PSS Performance Resolutions, Cargo Management
Software Upgrade, Frequent Flyer Program Software, AMOS, AIMS Software , AIMS, FABs
Certifications:
✓ Certified PMP (Project Management Professional)
✓ Certified Six Sigma Black Belt ITIL Certified Professional
✓ TOGAF Certified Professional IT Specialist (ITSC – Data and Application)
✓ AWS Certification (Amazon Cloud Associate)

Page | 78
 ✓ Microsoft Certified Cloud Administrator (Azure)
✓ Microsoft Azure DevOps Certified
✓ Certified Associate in Python Programming
✓ AWS Certified Machine Learning
✓ IBM BLOCK CHAIN Certified o Oracle Certified Professional
✓ IBM Certified Professional for (Web Sphere DB2, AIX, Tivoli)
✓ MCP, MCSA, MCTS, MCDBA (Microsoft Certified Database Administrator)
✓ SCSA (Solaris Certified System Administrator 9, 10)
✓ Certified Ethical Hacker (CEH) Security+ (CompTIA Certified)
✓ AICB Associate Institute of Canadian Bankers
✓ DevOps Trained
✓ Six Sigma Green Belt Certified (Exemplar Global)

Sr. Manager – Network and Security

Executive Summary:
A qualified Technocrat and a seasoned IT Manager having over 15 + years of rich and extensive
experience of IT Network and security Operations, SoC Operations, Cloud Networking, Services
Delivery Management; a senior IT Operations Manager experienced in support of IT Service Delivery at
the same time diverse responsibilities of deployment of multiple Data Centers on-premises, Public cloud
and private cloud in a Network, high quality IT services, Trouble Shooting & Problem Solving for High
Availability of Information Services for seamless flow of their business processes; track record of
success in developing & executing operational strategies to promote organizational growth & optimal
utilization of emerging technologies.

Key Highlights:
➢ MOTC CORP : Brownfield migration from on premises to cloud : Dec 2019 to June 2020.
➢ MOTC Shared Services : Brownfield migration from on premises to cloud : Nov 2019 to
May2020.
➢ Qatar GN : Green Field network HUB deployment for all Govt entities Nov 2019 to March 2020.
➢ Qatar PSA : Brownfield migration from on premises to cloud : Feb 2020 to June 2020.
➢ Abunayyan Holdings: Brownfield migration from on premises to cloud : April 2020 to June
2020.
➢ Gulftainer : Brownfield migration from on premises to cloud : March 2020 to May2020.
➢ Y-Axis : Brownfield migration from on premises to cloud : May 202

Certifications:
▪ Microsoft # SR3395821: MCP, MCSA, Azure Solution Architecting -70-532, 533, 535
▪ Cisco Systems # CSCO11423332: CCNA, CCNP
▪ EC-Council: CEH –V.8, Certified Forensic Investigation (CHFI)
▪ ICSI | CNSS Certified Network Security Specialist
▪ Qualys: Vulnerability Management, Policy Compliance, PCI Compliance, Web App Scanning
▪ Splunk: Fundamentals, User Behavior Analytics, Building Add-ons, Creating Modular Inputs.
▪ Zscaler Certified Cloud Professional - Internet Access(ZCCP-IA)
▪ Zscaler Certified Cloud Administrator -Internet Access(ZCCA-IA)
▪ Palo Alto: ACE, Prisma Cloud, Cortex XDR,
▪ ZTE University: Level A of ZXR 10 MPLS Certified (10IURRA302)

Page | 79
Principal Security Engineer

Executive Summary:
Over 9 years of professional cyber security experience in highly innovative and globally diverse
environments in the Banking, Cloud, Financial, Services, Insurance, Telecommunication, Retail and
Media Infrastructure. Working in Cloud4C since last 2 years as Technical Account Manager.

Key Highlights:
Leading all the Cloud projects for various customers located in UAE, Canada and Malaysia. Have
expertise on Cloud native security tools as well as on-prem security tools. For ex: SIEM, PIM, DAM,
VA/PT, FIM, HSM & VM Encryption, ATP, Deception, Content filtering, Anti-Virus, DDOS, Phishing,
HIPS/NIPS, Web Application Firewall

Certifications:
✓ Azure AZ 500,
✓ Azure AZ 300,
✓ AWS Technical Professional Certificate,
✓ AWS Cloud Economics certificate,
✓ Certified Ethical Hacker (CEHv7),
✓ McAfee certified product specialist (SIEM),
✓ Pre-Post Sale certificate RSA,
✓ ITIL Foundation,
✓ Imperva DAM (Database Activity Monitoring)

Senior Database Administrator

Executive Summary:
▪ 10 Years of Experience as SQL Server DBA Level 2 Production and DR Support in Tier 4
Datacenter
▪ Extensive experience on SQL Deployment solutions in Azure Cloud Platform.

Key Highlights:
➢ Successfully Migrated On-Premises SQL databases to Azure Cloud with Zero Downtime
➢ Successfully Deployed Always O Availability group Solution on A ure SQL Server VM’s
➢ Successfully Migrated On premise Always ON Cluster servers AS IS to Azure Cloud by using
ASR (Azure Site Recovery) Approach
➢ Deployed ASR as a Disaster recovery (DR) solution for SQL Servers
Projects:
➢ Ministry of Transport and Communications (Qatar)
➢ Planning and Statistics Authority (Qatar)
➢ Cadillac Fairview (Canada)
➢ Kuwait International Airport (Kuwait)
➢ Abunayyan Holding Private Ltd
➢ PERSOL KELLY (Singapore)
Certifications:
✓ AZ-103 - Microsoft Azure Administrator

Page | 80
 ✓ 70-462: Administering Microsoft SQL Server 2012/2014 Databases

Team Lead

Executive Summary:
• 10+ Years of Extensive experience as MSSQL Database Administrator in SQL DBA,
• Extensive experience on SQl Deployment solutions in Azure Cloud Platform

Key Highlights:
➢ Migrated On-Premises SQL databases to Azure Cloud.
➢ Deployed High Availability Solution for MSSQL server database in Azure (Iaas & PaaS)
➢ Deployed DR solution for SQL database using native technologies ( SQl log shipping )
Projects:
➢ Ministry of Transport and Communications ( Qatar Central Region)

Certifications:
✓ AZ-103 - Microsoft Azure Administrator

Senior Engineer - Azure

Executive Summary:
• Over 5+ years of experience in IT industry on Azure/Linux/Virtualization Infrastructure Systems.
• Microsoft Azure Migration Expert with experience in handling client across multiple industry
verticals globally
• Assessment & Migration of on premise environments hosted on VMware, Hyper-V and
physical.
• Designing Azure landing zone based on the assessments and best practices as per the Cloud
Adoption Framework.

Key Highlights:
➢ Performed Assessment for multiple customers and developed a roadmap to migrate their
environment to Azure.
➢ Performed Migration for 1000+ VMs to Azure for verticals like Food, Petroleum Industry and
Government Entities.
➢ Designed and Implemented end-to-end migration using CAF for government entities like Qatar.
➢ Migration specialist on –premise workloads to Azure through Lift and Shift using Azure Migrate,
ASR other 3rd Party Migration tools based on Client requirement.
➢ Implemented Hybrid Networking model for multiple government entities.

Certifications:
✓ Microsoft Azure Architect Technologies AZ-300
✓ Microsoft Azure Security Technologies AZ-500
✓ Microsoft Azure Administrator AZ-103
✓ Google Cloud Certified Architect

Senior Engineer-Azure

Page | 81
Executive Summary:
Around 5 plus year’s hands-on experience on Microsoft Azure Infrastructure Solutions.
Plan and Develop roadmaps and deliverables to advance the migration of existing on premise
systems/applications to Azure cloud.
Good understanding about the Azure lift and shift migrations with various source environment like
VMware, Hyper- V, Physical servers and Other Clouds.

