Essential IT 8.0 | Scope & Standards
Rocket IT has a simple but powerful purpose – Help People Thrive. It is backed up by four core values, including one that helps us remember to Be a Passionate Steward.
With that as our direction, good stewardship demands we describe and hold you and ourselves accountable to the minimum technology infrastructure standards required to deliver a predictable experience for your team.
We provide a team of expert technologists that match your priorities for addressing security, productivity, functionality, and efficiency. That team will carry out the activities described herein.
In order to do this, we will use reasonable efforts to adhere to agreed-upon deadlines, subject to your cooperation and events or incidents outside our reasonable control, as described in your Master Services Agreement (MSA). We'll provide priority support for all critical issues as diagnosed according to our standard procedures (at additional cost as described below and in your Statement of Work [SOW]), maintain IT support resources in accordance with industry standards, and provide direct access to our leadership team for escalation.
In return, you will assign a leader within the organization to work with our team. That decision maker will attend all Annual Business Reviews, provide availability to your senior management when necessary, and provide access to documents, statements, computer systems, and third-party support services.
Importantly, we know that everything isn't always perfect. We each will give and receive accommodations for conflicts, unforeseen events, and other priorities.
Supported Products & Services
The following describes the minimum requirements of aspects of your technology and what is included in the scope of your Essential IT SOW during our stated business hours.
Your network infrastructure can be defined as the hardware and software that allow connection to and management of internal systems and external networks (except in the case of closed networks). This can include internet connections, firewalls, switches, routers, wireless access points, cabling, power resources, VPN solutions, and more.
There are three basic requirements for internet connections to your offices:
- Business-grade internet service(s)
- Appropriate speeds for the office covered
- Public IP address(es)
In addition, it is recommended – though not required – to have a secondary ISP service to business-critical offices.
With all reactive support billed against your pre-paid block of support hours, Rocket IT’s service includes both troubleshooting connectivity problems inside the network on supported company devices and working with your ISP for connectivity problems that are outside the network. We will make recommendations to improve existing ISP issues, work with your ISP(s) to resolve outages, and configure graceful failover on your firewall if you elect to have a secondary ISP connection.
Also, ISP cutovers require an additional fee from Rocket IT to manage the process and ensure proper configuration of the new connection to your existing network.
A firewall sits at the edge of your network, managing the connection and security of traffic between your network and the internet.
Rocket IT provides one of several business-class firewalls to each supported office location based on the bandwidth requirements and number of required connections. Your Essential IT cost is based partially on the number of office locations that require a firewall and the correct specifications for each. Each firewall includes anti-virus and anti-spyware services. Basic configuration changes to the firewall, such as NAT rules, Access Control Lists, port forwarding, and minor VLAN configuration, are included in the scope of your Essential IT SOW.
Major changes to the overall configuration or provisioning of the firewall(s) will be billed as a separate project.
Network switches manage connections between other devices. In networks we support, these are commonly situated between the firewall and the ports to which individual devices connect. Rocket IT requires managed switches for this purpose (this includes all core switches and distribution switches).
A second common scenario is smaller unmanaged switches sitting between a single port and several low-traffic or non-critical devices.
Rocket IT installs and supports small business or enterprise switches by Cisco, but we are willing to consider supporting small business or enterprise switches installed prior to Rocket IT’s support of your network, at Rocket IT’s sole discretion, provided they have an active warranty and the proper specification for their role. Dell, HP and Meraki are examples of legacy hardware we are may support under these circumstances.
A switch with the proper specifications may last up to 7 years or longer before requiring replacement, however we will make a recommendation to replace a switch when it will improve performance or avoid possible unplanned downtime.
Wireless Access Points
Wireless Access Points (WAPs) manage wireless connections between enabled devices and your network.
Rocket IT installs and supports small business or enterprise WAPs by Meraki, but we are willing to consider supporting small business or enterprise WAPs installed prior to Rocket IT’s support of your network, at Rocket IT’s sole discretion, provided they have an active warranty and the proper specification for their role. Ubiquiti and Aerohive are examples of legacy hardware we are may support under these circumstances, while LinkSys devices do not meet these criteria.
A WAP with the proper specifications may last up to 7 years or longer before requiring replacement, however we will make a recommendation to replace a WAP when it will improve performance or avoid possible unplanned downtime.
Virtual Private Networking (VPN) allows people to securely connect to your network from a remote location with an ordinary internet connection. Because Rocket IT owns and manages the firewall, we do support VPN functionality, subject to certain restrictions, for your approved list of VPN users. Rocket IT provides service for 1 concurrent VPN connection and, for an additional fee, will provide as many additional connections as may be required.
An Uninterruptible Power Supply (UPS) is a piece of electrical equipment that temporarily provides emergency power when the primary power sources fail. A properly specified and maintained UPS will provide near-instant, but temporary, power in the event of a primary power source disruption. A UPS is primarily designed to give critical physical servers the chance to gracefully shut down rather than risk corruption due to an abrupt power loss.
