WO2007030633A2 - Method and system for remotely monitoring and managing computer networks - Google Patents

Abstract

A comprehensive managed services model allows a third-party information technology (IT) service company to assume responsibility for monitoring, administering, and maintaining a business' IT infrastructure. The cost of the solution is predictable and lower than the cost of handling the same monitoring, administration, and maintenance tasks through an internal IT staff. The model provides the third-party IT service company with a long-term predictable revenue stream. In an exemplary system, the third-party IT service company offers various packages of managed services, and the customer is charged according to a subscription-based pricing scheme. While the packages may contain a predefined set of services, the managed services model also permits selection of individual services in á-la-carte fashion to create a customized solution that exactly fits the customer's needs and requirements. The managed services model also allows the third-party IT service company to partner with affiliate IT companies to deliver the services.

Description

Atty Docket No. 039650-10

METHOD AND SYSTEM FOR REMOTELY MONITORING AND MANAGING

COMPUTER NETWORKS

BACKGROUND OF THE INVENTION

Cross Reference to Related Applications

[0001] This application claims priority to U.S. Provisional Application No. 60/714,336 filed September 7, 2005, the contents of which are incorporated herein by reference.

Field of the Invention

[0002] The present invention is directed to monitoring and managing a computer network, and more particularly to providing a managed services architecture to monitor and maintain a client's computer network.

Description of Related Art

[0003] Companies of all sizes rely on computer technology and networks to manage various business functions. In particular, computer systems enable efficient exchange of business data and information between parties in different types of business transactions. [0004] Although information technology (IT) offers time- and money-saving benefits, the use of information technology also requires resources, such as ^taff and money, to implement, operate, and maintain the necessary computer hardware and software. More of these resources are required as a company's reliance on information technology grows and introduces more complex challenges. '

[0005] However, due to resource limitations, companies often find that they are unable to meet the challenges of managing their IT infrastructure. IT organizations are struggling to keep pace with accelerated business demands when budgets and talent are in short supply. With limited resources, companies must prioritize their IT tasks and projects. Often, - 2 - Atty Docket No. 039650-10

companies are simply overwhelmed by routine maintenance of their IT infrastructure and must put off other IT projects. It is not uncommon for a business to spend 70% to 80% of its IT budget just maintaining existing functionality and keeping the current infrastructure running. No resources are spent on improving the current system or implementing new hardware or software. Moreover, members of the IT staff are unable to receive important training which will improve their skills and teach them best practices. Even when priority is placed on maintenance tasks, companies often find it almost impossible to keep up with necessary maintenance and to complete critical tasks in a timely manner. For instance, an IT staff may find it difficult just to keep software current through the application of software patches. Because new implementations are delayed, routine maintenance falls behind, and members of the IT staff are not properly trained, existing systems become obsolete, unstable, and un-secure. As a result, the need to repair system components and "fight fires" takes up more and more IT resources.

[0006] In recent years, many IT departments have had their budgets frozen or cut, while being expected to maintain existing functionality and to meet the growing technology needs of their organizations. The need to keep up with constantly changing technology has placed increased pressure and conflicting objectives on already taxed IT departments. [0007] Some organizations have attempted to meet increasing IT demands by saddling their existing staff with new projects. This reduces the time IT staff have for maintenance tasks, upgrade projects, and training. This method often results in even more time spent in troubleshooting, outages, and IT emergencies, because systems that are not properly maintained experience critical errors more frequently. Moreover, as organizational priorities evolve, internal IT departments often do not have the depth and breadth of knowledge needed to provide a complete solution for their organizations.

[0008] Meanwhile, other organizations can simply find no cost justification to hire a full- time IT staff, even though demands for new technologies and steadily growing needs for IT support remain.

[0009] Some third-party IT service companies exist to supply consultants or contractors to help with IT tasks and projects. As organizations realize they can no longer meet their IT needs with existing staff, many turn to traditional IT consulting companies for help. While

1O106946.1 - 3 - Atty Docket .No. 039650-10

many consultants can provide strong solutions and excellent service, all too often the expense can outweigh the benefits provided.

[0010] Other third-party companies offer hosting or outsourcing services, so that business with IT needs no longer need to keep their IT infrastructure in-house or to maintain an in-house IT staff. Hosting or outsourcing services, however, can be extremely expensive. In addition, it can be very challenging to integrate other parts of the business with an IT system that is not situated in-house.

[0011] Small or medium sized businesses, in particular, face unique IT challenges. These businesses may have the same infrastructure needs as larger companies, but they cannot justify hiring full-time support. In addition, the capital expenses for necessary server and infrastructure hardware have a greater impact on small businesses. Typically, small or medium sized businesses hire freelance or consultant IT support for system installation, but fail to spend money on maintenance and patching. Because consulting fees are calculated according to billable hours, the cost of employing consultants can be very high and unpredictable, making it difficult to budget or to plan. Also, because these businesses only use IT professionals or. specialists for special projects or installations, day-to-day support is usually provided by someone with other business responsibilities, so IT support is not always available to end-users. Moreover, the choice of IT consultants for each project is motivated by cost; therefore, the consultants may vary from project to project, leading to the implementation of different, and potentially inconsistent, approaches and methodologies at a single customer site.