Key Highlights:
➢ Responsible for end-to-end Assessment and Migration of workloads for one of the core
government agency project in Qatar consisting of 40 workloads consisting of 800+ servers
residing on multiple platforms like Hyper-V ,VMware and physical .
➢ Designed and Implemented Complex Network and Security solutions In compliance with
Government of Qatar.
➢ Performed Assessments and Migrations for multiple projects in various locations like Singapore
with Huge workloads.
➢ Provided redundancy storage solution for critical workloads for multiple projects in Singapore
and Qatar locations.
Certifications:
✓ Microsoft Azure Architect Technologies AZ-300
✓ Microsoft Azure – 70-533
✓ Microsoft Azure Administrator AZ-103
✓ Google Cloud Certified Engineer
✓ Red Hat Certified System Administrator
✓ External ITIL certification

8 Terms and Conditions

Terms
1 Azure subscription to be created by client under Microsoft Azure EA contract / Cloud4C CSP
2 Azure billing will be direct to client
Cloud4C Payment Terms
3 - Initial payment with setup charges
- Managed Services (mentioned above) quarterly in advanced
4 Service contract 36 months
For RI (Reserved Instances) If the contract is terminated before 3 years - penalty of 12% will be
5 charged on VM's which are under 3 years RI only. Max refund as per Microsoft will be 50K USD
depending on the remaining period and penalty amount
During the Migration period the VM’s will be on PAYG, and Customer will be billed on actual
6 consumption
Additional disks & other services may also be provisioned during migration period
For PAYG VM's - the estimation is based on fixed hours usage & may vary based on actual
7
usage.
8 Billing team will raise invoice on monthly basis on receipt from Invoice from Public Cloud Platform
if the dues are not cleared within 30 days from the Demand Note, interest at the rate of 18% per
9 annum will be charged until payment and that if not paid in 60 days from Demand Note the
services may be suspended.
10 Azure Estimates subject to change based on actual usage / Solution change

Page | 82
 Cancellation fee for Reserved Instances is 12% with maximum refund of $ 50,000 per
11
customer.
12 Internet bandwith management and sizing out of Cloud4C scope
13 MPLS and SD-WAN management and SLAs out of Cloud4C scope
Customer by asking for this estimate, agrees to below
Acceptance to Microsoft Customer Agreement:
14
https://www.microsoft.com/licensing/docs/customeragreement
Azure Privacy statement: https://privacy.microsoft.com/en-ca/privacystatement
15 Other terms and conditions as per Cloud4C MSA, SLA and AUP

9 Cloud4C Managed Services

Cloud4C – Self Healing Operations Platform (SHOP)

INTELLIGENT CLOUD MANAGED SERVICES POWERED BY AIOPS driven SHOP Platform which
helps in Reduced Event Noise, Predictive Alerting, Probable Cause Analysis and Intelligent Capacity
Management

As more businesses embrace hybrid cloud environments and adopt leading-edge technologies, IT
Operations become complex and data voluminous. IT Operations teams need to keep up with this pace.
Organizations need to innovate and find ways to free up skilled personnel for strategic projects rather
than focusing on mundane tasks.
Cloud4C SHOP platform leverages big data, Machine learning, and Analytics to help IT Operations
teams predict, find, and fix issues faster.
Self Healing Operations Platform (SHOP)
Automation Platform Driving Industry Leading Services delivered Through Multiple Products

SHOP - IOx SHOP AIOpx

50+ Modules Admin center (cloud Infra)
Service Catalog
AI & ML
Self Healing
Billing Data Analytics
Catalog Predictive analysis
Payment Capacity Planning & Reporting
37 API Integrations Prop system

SHOP BOx SHOP HYx

36M+ Lines of Code SAP Build Process CRM - staff
BareMetal Service UCP - customer
Patch management CSP - non cloud customer
DevOps Pipeline SHOP ROx AI Chat Bot
2,500+ End Cloud Users Autoscaling
(Run
SHOP APx Operations) SHOP DevOpx
10M+ Hourly Monitored APM
NPM Cloud4C
Checkpoints Log Analytics Azure
Infra GCP
AWS
App Modernization
45K+ Virtual Servers MicroServices

SHOP DLx
6K SAP SIDs Central Reporting
SHOP MCx
Systems Built Data Aggregation Cloud
Pvt Cloud
Archive (historical)
Colo
SHOP SOx Hyper Scalers

DevSecOps
Threat – Detection and Analytics

Cloud4C SHOP : Self- healing operations platform is automated platform delivery system which is based
on various industry and vertical standards. This is our core managed service module which does
automated cloud-ops, sysops, dev-ops and other automation
Platform-based Application Managed Service Provider that is focused on managing Cloud and
applications, and providing highest SLAs in the industry
Achieved through implementation of innovation in processes, automation initiatives and millions of lines
of codes
Automated Command Center

Page | 83
• Fully automated command center
• Single pane of glass operations - customized based on the application platform supported
Minimum Human Touch

✓ Self-healing operations command and control to handle issues through auto remediation
✓ End to end automation being executed from alert generation to incident management
SOP and service request
Service Request automation through Standard Operating Procedures (SOP) executed by backend
platform or BOTs depending on the use case
Service Requests mapped to a SOP to minimize resolution time and provide high quality and consistent
Service Delivery

• Lower complexity and cost

Reduces alerts by up to 99% and cuts incident ticket volume by up to 60%
• Improved Service-quality
Significant decrease in Mean Time To detection (MTTD), Mean Time to Acknowledge
(MTTA), and Mean Time to Resolution (MTTR) for enhanced customer experience and more
productivity
• Continuous assurance
Handles millions of events per day to automate analytics and provide accurate remediation
insights that keep critical business services at peak levels.
• Continuous software delivery
Automates workflows with out-of-the-box integrations and open APIs to incident management,
runbook automation and continuous software-delivery systems for improved responsiveness
and scale

Monitored and Managed via Cloud4C Universal Cloud Platform

Page | 84
 • With UCP, Deep understanding of Crescent cloud bills
• Our UCP is a subset of our SHOP platform helps customer maximize RoI
• In addition to our home grown UCP, we usually can integrate with 3rd party CMP often as needed
to ensure customers get the data and visibility they demand

Managed Services for SAP and Hosted Azure Infrastructure services

Our CoE for Azure Managed Services at Cloud4C manages the tasks and processes required to support
Customer business applications hosted on Azure and the resources that support them. We enable and
customize many Azure services and tools that work together to provide complete management for
Customer.

9.1 Azure Platform Services

Cloud4C, an Azure Expert MSP, can help Customer to identify the right Azure services to use and the
right process for transitioning to more optimal services. For instance, we can help you to weigh the
costs of transitioning to an Azure native database service against the ease of lifting and shifting to an
Azure VM. This helps Customer to identify parts of the application that are worth tweaking in order to
take advantage of the auto scaling capabilities of Azure. Based on our extensive experience on other
Azure migration projects, we can help you avoiding the common mistakes.

Customer does not need to completely re-architect applications to get the full value out of Azure.
Cloud4C can identify high-impact areas to focus on so that Customer can migrate quickly and with the
greatest benefit.

Azure Platform Catalogue

Services Platinum
Cloud - Platform Ops
Azure IAM / AD ✓
Network Security Groups ✓
Network - Firewall - 3rd Party Tools ✓
Network - Virtual Network Management ✓
Network - IP Address Management ✓
Load Balancer - L3/L4 ✓
Load Balancer - L7 ✓
Load Balancer - L7 - WAF ✓
Network Gateways - VPN/ER ✓
Azure Virtual Machines ✓
Azure Storage - Unmanaged disks ✓
Azure Storage - Managed disks ✓
Azure Storage accounts ( blob storage, file storage etc) ✓
Azure Storage - Snapshot Management ✓
Monitoring & Notification Services - Cloud Infra Layer ✓
Monitoring & Notification Services - OS / DB Layer ✓
Backup - 3rd Party Tools ✓
Reporting and Governance
Monthly Health Check ✓
Performance Review ✓
Optimisation and Recommendations ✓
Pricing CSP

Page | 85
 Support Services 24 x 7

Below is a comprehensive list of Managed services on Azure platform. The services will be applicable as
per customer subscribed services Solution.

Azure Services RACI Matrix

S.No Tasks Cloud4C ADC

Azure Subscription / Portal Admin

1. Subscribe under Pay As You Go / RI R,A C,I
2. Use - Enterprise - Microsoft EA (If available) C,I R,A
3. Create Subscriptions under Cloud4C CSP Partnership R,A C,I
4. Create and Manage Billing and Subscriptions R,A C,I

5. Azure in Open - You purchase Azure Monetary Commitment

credits from your reseller in the form of an Online Service Activation
(OSA) Key. You can use your credits against any consumption- R,A C,I
based Azure service for 12 months following the activation of your
OSA Key. Azure pricing is specific to the services consumed.