A common secondary feature of a UPS is its ability to function as a surge protector, preventing harm to your hardware from voltage spikes.
Rocket IT supports and installs American Power Conversion (APC) devices in this category. Specifically, we strongly recommend a managed UPS, which allows for remote restoration of functionality if an event causes a server to shut down.
A proper UPS may last up to 6 years, but they often require replacement of their batteries at about 3 years.
Until the introduction of ransomware, security infrastructure for organizations with 500 employees or fewer was fairly standard: firewall, backup, anti-virus, and spam filter. As long as they were the right products, configured properly, and managed by competent people, an organization could feel safe.
Unfortunately, the world of security changed around 2014 due to the pervasive and sinister nature of crypto-viruses. After years of effort by the infosec industry to get ahead of malicious actors, the new normal includes much more robust anti-virus solutions, limitations on local administrative privileges, ongoing employee technology testing/training, and a vigilant IT team making constant improvements to security protocols to balance team productivity with essential security.
A proper firewall is still your first line of defense. Our efforts in this area are described above in the section on networking.
Included in your Essential IT SOW cost, Rocket IT deploys an Advanced Endpoint Protection solution that watches for unexpected or unusual behavior and can help protect against even the newest virus, spyware, ransomware, or exploit-based attacks.
Gone are the days when your staff could install any program on any device they felt was necessary to complete their work. However, the initial measure commonly taken – removing a person’s local admin privileges – often prevented common, everyday changes to a person’s computer like regular software patches and updates.
The solution is to allow your people to have local admin credentials, but with plenty of controls in place. Included in your Essential IT SOW cost, our application allows for such controls as application whitelisting (the person can only run pre-approved programs) and ringfencing (preventing an application from behaving unexpectedly and interacting with anything outside of its purview).
Spam filtering may be ubiquitous, but it requires constant tuning to deliver the right balance of delivering good email and blocking bad email. We leverage Microsoft’s built-in spam filter with Office 365 and will provide user- or organization-level changes, as required, with all work billed against your pre-paid block of support hours.
Ever-Evolving Security Measures
Our team will stay on our toes on your behalf. We regularly implement and improve on security best practices for the benefit of our clients. We will communicate these changes and their positive effect on your security during our Annual Business Reviews.
Staff Testing and Training
Each of your people with even basic technology access now has a security job. Their vigilance and proper training will go far to prevent the likelihood of a successful attack on your systems. Included in your Essential IT SOW cost, we will test each employee twice a month with emails designed to mimic well-designed phishing attacks. Those who fail the test will be enrolled in training to help them be better prepared. During Annual Business Reviews, we will report on your team’s results, and you will have access to a dashboard to see their progress between meetings. We will highlight repeat offenders and make recommendations if we believe more severe actions are required to improve their performance.
Since no security is guaranteed to prevent data loss, a proper backup must include multiple layers of redundancy, copies of incremental changes (to prevent problems due to deletion or corruption that is undiscovered for an extended time), and geographic separation of backup locations (to prevent loss due to physical damage of backup equipment).
For premise servers, Rocket IT includes a robust backup solution we call CC:Backup in your Essential IT SOW cost. It includes a physical appliance at every site that has a physical server and secure, off-site replication of your encrypted data in the cloud.
For cloud servers, Rocket IT works exclusively with Amazon Web Services (AWS) cloud servers and will configure them to replicate to a separate AWS location. The cost of the replication is discussed and covered as a separate cost from your Essential IT SOW.
By implementing the stack of security systems and processes above, the risk that a substantial breach will occur on your network is lessened greatly. However, no system is foolproof, and there may be situations where a breach happens. Examples might include someone inputting their credentials into a malicious and/or spoofed site, or someone falling prey to a social engineering attack.
All events generated beyond approving or denying requests for access (such as whitelisting an application) are billed as out-of-scope incident responses. More serious incidents may require multiple people working for multiple days to ensure all systems are restored to their secure state.
Servers are the lifeblood of productivity for most organizations, so they should be well-built and well-maintained. We only support servers that have an active manufacturer’s warranty and are on a modern Microsoft Server operating system. Rocket IT prefers and recommends Dell servers for most applications, but we also support HP servers and are willing to consider supporting any existing enterprise-grade server still supported under an active manufacturer’s warranty. A well-designed server should be expected to last up to 6 years.
Virtualization is very common, and our team is prepared to support your VMware instances that are on a currently supported version. We do not support Hyper-V hosts.
Cloud servers are also increasingly common, and we can migrate, deploy, manage, and support your server instance in AWS. We do not support Microsoft Azure instances.
Not everything related to Windows servers is covered under your Essential IT SOW, but here are some of the things that are covered or not covered:
- We will manage the patches for your server.
- We will review alerts that are created for your server.
- Active Directory changes are billed against your pre-paid block of support hours, including user accounts (creation, removal, password resets) and groups (creation, removal, member management). Deploying Active Directory and major revisions to Active Directory structure will be scoped as projects.
