Page 1 of 4
Controlled Doc. #351678 Ver: 1.0 Last Modified:4/10/2012 10:47:40 PM CISCO CONFIDENTIAL
CPS_Unified_Security_Development_Service.doc
Service Description: Advanced Services – Fixed Price
Cisco Collaborative Professional Services - Unified Security
Development Service (ASF-CPSA-USD)
This document describes Advanced Services Fixed Price:
Cisco Collaborative Professional Services Unified Security
Development Service available under the Collaborative
Professional Services Program (“Program”).
Direct Sale from Cisco to Authorized Channel. If you have
purchased these Services directly from Cisco, this document is
incorporated into your Collaborative Professional Services
Agreement (“Agreement”), Collaborative Professional Services
– General Service Terms under the Cisco Services Partner
Program, a services exhibit that addresses transaction
advanced services (“AS-T”) or an equivalent agreement
executed between you and Cisco which authorizes your
participation in the Program. In the event of a conflict between
this Service Description and your Agreement or equivalent
services exhibit or agreement, this Service Description shall
govern. For purposes of an AS-T exhibit executed between
Cisco and Authorized Channel, this Service Description shall
be deemed as a Statement of Work (ʻSOW”).
Cisco shall provide a Quote for Services (“Quote”) setting out
the appropriate fee that shall be paid by Authorized Channel
for the services selected. Cisco shall provide the Unified
Security Planning & Design Development Service described
below as detailed on Purchase Order that references the
purchaserʼs email address, Deal ID, Services Part No and
Service Fee as defined in the Quote agreed between the
parties and that, additionally, acknowledges and agrees to the
terms contained therein.
Cisco Collaborative Professional Services Unified
Security Development Service
Service Summary
The Cisco Collaborative Professional Services (“CPS”) Unified
Security Development Service provides remote assistance
(the “Services”) to Authorized Channel for the deployment of
End Userʼs Unified Security solution which includes High-Level
Design Development, Low-Level Design Development,
Network Implementation Plan Development and System
Acceptance Test Plan Development.
This Service offering is comprised of a maximum of four (4)
devices from the following sets of devices with only one (1)
device from within selected groupings: (a) Cisco ASA Firewalls,
IOS Firewall, ASA Service modules; (b) Cisco IPS 4200, ASA
5500 Series IPS Solution, Cisco IDSM, Cisco ISR IPS Module;
(c) Cisco VPN solutions using ASA, IOS Routers; (d) Cisco
ACS solution for device administration; (e) Cisco Security
Manager and (f) Ironport Products.
Location of Services
Services are delivered remotely to Authorized Channel.
High Level Design Development
Analyze the End Userʼs prerequisite information provided by
Authorized Channel in order to develop a High Level Design
(“HLD”) that will consider the End Userʼs network future growth
requirements and Cisco leading practices.
Cisco Responsibilities
o Work with Authorized Channel to understand End Userʼs
environment and achieve a common understanding of End
Userʼs requirements.
o Provide the HLD Pre-requisite Template which specifies
the required business and technical requirements that
Authorized Channel must gather from End User.
o Create and provide the High Level Design which will
include the following: a) comparing solution level
requirements with Cisco security solutions and
architectures; b) a high-level design document based on
the End User requirements shared by the Authorized
Channel and in line with the bill of materials (“BOM”); c)
identifying change recommendations to the BOM, as
required; and d) determining any risks of the design and
providing design recommendations and proposed changes
to help mitigate risks.
o Review with Authorized Channel the High Level Design for
comment and approval before it is formally completed and
released.
Authorized Channel Responsibilities
o Designate key Authorized Channel contacts including
architects and network personnel who shall be available
for ongoing information gathering and feedback during the
Services.
Page 2 of 4
Controlled Doc. #351678 Ver: 1.0 Last Modified:4/10/2012 10:47:40 PM CISCO CONFIDENTIAL
CPS_Unified_Security_Development_Service.doc
o Provide all the information as requested by Cisco to be
documented in the HLD Pre-requisite Template five (5)
Business Days following receipt of the Pre-requisite
Template from Cisco.
o Provide physical and logical network schematics for End
Userʼs existing network where applicable.
o Provide information and other details containing: (i) End
Userʼs security design objectives (for example, logging
requirements, change management requirement,
compliance requirement, type of devices etc.); (ii) End
Userʼs security requirements; and (iii) future growth
requirements and solution build-out time frames.
o Provide information and other details of current network
topology including access, distribution and core layers,
types of switches, routers and security devices in each
layer, IP addressing and sub-netting for each layer and
features and services that have been enabled on the
network.
o Provide physical and logical network schematics for End
Userʼs existing network where applicable.
o Review with Cisco the High Level Design for comment and
approval before it is formally completed and released.