Azure Resource Group

1. Create Resource Group (Region Specific) R,A C,I
2. Specify Resource Policy [Location, Resource Type, Storage
R,A C,I
Account,
3. Virtual Machines, Not allowed Resource Type, Blob Encryption
R,A C,I
for storage type]
4. Resource Locking / Unlocking R,A C,I
5. Manage Resource Deployments R,A C,I

Azure Site Recovery - ASR

1. Create a recovery service vault in Azure storage account R,A C,I
2. Select a replication goal R,A C,I
3. Set up the source environment R,A C,I
4. Set up the target environment R,A C,I
5. Set up replication policy R,A C,I
6. Monitor replication R,A C,I
7. Run a test Migration R,A C,I
8. Perform final migration and cutover R,A C,I
9. Check successful migration of infra components R,A C,I

Storage Types (used as per customer requirements)

1 Blob Storage (Hot/Cold/Archive) - Used for unstructured data if any R,A I
2 Table storage - No SQL type of data R,A I
Queue Storage - Service for storing large number of message
3 R,A I
which can be accessed worldwide

Page | 86
 File Storage - Azure File Storage allows applications to mount file
4 shares from anywhere in the world, your on-premises applications R,A I
can take advantage of cloud storage without change.
Data lake Storage G2 - Used when customer is using Big data
5 C,I R,A
analytics
6 Firewall on Storage Account for Network Restriction (If Needed) R,A C,I
7 Private Storage Account (Private link Configuration)(If Needed) R,A C,I

Storage-Replication Types
Local Redundant storage (LRS) - blob storage account with Hot /
R,A C,I
cold access tier
Zone Redundant storage (ZRS) - blob storage account with Hot /
R,A C,I
cold access tier- not available in all regions
Global Redundant storage (GRS) - blob storage account with Hot /
R,A C,I
cold access tier
Read access (GRS) RA-GRS - blob storage account with Hot
R,A C,I
access tier

Virtual Machine creation

For 99% Uptime
1 Create VM in Resource Group R,A C,I
2 Create VM without Availability Set option and unmanaged storage R,A C,I
3 Select Storage from LRS storage account R,A C,I
For 99.5 % Uptime (Underlying HA)
4 Create Resource Group (Placement Group) R,A C,I
5 Create VM with Availability Set option and unmanaged storage R,A C,I
6 Select Storage from ZRS storage account R,A C,I
For 99.95% Uptime (Underlying HA + Site Recovery)
7 Create VM in Resource Group (Placement Group) R,A C,I
8 Create VM with Availability Set option and unmanaged storage R,A C,I
Select Storage from GRS storage account or RAGRS storage
9 R,A C,I
account
10 Create Site Recovery for the instance in different Region R,A C,I

Premium VM Creation - SSD, Premium SSD, Ultra SSD

For 99% Uptime in SSD
11 Create Resource Group (Placement Group) R,A C,I
12 Create VM without Managed Disk Option R,A C,I
For 99.5 % Uptime (Underlying HA) in SSD
13 Create Resource Group (Placement Group) R,A C,I
14 Create VM with Availability Set and Managed disk option R,A C,I
For 99.95% Uptime (Underlying HA + Site Recovery) in SSD
15 Create Resource Group (Placement Group) R,A C,I
16 Create VM with Availability Set and Managed disk option R,A C,I
17 Use Azure Site Recovery for the instance in different Region R,A C,I

Page | 87
 Azure Monitor
1 Create, view, and manage metric alerts using Azure Monitor R,A C,I
2 Metric alerts with dynamic thresholds R,A C,I
3 Configure metric alerts on logs R,A C,I
4 Configure alerts on analytic query R,A C,I
5 Troubleshooting log alerts R,A,C I
6 Alerts from operations manager ( if SCOM is configured ) R,A C,I

9.2 Monitoring Services

Cloud4C will monitor continuously, 24X7 the health of the servers, storage, network & security equipment. The monitoring tasks
include but not limited to the following:
• Monitoring of various system performance parameters (CPU, Memory & Disk space)
• Monitor Disk Utilization
• Monitor Critical System Processes
• Monitoring Alert log messages
• Alert Escalation to experts within the specified time frame & resolving calls as per SLA
• Report generation as per SLA
• Monthly consolidated performance report as per SLA:
• All defects and incidents will be reported by Cloud4C to Customer as and when occurs.
• Defects on hardware, OS and security system will be attended to and rectified within the specified time frame as per
the SLA.

Alert Monitoring Thresh hold Monitoring Utilization Monitoring

CPU Utilization
Information 70% Memory Utilization
Disk Utilization
Device Availability
Warning 80%
Service Monitoring

Critical 90%

S.no Monitoring Services Platinum

Zabbix Monitoring
✓
1 Installation & configuration of Zabbix Poller in customer Cloud environment
Integration of Zabbix Monitoring with Cloud4C ITSM tool to raise alert ✓
2 tickets
Integration of Custom monitoring parameters for Cloud Infrastructure (VM ✓
3 OS & DB)
✓
4 Monitoring of Custom Scripts / Applications (Based on Compatibility)

Page | 88
 9.3 OS Managed Services
Windows Server Service Catalog

ENT-WINOS.1.1 Windows Server Service Catalog Platinum

ENT-WSPM1.100 OS Critical and Security Patch Management ✓
ENT-WSUT1.100 Patch Management Policy & Path Calendar ✓
ENT-WMON1.100 Monitoring of Windows Server. ✓
ENT-WMON1.101 Monitoring of CPU Usage ✓
ENT-WMON1.102 Monitoring of RAM Usage ✓
ENT-WMON1.103 Monitoring of Disk Space Usage ✓
ENT-WMON1.104 Monitoring of DISK I/O ✓
ENT-WMON1.105 Monitoring of Windows Time Sync ✓
ENT-WMON1.106 Monitoring of Windows Server Services ✓
ENT-WMSP1.100 Monitoring of Windows Server Performance ✓
ENT-WANT1.100 Antivirus Patch Management ✓
ENT-WANT1.101 Antivirus Patch Management with UAT testing ✓
ENT-WLOG1.100 Windows Server OS Log Analysis/Management ✓
ENT-WLOG1.101 System Log Analysis ✓
ENT-WLOG1.102 Server Access Log Analysis ✓
ENT-WLOG1.103 Application Log Collection ✓
ENT-WSEC.100 Windows Server Security Management
ENT-WSEC.101 Security Processes - User and Group Management ✓
ENT-WSEC.102 Security Policies and Configurations ✓
ENT-WSEC.103 Security Patches and Hot Fixes ✓
ENT-WSEC.104 Windows Registry Configurations ✓
ENT-WSEC.105 Windows Services ✓
ENT-WSEC.106 File and Directory Security ✓
ENT-WSEC.107 Audit Logging ✓
ENT-WSEC.108 Windows Firewall Policy ✓
ENT-WSEC.109 Time Zone Setting ✓
ENT-WSEC.110 Event log setting ✓
ENT-WFM1.100 Windows Server Roles / Features Management
ENT-WFM1.101 Installation of server feature. ✓
ENT-WFM1.102 Installation of IIS/File server role. ✓
ENT-WFM1.103 Modification of IIS/File server role. ✓
ENT-WFM1.104 Removal of IIS/File server role ✓
ENT-WDM1.100 Windows Server Disk Management
Configuring disks and volumes includes creating and formatting partitions, ✓
ENT-WDM1.101 logical drives, & volumes
ENT-WDM1.102 Defragmenting volumes to improve file-system performance ✓
ENT-WDM1.103 Managing file-system errors and bad sectors on a hard disk. ✓
Windows Server folder and File access security/share permission ✓
ENT-WACC1.100 management.
ENT-WDLO1.100 Windows Server Debug logs and Analysis ✓
ENT-WSTM1.100 Windows Scheduled Tasks Management ✓