- We will do many things upon request, with such work being billed against your pre-paid block of support hours, unless it is determined that the request rises to the level of a project. One example of appropriate support ticket work is auditing permissions to network resources and making changes as necessary. Another is troubleshooting Group Policy Objects. Creating group policies is a gray area; some are simple commands and some are highly sophisticated programming tasks. We will discuss any requests you may make and determine scope on a case-by-case basis.
Like servers, properly specified and maintained workstations are critical to the success of your team. We support most major brands of desktops and laptops that have an active manufacturer’s warranty and are running a modern Microsoft Windows or MacOS operating system. We prefer and recommend HP workstations, but we also support Microsoft Surface, Dell, and Apple computers, as well as most other major brands.
As part of your Essential IT SOW and billed against your pre-paid block of support hours, we will troubleshoot slow performance, alerts, printer issues, and will manage patches and Windows 10 updates.
If a device is performing poorly enough to require the rebuilding of a user profile or a “wipe and reload” as recommended by our team (where we completely reinstall the operating system), that is billed against your pre-paid block of support hours, but any failure of that process is expressly outside of our control and it is your responsibility to ensure that no loss of data or key business function happens as a result of this unexpected failure. We do not backup workstations and it is our firm recommendation that no business-critical information exist solely on a workstation.
Rocket IT recommends and supports Microsoft Office 365 for email functionality. If you choose for us to manage your Office 365 licensing billing, we will do regular auditing of license usage as well to mitigate against cost overruns due to unnecessarily applied licenses.
With such work being billed against your pre-paid block of support hours, we provide support on your printers that have an active manufacturer’s warranty. Rocket IT recommends HP and Brother printers. We will also support Dell and certain other brands of printers, subject to prior discussion and approval. We will ensure that supported printers are properly added to an existing print server, provide a base level of software-related troubleshooting, and act on your behalf to work with any managed print providers or manufacturers to provide more advanced support.
IT Strategy and Technology Asset Planning
Rocket IT will schedule one Annual Business Review per year with your primary IT decision maker and any other relevant staff. We will help you plan and budget as well as educate you on industry trends that should inform your strategic decisions. We will provide data around our performance as well.
These are services where Rocket IT's primary responsibility is to keep it on; we will, at the client's discretion, serve as their agent of record to open support tickets with vendor/third-party support, but the cost of a support agreement or break/fix work will be incurred directly by the client in addition to our work being billed against your pre-paid block of support hours.
We will monitor your properly specified infrastructure for these applications and work with the vendor for support requests, patches, and updates, with such work being billed against your pre-paid block of support hours. This includes your accounting application.
With such work being billed against your pre-paid block of support hours, we will work with your phone vendor for network-related troubleshooting. For legacy Rocket IT-installed 3CX phone systems, we will also add/remove users; configure DIDs, voicemail boxes, and extensions; manage auto-attendants and ring/blast groups; and work with 3CX for support requests and minor updates.
With such work billed against your pre-paid block of support hours, we will troubleshoot network connectivity issues, configure scan-to-email or scan-to-file features, configure address book entries, and work with your vendor(s) for support requests.
Optional Bolt-On Services
The services below are not included as a part of the monthly agreement and are billed as separate line items on the client's monthly invoice.
Remote Administrative Access
We can extend our remote monitoring and management agent to your internal IT staff to allow them to remotely access company-owned and Rocket IT-monitored workstations.
You must maintain all legally required software licenses. Rocket IT will make a commercially reasonable effort to remind you of upcoming license renewals in the following areas: servers, domains, and SSL certificates.
End of Support
When a product has an identified “end-of-support” (EOS) date, that is when the manufacturer or vendor will no longer provide patching, updates, or support to ensure the product continues to operate efficiently and securely. During your Annual Business Reviews, we will provide updates on upcoming EOS dates relevant to your business and make recommendations to avoid reaching those dates on any actively used technology within your organization. Once a product goes EOS, any support on it will be billed out of scope and additional charges, including penalties, may apply.
Pre-Paid Block Time
Much of your proactive technology support costs are covered in Essential IT, but most other work is not, and it is required to handle the out-of-scope billing by pre-purchasing a block of hours. We offer blocks in minimums of 20 hours and will work with you to find the appropriate size for your organization’s needs.
New Workstation Setup
Computer setups are billed against your pre-paid block of support hours. You should understand that setups for computers procured through Rocket IT will on average be more efficient - and thus cost less in support time - than computers purchased elsewhere.
We do not support consumer-grade products within the scope of your Essential IT SOW. Exceptions may be made by Rocket IT management, with all time being billed to your pre-paid block of support hours.
We do not provide residential IT support services within the scope of your Essential IT SOW. Exceptions may be made by Rocket IT management, with all time being billed to your pre-paid block of support hours.
Equipment Purchased Elsewhere
After beginning your Essential IT SOW with Rocket IT, equipment purchased elsewhere will require out-of-scope billing for any installation and initial troubleshooting we provide.