Low-Level Design Development
A Low-Level Design (“LLD”) focuses on activities for design of
a Unified Security solution for the End User environment using
Cisco security products and architecture. The LLD does not
include configurations for any third party applications/devices.
Cisco Responsibilities
o Conduct telephone interviews with designated Authorized
Channel covering the LLD of the security solution.
o Provide the LLD Pre-requisite Template which specifies
the required business and technical requirements that
Authorized Channel must gather from End User.
o Create the LLD document for the Cisco security solution.
The design document will cover the low level network
architecture with placement of security devices and the
design specific details like the traffic flow diagrams,
interface connectivity details and design diagrams for the
End Userʼs security solution.
o Provide the LLD document and review LLD with
Authorized Channel for comment and approval before it is
formally completed and released.
Authorized Channel Responsibilities
o Ensure that Authorized Channel key networking personnel
are available to participate in telephone interview sessions
as required to enable Cisco to understand End Userʼs
business and technical requirements for the network.
o Provide all information as requested by Cisco to be
documented in the LLD Pre-requisite Template to include
End User network information ten (10) Business Days
following receipt of the Pre-requisite Template from Cisco.
This document shall include the following information: a)
physical and logical network schematics for existing
network where applicable; b) information and other details
containing: (i) End Userʼs security design objectives (for
example, logging requirements, Change management
requirement, compliance requirement, type of devices
etc.); (ii) End Userʼs security requirements; and (iii) future
growth requirements and solution build out time frames; c)
security policy, requirements and features already
deployed in the End Userʼs current network; d)
documentation that defines the current network topology,
including access, distribution, and core layers with the
current security device placements, types of switches,
routers and security devices in each layer, IP addressing
and sub-netting for each layer, and features/services that
have been enabled on the network; and e) End Users data
networking configurations for core routing protocols,
LAN/WAN connectivity, quality of service (QoS), Access
Control Lists (ACL) and other security features relevant to
the security design in scope.
o Review the LLD with Cisco, providing comment and
approval before it is formally completed and released.
Network Implementation Plan Development
Develop a Network Implementation Plan (“NIP”) that identifies
the processes to implement and operate the Cisco security
solution. The NIP is a guide for the Authorized Channelʼs
implementation engineer to follow. It contains device and site
specific implementation requirements information and records
the actions for implementation. It also provides references to
Product documentation, such as administration guides and
technical notes.
Cisco Responsibilities
o Provide the NIP Pre-requisite Template which specifies
the required business and technical requirements that
Authorized Channel must gather from End User.
o Create a NIP document that details the information
necessary for the Authorized Channel or End User to carry
out the implementation of the equipment at the End User
location.
o Provide the Network Implementation Plan and review the
Network Implementation Plan with Authorized Channel for
comment and approval before it is formally completed and
released.
Authorized Channel Responsibilities
o Provide all information as requested by Cisco to be
documented in the NIP Pre-requisite Template to include
End User network information ten (10) Business Days
following receipt of the Pre-requisite Template from Cisco.
This document shall include the following information or
other information as requested by Cisco: a) approved
detail design document; b) End User building layout,
including the floor plan, cabling and power location for
applicable site where the security devices are getting
deployed; c) verified interface specifications and
requirements. For example, cabling standards and
specifications for interconnect of Cisco and End User
Page 3 of 4
Controlled Doc. #351678 Ver: 1.0 Last Modified:4/10/2012 10:47:40 PM CISCO CONFIDENTIAL
CPS_Unified_Security_Development_Service.doc
equipment; and d) required documentation to include site
specific implementation requirements.
o Review the NIP with Cisco, providing comment and
approval before it is formally completed and released.
Systems Acceptance Test Plan Development
The System Acceptance Test (“SAT”) plan should be used
following completions of implementation to verify that the
security solution as deployed meets the agreed design.
Cisco Responsibilities
o Provide the SAT Plan Pre-requisite Template which
specifies the required business and technical requirements
that Authorized Channel must gather from End User.
o Create and provide the SAT Plan document. The SAT
Plan document defines and records the specific set of
procedures and/or tests developed by Cisco and agreed to
by the Authorized Channel that are necessary to test the
Cisco product and to declare that it is ready for use. The
SAT Plan may include the following: a) identifying facility
and infrastructure requirements for testing; b) identifying
tools required for executing the test cases; c) if required,
developing test case priorities, test lab topology, role and
responsibilities, testing processes, and severity levels; and
d) developing the test cases to include test case
objectives, procedure (step-by-step), expected result, and
pass/fail criteria.
o Review with Authorized Channel the SAT for comment and
approval before it is formally completed and released.