Page | 89
ENT-WRAM1.100 Windows Server Remote Access Management. ✓
ENT-WRAM1.101 Enabling Remote Desktop ✓
ENT-WRAM1.102 Disable Remote Desktop ✓
ENT-WDDM1.100 Windows Server Device Drivers Management
ENT-WDDM1.101 Installation of Device Drivers. ✓
ENT-WDDM1.102 Modification of Device Drivers ✓
ENT-WDDM1.103 Removal of Device Drivers ✓
ENT-WSUM1.100 Windows Server User Management
ENT-WSUM1.101 Create/Modify/Delete Users ✓
ENT-WSUM1.102 Create/Modify/Delete Groups ✓
ENT-WSUM1.103 Reset Password/Un-Lock Users ✓
ENT-WSPM1.100 Windows Server Problem Management ✓
ENT-WSCM1.100 Windows Server Change Management ✓
ENT-WSIM1.100 Windows Server Incident Management ✓
Permitted Support tickets (Service Requests/Change Management)
ENT-WTIK1.100 for server /Month 5
24 H x 7
ENT-WSCO1.100 Support service coverage D/W

RHEL / SUSE/CentOS / Ubuntu

ENT-RISC1.1 RHEL / SUSE/CentOS / Ubuntu

Platinum
ENT-RISC.100 OS Critical and Security Patch Management ✓
ENT-RISC.101 Patch Management Policy & Patch Calendar ✓
ENT-RISC.102 Monitoring of Linux OS. ✓
ENT-RISC.102.1 Monitoring of CPU Usage ✓
ENT-RISC.102.2 Monitoring of RAM Usage ✓
ENT-RISC.102.3 Monitoring of Disk Space Usage ✓
ENT-RISC.102.4 Monitoring of DISK I/O ✓
ENT-RISC.102.5 Monitoring of Time Sync ✓
ENT-RISC.102.6 Monitoring of Services ✓
ENT-RISC.103 OS Administration Tasks ✓
ENT-RISC.103.1 IP addresses update ✓
ENT-RISC.103.2 File systems Creation ✓
ENT-RISC.103.3 NFS Server Configuration ✓
ENT-RISC.103.4 NFS Client Configuration ✓
ENT-RISC.103.5 AD configuration ✓
ENT-RISC.103.6 Cron Job configuration for SSSD ✓
ENT-RISC.103.7 Swap space configuration ✓
ENT-RISC.103.8 Kdump calibration and configuration ✓
ENT-RISC.103.9 NTP and timezone validation ✓
ENT-RISC.103.10 APP and DB packages Installation ✓
ENT-RISC.103.11 Repo server & client configuration ✓
ENT-RISC.103.12 Linux Kernel Parameters update ✓
ENT-RISC.103.13 Rsync configuration ✓
ENT-RISC.103.14 Password policy configuration ✓
ENT-RISC.103.15 User Administration (Create, Group, Add, Delete, Modify) ✓

Page | 90
ENT-RISC.103.16 Log rotation configure ✓
ENT-RISC.103.17 LDAP configuration ✓
ENT-RISC.103.18 NFS shares ✓
ENT-WMSP1.100 Monitoring of Server Performance ✓
ENT-WSEC.100 Server Security Management
ENT-WSEC.101 Security Processes - User and Group Management ✓
ENT-WSEC.102 IP Tables Configuration ✓
ENT-WSEC.103 Security Patches and Hot Fixes ✓
ENT-WSEC.107 Audit Logging ✓
ENT-WSEC.109 Time Zone Setting ✓
ENT-WSEC.110 Event log setting ✓
ENT-WDM1.100 Linux Server Disk Management
Configuring disks and volumes includes creating Logical, Volume groups & ✓
ENT-WDM1.101 physical volume
ENT-WDLO1.100 Linux Server Kdump & Log analysis ✓
ENT-WSTM1.100 Linux Scheduled Tasks Management ✓
ENT-WRAM1.101 Cron & at ✓
ENT-WSUM1.100 Linux Server User Management
ENT-WSUM1.101 Create/Modify/Delete Users ✓
ENT-WSUM1.102 Create/Modify/Delete Groups ✓
ENT-WSUM1.103 Reset Password/Un-Lock Users ✓
ENT-USM1.106 Best effort support on Community Editions (Cent OS / Ubuntu) ✓
ENT-USM1.107 OS default Cluster Management (Pacemaker) ✓
ENT-USM1.108 Integration of Centralized Authentication Services (LDAP etc) ✓
ENT-USM1.109 Install & Configure Application services (Apache/Tomcat/JBOSS, etc) ✓
ENT-USM1.110 Disable Unnecessary OS services / Packages ✓
ENT-USM1.111 Incident Management ✓
ENT-USM1.112 Change Management ✓
ENT-USM1.113 Problem Management ✓
ENT-USM1.114 Performance Tuning ✓
ENT-USM1.115 Quarterly OS Patching (Maintain N-1 update) ✓
ENT-USM1.116 DNS configuration at OS Layer ✓
ENT-USM1.119 Fix Vulnerabilities as per VA scan ✓
Permitted Support tickets (Service Requests/Change Management) for >10 &
ENT-USM1.120
server /Month <20
ENT-USM1.121 Support service coverage 24x7
ENT-USM1.111 Incident Management ✓
ENT-USM1.112 Change Management ✓
ENT-USM1.113 Problem Management ✓
ENT-USM1.114 Performance Tuning ✓
ENT-USM1.115 Quarterly OS Patching (Maintain N-1 update) ✓
ENT-USM1.116 DNS configuration at OS Layer ✓
ENT-USM1.119 Fix Vulnerabilities as per VA scan ✓
Permitted Support tickets (Service Requests/Change Management) for >10 &
ENT-USM1.120
server /Month <20
ENT-USM1.121 Support service coverage 24x7

Page | 91
9.4 Network Managed Services

Azure Network Services - RACI

S.
Tasks Cloud4C ADC
No

Azure VPN Gateway / NVA

1 Creating site to site tunnels VPN (as per customer requirement) R,A C,I
2 Make required configuration on Customer owned site(s) gateway C,I RA
3 On Prem IP ranges addition/removal from pool R,A C,I
Creating point to site VPN (Certificate/RADIUS/AAD)(as per customer
4 R,A C,I
requirement)
5 Configure and manage Gateway for any of the above VPN R,A C,I
6 Manage certificates for point to site VPN (If Applicable) R,A C,I
7 Creation of endpoints R,A C,I
8 Configuration of forced tunnelling R,A C,I
9 Creation of rules R,A C,I
10 Configure monitoring of tunnels and reporting. R,A C,I
11 VPN throughput Validation R,A C,I
12 Configure & Manage HA for NVA R,A C,I
Security Profiles (APT/IPS/Web filtering etc.) Configuration (as per customer
13 R,A C,I
requirement)
14 Site-to-Site with NVA(IPsec/SSL) configuration (as per customer requirement) R,A C,I
15 Virtual Appliance/Service Mgmt R,A C,I
16 Logging and Reporting configuration for NVA (If included) R,A C,I

Virtual Network
1 Create Network Space with CIDR Block (Region Specific) R,A C,I
2 Create Address Space (to be non-conflicting with customer range if any) R,A C,I
3 Creating Vnet and Subnet R,A C,I
4 Deleting Vnet and Subnet R,A C,I
5 Delete Address Space R,A C,I
6 Associating IP to Host R,A C,I
7 Changing the IP Address of Device R,A C,I
8 Deleting the connected Device (If VM Deleted) R,A C,I
9 Adding/Changing DNS configuration on VNet R,A C,I
10 Associate / Dissociate NSG on VNet R,A C,I

Public IP Address
1 Reserve Static Public IP for host R,A C,I
2 Associate the Public IP to Host (Created VM) R,A C,I
3 Change Public IP for Host R,A C,I
4 Dissociate public IP from Host R,A C,I
5 Delete public IP R,A C,I

Page | 92
 Network Interface
1 Create Network Interface with static IP assigned R,A C,I
2 Associate / Dissociate IP R,A C,I
3 Deleting Network Interface R,A C,I
4 Associate / Dissociate Network Interface R,A C,I
5 Associate / Dissociate Subnet R,A C,I

Network Security Groups (NSG)

1 Add NSG (Regional Specific) R,A C,I
2 Creating inbound security rules R,A C,I
3 Creating outbound security rules R,A C,I
4 Opening required ports R,A C,I
5 Number of NSGs to be applied - ( depends on customer requirement ) R,A C,I
6 Create and add ASG for workloads - ( depends on customer requirement ) R,A C,I

9.5 Backup Managed Services

Commvault
1 Provision MAS Server & establish trust with CommServe R,A C,I
2 Backup license allocation as per BOQ R,A C,I
3 Provision Blob Storage as per requirements R,A C,I
4 Connect Blob to MAS & enable encryption R,A C,I
5 Establish Backup Network in Management zone R,A C,I
6 Backup Policy template Configuration R,A C,I
7 Backup agent installation in Client servers R,A R,C,
8 Agent-less VM Protection (Virtual Server Agent) R,A C,I
10 Scheduling of the backups R,A C,I
11 Storage policies / retention policy R,A C,I
12 Failure alert configuration R,A C,I
13 Monitor/Manually Trigger halted Backup R,A C,I
14 Policy Documentation R,A R,C,
15 Backup Summary Report R,A C,I
16 Capacity planning based on Retention, Frequency and Size R,A R,C,
18 Adhoc Backup Requests under ECR R,A C,I

Page | 93
 9.6 Azure Sentinel SIEM Service
Cloud4C shall leverage the Azure Sentinel Security Incident and Event Management (SIEM) technology
for monitoring and alerting. This technology provides the automated collection and analysis of log data
from security devices, including firewalls, intrusion detection systems, and critical hosts and applications.
Cloud4C team will be only monitoring and collecting the security logs and will forward the same to
Crescent SOC team for further investigation.

RACI Azure Sentinel

RACI Cloud4C ADC

Engagement & Planning

Pre-engagement session for collection the required information R A,C
Understanding of the industry compliance requirement and deployed at
R A,C
high-level
Understanding of security tools deployed and mapping with compliance
R A,C
control at high-level
Review the latest security audit report if available R A,C
Define the Sentinel workshop deliverables and limits as per the scope
R A,C
defined
Sentinel Configuration
Create sentinel workspace in customer subscription as per agreed
scope
Sentinel Initiation
Sentinel Workspace creation
Console setup R,A C
Hunting queries
Rules setup
Network Connectivity and traffic flow - Network level changes
Sentinel Deployment

Page | 94
 Agent installation on servers
Integration of virtual machines with sentinel
Integration of network devices & security solutions with sentinel
Automation
Azure Playbook configuration
Rule creation
Playbook attachment
Azure Rule trigger and Playbook testing
Workbook creation for security products
Configure tools and log ingression of following services (as per
Scope agreed)
Active Directory Federation Services (ADFS)
Azure Activity Directory (AD) activity logs
Azure AD Identity Protection alerts
Azure Advanced Threat Protection (ATP) alerts
Azure Information Protection (AIP) alerts
Azure Key Vault logs
Azure Security Center (ASC) alerts
Business critical applications
Connect external solutions via agent
Microsoft Cloud App Security (MCAS) alerts R,A C
Network Security Group (NSG) logs
Azure Monitor
Azure Resource Group.
Azure Log Analytics workspace.
Azure Sentinel RBAC model.
Azure Sentinel Data Connectors.
Windows and/or Linux servers.
CEF and/or Syslog Servers.
Azure Sentinel Automation using Azure Playbooks.
Azure Sentinel Workbooks.
Azure Lighthouse, if deploying the remote monitoring

9.7 Disaster Recovery Methodology

Cloud4C offers the following unique and salient features.

• 500+ Azure Certified Professionals
• Microsoft Gold Certified and Azure Expert MSP
• Good NPS Technical score on tickets (from existing customers)
• Escalation path to network, automation, or DBA specialists
• Access to a Service Delivery Manager or Product Manager to coordinate efforts and make
sure tickets are resolved
• Subscription to 24*7 support makes your internal teams more productive, so that they can
focus & serve business critical areas. This also mitigates the risk of staffing resources.

Page | 95
RACI for DR Azure Platform
Services Cloud4C ADC
• Provisioning Services on Azure Public Cloud Platform [As per
R,A I
Product and Services Matrix]
• Operating System Build RA I
• Database Migration (Oracle, HANA, ASE, MS SQL) RA I
• Provisioning Services (Network, OS, Database, Backup, Monitoring
R,A I
and Security Tools)
• Installation of Application C,I R,A
• Configuration and Customisation of application and Databases C,I R,A
• Disaster Recovery Site Creation using identified tools (RSYNC,
R,A
HSR, Log Shipping, Export Import) C,I
• Security & Compliance Services R,A C,I
• Functional Application Support I R,A
• Infrastructure Audits Support R,A I
• Compliance Certification for deployed infrastructure C,I R,A
• Cloud Platform Support R,A I

Disaster Recovery Service

Cloud4C Disaster Recovery as a Service an IP based services framework designed to meet

demands of the enterprises to bring resiliency into their business models, to deliver uninterrupted
services to their end customers.

Cloud4C offers compliance ready, SLA based RPO/RTO for the applications on our Cloud Platform
/ Hyperscaler. It is a comprehensive offering which can handle the most diversified set of
applications & systems with end-to-end ownership during the toughest times of disaster with pay
as you go model.

Page | 96
 Below is an example of DR RACI during an ongoing DR Project

DR Drill Services & Deliverables

• Developing IT DR Solution
• Documentation IT DR Architecture
• mechanism and switch back workflows
• Releasing the IT DR Runbook
• Two DR drills per year
• Submission of DR drill report
• Configure recovery

RACI for DR Implementation and support

Roles and
Activities
Responsibilities
Cloud4C ADC ISP
Assign a Project Manager who will act as SPOC for all project
√ √ √
related activities
Due Diligence Phase
Validation of scope and assumptions R, A R,A N,A

Page | 97
Formulation of Primary DR Strategy document along with BIA & RA R, A R,A N,A

Provide necessary information related to the setup C, I R,A N,A

Detailed project plan with timelines R, A C,I N,A

Sign Off C, I R,A N,A
Disaster Recovery Setup
Procurement of Application & DB licenses I R,A N,A
Deploy Disaster Recovery Services Infrastructure R,A C,I N,A
Deploy resources for replication R,A C,I N,A
Setup Secondary Network for Replication R,A C,I N,A

Create a secondary Domain controller with static IP on Secondary

R,A C,I N,A
and Start sync with On-premises Domain controller.

Add Secondary Domain controller IP in DNS configuration R,A C,I N,A

Open required ports to communicate with Secondary site servers -
R,A C,I N,A
firewall rule - need source and target IP subnets
Create replication policy. R,A C,I N,A
Create failback replication policy R,A C,I N,A
Make sure delta changes are getting replicated and synchronization
R,A C,I N,A
level is 100%
Creation of VMs with required OS for Database Replication R,A C,I N,A
Installation of Application C,I R,A N,A
Configuration of replication between databases R,A C,I N,A
Performing DR Drill/UAT R,A C,I N,A
Preparation of DR Run Book R,A C,I N,A
Provide training on DR Process to Customer IT Team R,A C,I N,A
Sign Off C,I R,A N,A
Ongoing Maintenance Activities
Installation of monitoring tools for day to day operations R,A C,I N,A
Escalation of calls that are not closed within the specified time frame R,A C,I N,A

Monthly consolidated performance report as per SLA R,A C,I N,A

Provide escalation procedures for the services provided R,A C,I N,A
During Disaster
Notification for Invocation of Disaster I R,A N,A
Network Convergence R,A C,I N,A
Failover to DR Site R,A C,I N,A
DC Site restoration R,A C,I N,A
Working on the DR site and verifying RPO & RTO SLAs C,I R,A N,A
Switching Back to the primary site R,A C,I N,A
Sign Off C,I R,A N,A
Support to Disaster Recovery

Page | 98
 Operations support to planned annual tests (refer to the contract): N,A
R,A C,I
- Provide support to recover critical applications N,A
- Restore O.S. and applications on the recovery site N,A
Review and update the Disaster Recovery Plan for Applications. C,I R,A N,A

Provide a report of the test results following each test R,A C,I N,A
Standard Disaster Recovery
Review and update the Disaster Recovery Plan annually. R,A R,A N,A
Provide recovery priorities and time requirements C,I R,A N,A
Test the Disaster Recovery Plan C,I R,A N,A
Restitution of data for environments included in the “ usiness
R,A C,I N,A
Recovery services” service.
Provide a report of the test results following each test R,A C,I N,A

Develop and maintain the Disaster Recovery Plan for Application &
R,A C,I N,A
Database connectivity and recovery in the event of a disaster
Point to Point Connectivity
Assessment of existing MPLS connectivity R,A C I
Recommendations of MPLS connectivity to Azure with Best
R,A C I
Practices
Discussion and Finalization of MPLS Network level changes at ADC
I R,A C
On-prem site with ISP
Final review of MPLS Network Connectivity Design C,I R,A C,I
Procurement, Deployment & Configuration of MPLS connectivity at
I R,A C
ADC On-prem site
Procurement, Deployment & Configuration of MPLS connectivity at
R,A C I
ADC Azure site

9.8 SAP Managed Services

Cloud4C SAP Managed Service is a service that includes the various flavors, with incremental
packages that suite the needs of our customers.