Authorized Channel Responsibilities
o Provide all information as requested by Cisco to be
documented in the System Acceptance Test Plan Pre-
requisite Template to include End User network
information ten (10) Business Days following receipt of the
Pre-requisite Template from Cisco.
o Provide input necessary for Cisco to develop the criteria to
be used in the SAT Plan.
o Agree on the specific set of procedures and/or tests in the
SAT Plan document developed by Cisco.
o Ensure that all the network, telecom and operations teams
are represented in development of test plans and
coordinate for all meetings.
o Review the System Acceptance Test Plan with Cisco for
comment and approval before it is formally completed and
released.
General Authorized Channel Responsibilities
• Authorized Channel shall ensure that, End User
understands and agrees i) that Authorized Channel is
providing its own proprietary services together with the
Cisco Services herein; and ii) that in connection with
Authorized Channelʼs performance of its own proprietary
services, Authorized Channel must provide to Cisco
certain End User information, documents and/or other
technical data as required for Cisco's subsequent use in
connection with Cisco Services.
• All information (such as but not limited to: designs,
topologies, requirements) provided by Authorized Channel
is assumed to be up-to-date and valid for the End Userʼs
current environment. Cisco deliverables are based upon
information provided to Cisco by Authorized Channel at
the time of the Services.
• Authorized Channel acknowledges that the completion of
Service is dependent upon Authorized Channel meeting its
responsibilities as indicated herein.
• Authorized Channel is solely responsible for all
interactions and communications with End User and the
provision of services and deliverables to End User.
• Identify Authorized Channelʼs personnel and define their
roles in the participation of the Services. Such personnel
may include but is not limited to: architecture design and
planning engineers, and network engineers.
• Ensure Authorized Channelʼs personnel are available to
participate during the course of the Services to provide
information and to participate in scheduled information
gathering sessions, interviews, meetings and conference
calls.
• Services provided by Cisco comprise technical advice,
assistance and guidance only. Authorized Channel
expressly acknowledges and agrees that its solely
responsible for the implementation of End Userʼs network
design requirements and implementation of any
recommendations provided by Cisco. The information
containing in the documentation deliverables are based on
the information provided by the Authorized Channel to
Cisco, and Authorized Channel shall remain responsible
for the accuracy or completeness of the information during
the provision of the Services described herein and for the
final determination of End Userʼs network design,
architecture, implementation, business or other
requirements.
License of Deliverables
• Cisco grants to Authorized Channel a limited, revocable,
non-exclusive, non-transferable license (a) to use, display,
reproduce, modify, and distribute Deliverables; and (b)
create, use, reproduce, and distribute derivative works of
the Deliverables. The license herein is granted solely for
Authorized Channel’s support of End Users during the
term of the agreement between Cisco and Authorized
Channel and solely for use with Cisco products.
Authorized Channel may not sublicense, to any persons or
entity, any rights to reproduce or distribute the
Deliverables. Cisco also may terminate this license upon
written or oral notice to Authorized Channel, with or
without prior notice.
Limitation
Page 4 of 4
Controlled Doc. #351678 Ver: 1.0 Last Modified:4/10/2012 10:47:40 PM CISCO CONFIDENTIAL
CPS_Unified_Security_Development_Service.doc
• AUTHORIZED CHANNEL EXPRESSLY
ACKNOWLEDGES AND AGREES THAT IT IS SOLELY
RESPONSIBLE FOR THE DETERMINATION AND
IMPLEMENTATION OF THEIR END USER’S
NETWORK, DESIGN, BUSINESS, OR OTHER
REQUIREMENTS. CISCO SHALL NOT BE
RESPONSIBLE FOR THE FAILURE OF CISCO’S
COLLABORATIVE PROFESSIONAL SERVICES,
DELIVERABLES, REPORTS AND/OR RELATED
SOFTWARE TO MEET END USER’S NETWORK,
DESIGN, BUSINESS, OR OTHER REQUIREMENTS.
Representation of Cisco Brand
Authorized Channel agrees to comply with the Collaborative
Services Branding guidelines located under “Resources” at
http://www.cisco.com/web/partners/services/programs/collabor
ative/index.html, which is incorporated herein by reference.
Invoicing and Completion
Invoicing
Services will be invoiced upon completion of the Services.
Completion of Services
Cisco will provide written notification upon completion of the
Services to Authorized Channel. The Authorized Channel shall
within five (5) Business Days of receipt of such notification
provide written acknowledgement of Ciscoʼs completion of the
Services. Authorized Channelʼs failure to acknowledge
completion of the Services or to provide reasons for rejection of
the Services within the five (5) Business Day period signifies
Authorized Channelʼs acceptance of completion of the Services
in accordance with this Service Description.