Each individual component of the service is interoperable and is used to deliver an overall service
availability to maintain committed SLA.

Type of
ENT-SAP1-PM SAP Monitoring Services Task
ENT-SAP1.PM1 Monitor SAP System log ✓
ENT-SAP1.PM2 Monitor failed updates ✓
ENT-SAP1.PM3 Monitor RFC errors ✓
ENT-SAP1.PM4 Monitor stale locks and analysis of lock ✓
ENT-SAP1.PM5 Monitor audit log ✓
ENT-SAP1.PM6 Monitor System dumps ✓
ENT-SAP1.PM7 Monitoring of work process ✓

Page | 99
ENT-SAP1.PM8 Validate successful Backup runs ✓
ENT-SAP1.PM9 Monitoring of operating system activity on CPU utilization ✓
ENT- ✓
SAP1.PM10 Monitor the “ p/ Down” status of SAP instances
ENT- ✓
SAP1.PM11 Monitor processes for in-scope SAP, Bolt-ons
ENT- ✓
SAP1.PM12 Monitor SAP print queue
ENT- ✓
SAP1.PM13 Monitor and respond to critical CCMS alerts
ENT- ✓
SAP1.PM14 Monitor Application performance
ENT- ✓
SAP1.PM15 Monitor overall Dialog Response
ENT- ✓
SAP1.PM16 Monitor the top critical business Transactions
ENT- ✓
SAP1.PM17 Monitor systems proactively for Response Time and CPU Utilization
Pre-Requisite ✓
1 EWA report without any Red Flag
Completion of SAP Solution Manager Monitoring Configuration &
2 Monitoring Level Access
3 Alert Configuration to Cloud4C Monitoring ID’s from Solution Manager
4 SAP Cockpit configuration completion from Customer end.

ENT-SAP1.1 Managed Services Offering for SAP Premium

Landscape Monitoring 24X7- Production (Daily once) & Non
Production (Weekly Once)
ENT-SAP1.101 Monitor and manage SAP System log ✓
ENT-SAP1.102 Monitor failed updates ✓
ENT-SAP1.103 Monitor stale locks and analysis of lock ✓
ENT-SAP1.104 Monitor RFC errors ✓
ENT-SAP1.105 Monitor stale locks and analysis of lock ✓
ENT-SAP1.106 Monitor audit log ✓
ENT-SAP1.107 Monitor System dumps ✓
ENT-SAP1.108 Analysis if ABAP dump ✓
ENT-SAP1.109 Analysis of ABAP Run-time and SQL trace where applicable ✓
ENT-SAP1.110 Monitoring of work process ✓
ENT-SAP1.111 Validate successful Backup runs ✓
ENT-SAP1.112 Analysis of Work load ✓
ENT-SAP1.113 Monitoring of operating system activity on CPU utilization ✓
ENT-SAP1.114 Monitor the “ p/ Down” status of SAP instances ✓
ENT-SAP1.115 Monitor processes for in-scope SAP, Bolt-ons ✓
ENT-SAP1.116 Monitor SAP print queue ✓
ENT-SAP1.117 Monitor and respond to critical CCMS alerts ✓
✓
ENT-SAP1.118 Monitor Application performance

ENT-SAP1.119 Monitor overall Dialog Response ✓

Page | 100
ENT-SAP1.120 Monitor the top critical business Transactions ✓
✓
ENT-SAP1.121 Monitor systems proactively for Response Time and CPU Utilization

Support for SAP Basis Standard Services

✓
ENT-SAP1.122 Regular Daily, weekly and Monthly SAP Basis Administration Tasks

Troubleshooting Basis and Basis Related Application issues (As per ✓

ENT-SAP1.123
service catalogue)
Half Yearly
ENT-SAP1.124 Apply BASIS /Netweaver FPS patches Once
Communicate and Co-Ordinate Basis / Netweaver Patch testing with ✓
ENT-SAP1.125
Application Group before moving it into QAS and PRD
ENT-SAP1.126 Job Scheduling, monitoring and troubleshooting ✓
ENT-SAP1.127 Maintain Transport and Change Control Management ✓
✓
ENT-SAP1.128 Resolve Basis issues related to TMS setup and transport tool errors

✓
ENT-SAP1.129 Resolve Application and Configuration issues to transport errors

Monitoring Report Weekly

ENT-SAP1.130 Standard Reporting (Predefined & agreed Format with the customer ) ✓

Client /System Copy Operations

Once in a
ENT-SAP1.131 Client Copy Operations Quarter
Yes - for SAP
ENT-SAP1.132 External and Internal SAP Interface Monitoring and Administration interfaces only

Plan, execute and test Homogeneous / Heterogeneous system copy Once in 6

ENT-SAP1.133 months
on existing systems
Database Administration
ENT-SAP1.134 Database Storage Management ✓
ENT-SAP1.135 Pro-active Database Management ✓
ENT-SAP1.136 Analyse and resolve database issues ✓
ENT-SAP1.137 Perform database upgrades X
✓
ENT-SAP1.138 Apply database patches

ENT-SAP1.139 Perform table/table space/database reorganizations ✓

Print Management
ENT-SAP1.140 Maintain printers within SAP software ✓
ENT-SAP1.141 Check spooler table consistency ✓
✓
ENT-SAP1.142 Troubleshooting spool- and print-problems (within the SAP system)

Performance and Tuning/EWA

✓
Optimize SAP system (system tuning) using pro-active monitoring,
ENT-SAP1.143 planning, scheduling early watch and implementing EWA
recommendations from Technical operations perspective

✓
ENT-SAP1.144 Provide application performance analysis (e.g. ABAP)
Basic SAP
Apps
ENT-SAP1.145 Support application team in resolution of app. performance problems troubleshot
support

Page | 101
 Track , execute and resolve any issues related to Transport Requests ✓
ENT-SAP1.146
from Application Groups
✓
ENT-SAP1.147 Follow-up Basis OSS messages to closure

Problem Management – Help Desk Support

ENT-SAP1.148 Define problem handling process, and responsible personnel ✓

ENT-SAP1.149 Qualify, prioritize , log , resolve and close Technical problems ✓
Escalate problems as necessary according to documented ✓
ENT-SAP1.150
procedures
Backup & Restore

ENT-SAP1.151 Backup of the System including FS and Database ✓

ENT-SAP1.152 Frequency & Schedule of the Backup Customised

ENT-SAP1.153 Retention Policies Customised
ENT-SAP1.154 Restoration of Data on Client request other than System Failures X

ENT-SAP1.155 Validation of logical integrity & consistency of the restored information X

ENT-HANA DB SAP HANA Database Services Platinum

ENT-HANA DB1 Provide recommendations on database release management ✓
ENT-HANA DB2 Plan and perform file system extensions for e.g. backup activities ✓
Monitor database resource consumption to detect issues in technical ✓
ENT-HANA DB3 operations
Monitor table growth to proactively prevent operational issues and ensure ✓
ENT-HANA DB4 that the service stays within the contractual sizing boundaries
ENT-HANA DB5 Design table partitioning strategy/architecture X
ENT-HANA DB6 Partition tables (technical execution) ✓
ENT-HANA DB7 Perform rowstore / column store migration ✓
Monitor database for technical issues; analyze and resolve technical ✓
ENT-HANA DB8 database failures
Clean-up HANA log and trace files (traces, statistic files etc.) to free up ✓
ENT-HANA DB9 capacity and keep HANA system clean and healthy
Maintain technical configuration parameters for SAP HANA and SAP HANA ✓
ENT-HANA DB10 XS based on SAP standards and recommendations
ENT-HANA DB11 Start/stop database ✓
ENT-HANA DB12 Add/remove SAP HANA node to adjust SAP HANA capacity ✓
ENT-HANA DB13 Creation of additional schema for existing SAP HANA datamart ✓
ENT-HANA DB14 Renaming of SAP HANA database (ID, instance number) ✓
Change SAP HANA database architecture (single node to multi node or ✓
ENT-HANA DB15 vice versa)
Management of standby databases (HANA System Replication) for high ✓
ENT-HANA DB16 availability
ENT-HANA DB17 Update SAP HANA database software ✓
Implement updates to the managed HANA DATABASE Patching using ✓
ENT-HANA DB18 Near Zero Downtime Option of Software Update Manager (ZDO)
ENT-HANA DB19 Update and maintain SAP HANA Studio ✓
ENT-HANA DB20 SAP HANA Transports Management Setup ✓

Page | 102
 Implement / maintain additional SAP tools (e.g. SAP HANA Analytics ✓
ENT-HANA DB21 Foundation Browser)
Identify, analyse and optimize expensive SQL-statements to improve ✓
ENT-HANA DB22 application performance
System troubleshooting, e.g. blocked transactions, to overcome issues and ✓
ENT-HANA DB23 bring SAP HANA back to normal state of operations
ENT-HANA DB24 Create/modify users for HANA modelling in the SAP HANA Studio ✓
ENT-HANA DB25 User, roles and permissions management for non-technical users ✓
User, roles and permissions management for technical and administration ✓
ENT-HANA DB26 users
ENT-HANA DB27 Perform database backups (regular full backups and log backups) ✓
ENT-HANA DB28 Restore and recover SAP HANA after technical issues ✓
ENT-HANA DB29 dbcc (database consistency check) ✓
Implement SAP HANA database encryption on SAP HANA database
X
ENT-HANA DB30 already installed
ENT-HANA DB31 Operate encrypted HANA database ✓

ENT-SYBASE-MON1.1 SYBASE SQL DB Services Monitoring Platinum

ENT-SYBASE-MON1.101 Provide recommendations on database release management ✓

✓
Monitor database resource consumption (memory, CPU, storage) to
ENT-SYBASE-MON1.102 detect issues in technical operations
ENT-SYBASE-MON1.103 Perform database extensions to increase database capacity ✓
ENT-SYBASE-MON1.104 Monitor table extension parameters to avoid issues ✓
Monitor database for technical issues; analyse and resolve technical ✓
ENT-SYBASE-MON1.105 database failures
✓
Schedule periodic statistical database collectors to generate
ENT-SYBASE-MON1.106 statistical performance data
ENT-SYBASE-MON1.107 Reorganize database logs to free up space ✓
ENT-SYBASE-MON1.108 Maintain/change database parameters ✓
ENT-SYBASE-MON1.109 Start/stop database ✓
Create and check optimizer statistics to maintain database ✓
ENT-SYBASE-MON1.110 performance
ENT-SYBASE-MON1.111 Perform upgrades of database software ✓
ENT-SYBASE-MON1.112 Apply database patches ✓
ENT-SYBASE-MON1.113 Perform database backups (regular database and log backups) ✓
ENT-SYBASE-MON1.114 Restore and recover database after technical issues ✓
ENT-SYBASE-MON1.115 Perform dbcc (database consistency check) ✓

Assist customer in optimizing SQL statements (indexes, selects etc.) X

ENT-SYBASE-MON1.116 for application improvements

ENT-MaxDB1.1 MaxDB Services Platinum

ENT-MaxDB1.101 Create database ✓
ENT-MaxDB1.102 Scheduling a Data Backup ✓
ENT-MaxDB1.103 Activating Automatic Log Backup ✓
ENT-MaxDB1.104 Scheduling Interactive Log Backups ✓
ENT-MaxDB1.105 Archiving Backup Files ✓

Page | 103
 ENT-MaxDB1.106 Scheduling Updates of the SQL Optimizer Statistics ✓
ENT-MaxDB1.107 Scheduling a Database Structure Check ✓
ENT-MaxDB1.108 Increase Data/Log Area when required ✓
ENT-MaxDB1.109 Set Database Parameters when applicable ✓
ENT-MaxDB1.110 Monitoring Data & Log Area ✓
ENT-MaxDB1.111 Monitoring accesses to Caches ✓
ENT-MaxDB1.112 Monitoring backups ✓
ENT-MaxDB1.113 Monitoring database activities using the Activities Overview ✓
ENT-MaxDB1.114 Monitoring the number of database sessions ✓
ENT-MaxDB1.115 Creating Backup Templates ✓
ENT-MaxDB1.116 Scheduling Data Backups and Log Backups ✓
ENT-MaxDB1.117 Checking the backup actions ✓
ENT-MaxDB1.118 Executing Performance Analysis in CCMS ✓
ENT-MaxDB1.119 Check the existing backups ✓
ENT-MaxDB1.120 Restore a database when required ✓
ENT-MaxDB1.121 Troubleshooting ✓
ENT-MaxDB1.122 Start/stop database ✓
ENT-MaxDB1.123 Perform upgrades of database software (Once per year) ✓
ENT-MaxDB1.124 Apply database patches (Twice per year) ✓

10References

Reference: - 1

Name of Assignment Migration of Banking application workloads to cloud

Founded in 1986, the client is the oldest privately owned bank
in the UAE, also the first bank to install ATM and issue debit
Name of the client/customer
and credit cards. Mashreq has 12 overseas offices in nine
& contact person details
countries, including Europe, the United States, Asia and
Africa
Start date and End Date 2020
Current status ( if work in
In Progress
progress/completed)
Contract Tenure 24 Months
Size of team engaged in
4
UAE
Name of the associated
No Subcontractors
partners, if any
Since it’s an outcome driven model based on agreed SLA’s
Size of team engaged
Cloud4C has proposed a pool of resources to be operating
outside UAE
from our offshore center of excellence
Order value of the Largest
similar scope project (in AED To be shared
millions annual)
Senior Program Manager, Project Manager, Azure Architect,
Details of the staff involved Security Architect, Azure Engineers, Database consultants,
Backup Engineer, Monitoring agents, DevOps

Page | 104
 Requirements:
• Mashreq required to move from their on-premises
DC’s to Cloud and Microsoft A ure was chosen as the
preferred cloud platform
• Customer was looking out for a reliable partner with a
strong experience in migrating and running mission
critical banking workloads
• Strict Compliance and Security standards had to be
met as per industry and country regulations
• Maintaining security standards and business continuity

Solution Approach :
Migrating 243 business applications and 1500 VMs
• Enabling complete migration in 18 months across 6
phases
• Migration of On premise Datacenter to Azure cloud
environment
• Migrating UAE and Non-UAE data across multiple
applications, and across countries
Narrative description of
Security and compliance
scope of consulting (provide
specific details regarding • Adhering to the major regulatory requirements for
Managed support services & banking industry
consulting experience • Identifying gaps across multiple technologies and
making recommendations

Disaster recovery and Business continuity

• Implementation of DR for all non-core banking

applications
• Operational capabilities and setups
• Implementation of DR environment as per regulations
and criticality of application
• Assessment and implementation of Replication as per
the best practices and within stringent RPO / RTO

Out Comes:
• 99.95% application uptime
• Phase-wise migration with minimal disruption to BAU
• Enhanced Security & Compliance with banking
ready frameworks

Robust DR in Azure region with stringent RPO/RTO for

business continuity

Reference: - 2

Name of Assignment Azure Migration Services

Largest bank in the United Arab Emirates, offers financial
Name of the client/customer
solutions, products and services through its Corporate and
& contact person details
Investment Banking and Personal Banking franchises

Page | 105
 Cloud4C account manager will facilitate the customer contact
details for any reference call post request from DIB
Start date and End Date 2021
Current status ( if work in
In Progress
progress/completed)
Contract Tenure Initial 12 Months + Ongoing support
Size of team engaged in
4
UAE
Name of the associated
Not Applicable
partners, if any
Since it’s an outcome driven model based on agreed SLA’s
Size of team engaged
Cloud4C has proposed a pool of resources to be operating
outside UAE
from our offshore center of excellence
Order value of the Largest
similar scope project (in AED TBS
millions annual)
Senior Program Manager, Project Manager, Azure Architect,
Details of the staff involved Security Architect, Azure Engineers, Database consultants,
Backup Engineer, Monitoring agents

Estimated 1500 servers over 12 months and additional 450

Servers for the assessment
The migration program included 4 major Data centers in
UAE region
Program Governance: establish an Azure migration program
to discover, assess, plan, and migrate servers to Azure.
Azure Migration Services: migration services that will be
used to perform the following migration strategies:
• Rapid Server Migration: Tool-based migration by
servers or subnet with no application dependency
mapping
• Application Migration: Tool-based migration by
Narrative description of application guided by an application migration plan.
scope of consulting (provide • Assessment Only: Assess servers and application
specific details regarding and jointly assign them to a strategy that is beyond the
Managed support services & scope of the program.
consulting experience Migration Support Services: The following services support
the above Azure Migration Services, Customer-led
migrations.
• Architecture Review: Azure infrastructure
architecture review of virtual machine and storage
sizing, resiliency and scalability, and service
availability in target Azure region(s).
• Infrastructure Provisioning: Infrastructure-as-Code
(IaC) provisioning using ARM Templates or Terraform
• Database Migration: planning and migration of
Microsoft SQL, Oracle, MySQL, Sybase, DB2,
PostgreSQL, or NoSQL databases to Azure
IaaS/PaaS as appropriate for the platform and
migration strategy

Page | 106
 • Azure Advanced Networking: assess, plan, and
build/remediate Azure Advanced Networking
components that support migration activities.
Azure IaaS Management: following migration, configuration
of Azure native services to assist with the monitoring, backup,
update management, and virtual machine replication for
disaster recovery of Azure IaaS environments

Reference: - 3

Name of Assignment Hybrid Cloud Assessment and Migration Services

Design a highly available, Multi-Region, fault-tolerant, cost-
optimized and performance Azure architecture for a leading
Name of the client/customer Commercial Bank in Abu Dhabi.
& contact person details Partner Solution – Digital Banking + Wallet + Partner Solution
(6D)

Start date and End Date 2021

Current status ( if work in
In-Progress
progress/completed)
Contract Tenure
Size of team engaged in
3 Onsite
UAE
Name of the associated
N/A
partners, if any
Sizeable team from offshore in Hyderabad India from
Cloud4C delivery center.
Size of team engaged
outside UAE Since we engage on an outcome driven model based on
agreed SLA’s Cloud C has proposed a pool of resources to
be operating from our offshore center of excellence
Order value of the Largest
similar scope project (in AED TBS at later stages
millions annual)
Senior Program Manager,
Project Manager,
Azure Architect,
Security Architect,
Details of the staff involved
Azure Engineers,
Database consultants,
Backup Engineer
NOC Team
Requirement:
1. Micro-services Based Architecture on Azure
2. Multi Region, High Availability Architecture
3. Incorporate Intellect’s Partner Solution on A
Narrative description of
4. Leverage Azure Cloud Native Services such as AKS,
scope of consulting (provide
Azure Database, Azure Files, Sentinel, Defender
specific details regarding
5. Incorporate Security Solutions – SIEM, PAM, DAM,
Managed support services &
VAPT, Etc.
consulting experience
6. Create an expandable architecture, for future clients –
Like BIB Cloud
7. Cost efficient model

Page | 107
 Proposed Solution:
• Azure Micro Services enabled cloud
• Azure Certified Solution Architect
• Compliant to an ’s uptime and CP requirement
• Well Architected expandable Solution on Azure
• Auto Scaling – Resource Minimization
• Enabling Continuous Compliance
▪ Secure landing zone for enterprise banking application
based on Azure best practice guidelines
▪ Hub and Spoke deployment model with centralized
management and governance
▪ Hybrid connectivity for private and internet-based
access to the applications
▪ Solution optimized to leverage Azure platform native
services

Reference: - 4

Name of Assignment Cloud Migration and Managed Services

ADX is the second largest market in the Arab region for
trading securities; including shares, bonds, exchange traded
Name of the client/customer funds, and any other financial instruments approved by the
& contact person details UAESCA

To be shared at a later stage

Start date and End Date 2020
Current status ( if work in
On-going
progress/completed)
Contract Tenure 36 Months
Size of team engaged in
3
UAE
Name of the associated
N/A
partners, if any
Size of team engaged
15+ from our Center of excellence team
outside UAE
Order value of the Largest
similar scope project (in AED TBS
millions annual)
Senior Program Manager,
Project Manager,
Azure Architect,
Security Architect,
Details of the staff involved
Azure Engineers,
Database consultants,
Backup Engineer
NOC Team
Requirements:
Assessment and migration of applications developed on
Narrative description of multiple technologies by different vendors, from On premises
scope of consulting (provide to Azure
specific details regarding Working on aggressive timelines to achieve the colocation of
Managed support services & the data center
consulting experience Migration of Exchange to Office 365 environment
Ensuring availability and least business impact during the
migration

Page | 108
 Solution
Migrating 95 business applications on Azure
❖ Migration of Complex applications built on different
technologies by different vendors
❖ Business Impact assessment and solutioning
❖ Legacy systems
On premises exchange mailbox migration to Office 365
Seamless migration of users

Proposing Security Architecture

❖ Secure and compliant architecture for all business
applications using Azure native security tools, and
third party tools
Re-architecting existing network and infrastructure
❖ Bandwidth consumption and optimization based on
current usage and forecast
❖ Network link re-architecting and revamping of existing
Infrastructure Software and Licenses

Reference: - 5

Name of Assignment Cloud - Migration Services

As one of the leading banks in UAE and Middle East, ADIB
has been a trusted financial solace for consumers,
enterprises, corporates, private investment stakeholders. The
Name of the client/customer bank has been quite popular with its financial offers to
& contact person details organizations and individuals, and digital-first, green services
for hassle-free yet sustainable banking experiences.
Cloud4C account manager will facilitate the customer contact
details for any reference call post request from DIB
Start date and End Date 2020
Current status ( if work in
In Progress
progress/completed)
Contract Tenure 36 + Ongoing Support
Size of team engaged in
UAE
Name of the associated
Not Applicable
partners, if any
Since it’s an outcome driven model based on agreed SLA’s
Size of team engaged
Cloud4C has proposed a pool of resources to be operating
outside UAE
from our offshore center of excellence
Order value of the Largest
similar scope project (in AED
millions annual)
Senior Program Manager, Project Manager, Azure Architect,
Details of the staff involved Security Architect, Azure Engineers, Database consultants,
Backup Engineer, Monitoring agents,
Narrative description of Estimated 3500 servers over 36 months
scope of consulting (provide
specific details regarding The migration program included major Data centres in
Managed support services & UAE region
consulting experience

Page | 109
 Program Governance: establish an Azure migration program
to discover, assess, plan, and migrate servers to Azure.
Azure Migration Services: migration services that will be
used to perform the following migration strategies:
• Rapid Server Migration: Tool-based migration by
servers or subnet with no application dependency
mapping
• Application Migration: Tool-based migration by
application guided by an application migration plan.
• Assessment Only: Assess servers and application
and jointly assign them to a strategy that is beyond the
scope of the program.
Migration Support Services: The following services support
the above Azure Migration Services, Customer-led
migrations.
• Architecture Review: Azure infrastructure
architecture review of virtual machine and storage
sizing, resiliency and scalability, and service
availability in target Azure region(s).
• Infrastructure Provisioning: Infrastructure-as-Code
(IaC) provisioning using ARM Templates or Terraform
• Database Migration: planning and migration of
Microsoft SQL, Oracle, MySQL, Sybase, DB2,
PostgreSQL, or NoSQL databases to Azure
IaaS/PaaS as appropriate for the platform and
migration strategy
• Azure Advanced Networking: assess, plan, and
build/remediate Azure Advanced Networking
components that support migration activities.
Azure IaaS Management: following migration, configuration
of Azure native services to assist with the monitoring, backup,
update management, and virtual machine replication for
disaster recovery of Azure IaaS environments

11Conclusion
Cloud4C looks forward to working with ADC and supporting your efforts for Cloud journey.
Cloud4C is confident that we can meet the challenges ahead and stand ready to partner with you in
delivering & managing this Azure setup. Cloud4C is a trusted digital transformation partner for fortune
500 companies. We have strong Enterprise customers leveraging our expertise on Azure platform.
If you have questions on this proposal, feel free to get in touch with us at your convenience.
Thank you for your consideration & business

Page | 110