[0012] Third-party IT service companies, such as IT consulting companies, face challenges of their own. Many of these service companies were negatively impacted by recent downturns in the "tech sector." Consulting companies, in particular, have lost credibility over recent years,. and are often viewed at "people pushers" whose solutions may not be in the client's best interest. With a leaner and more competitive market, it is more difficult to keep the consultants that they employ on constant billable work, hi general, many third-party IT service company are finding that they have no long-term predictable revenue stream.

10106946.1 - 4 - Atty Docket No, 039650-10

[0013] Thus, both third-party IT service companies and their customers face challenges in an environment where businesses are demanding, higher return on investment for IT expenditures. . .

SUMMARY. OF THE INVENTION

[0014] To address the problems described above, the present invention provides a comprehensive managed services model that allows a third-party information technology (IT) service company to assume responsibility for monitoring, administering, and maintaining a business' IT infrastructure, hi addition, the cost of a comprehensive managed services model is predictable and lower than the cost of handling the same monitoring, administration, and maintenance tasks through an internal, or in-house, IT staff. Meanwhile, the comprehensive managed services model provides the third-party IT service company with a long-term predictable revenue stream.

[0015] In an exemplary system, the third-party IT service company offers various packages of managed services, and the customer is charged according to a subscription-based pricing scheme. While the packages may contain a predefined set of services, the managed services model also permits selection of individual services in a-la-carte fashion to create a customized solution that exactly fits the customer's needs and requirements. The managed services model also allows the third-party IT service company to partner with affiliate IT companies to deliver the services. The combination of automated IT services and a flexible, yet predictable, pricing scheme reduces IT costs while maintaining the stability and performance of the customer's IT infrastructure.

[0016] These and other aspects of the present invention will become more apparent from the following detailed description of the preferred embodiments of the present invention when viewed in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0017] FIG. 1 illustrates an exemplary system architecture that provides a managed services solution.

[0018] FIG. 2 illustrates an exemplary process for implementing a managed services solution.

^■10106946.1 - 5 - Atty Docket No. 039650-10

[0019] FIG. 3 illustrates exemplary process for implementing a managed services solution from the perspective of the third-party IT solution provider.

[0020] FIG. 4 illustrates another exemplary process for implementing a managed services solution from the perspective of the third-party IT solution provider.

[0021] FIG. 5 illustrates the steps for building a comprehensive managed services offering.

[0022] FIG. 6 illustrates the steps for developing an operations process for a comprehensive managed services offering.

[0023] FIG. 7 illustrates the steps for developing a comprehensive managed services marketing plan.

[0024] FIG. 8 illustrates the steps for selling the comprehensive managed services solution.

[0025] FIG. 9 illustrates the steps for building the comprehensive managed, services process.

[0026] FIG. 10 illustrates the steps for providing comprehensive managed services support.

[0027] FIG. 11 illustrates an example flowchart that summarizes how the sales, engineering, and operations teams work together to sell and implement a managed services offering.

, DETAILED DESCRIPTION

[0028] The present invention provides a comprehensive managed services model, or solution, which a third-party information technology (IT) service company can implement to improve management of a' client's IT infrastructure while lowering the cost of system maintenance and administration for the client. The comprehensive managed services solution reduces administrative overhead and improves operational efficiencies for customers, while providing an up-to-date, stable, secure, and optimally tuned IT infrastructure. [0029] The present invention enables customers to outsource information technology functions and simplify the management of their IT infrastructure. By assuming system management and security responsibilities from the customer and by providing end-user support services, the managed services solution permits the customer to focus on the long-

1O106Θ46.1 - 6 - Atty Docket No, 039650-10

term strategic needs of the customer's organization rather than the routine maintenance and troubleshooting required to keep the IT infrastructure, stable. For instance, such long-term strategic technology objectives, which deliver higher value and contribute to the growth of the business, may include: intranet portal services for employees, extranet portal services for customers, line of business applications, employee technical training, database development and management, application performance reporting, management of digital dashboards, web site development and management, aligning IT goals with long-term vision of the management team, and acquiring professional training and certifications. [0030] FIG. 1 illustrates an exemplary system architecture 100 that provides a comprehensive suite of managed services to a customer at client site 120. Managed services provide benefits in three notable areas: system monitoring and event notification, server and desktop management, and local-area-network (LAN)/wide-area-network (WAN) management. Specifically, the managed services may include, but are not limited to, system monitoring, IT help desk services, patch management, backup management, e-mail services, file/print services, faxing services, telephone and voicemail system management, anti-virus protection, spam filtering, vulnerability assessments, digital rights management, as well as IT staff and end-user training.

[0031] As further shown in FIG. 1, the system architecture 100 has a data center 110 which is located remotely from the client site 120 and is managed by the solution provider. As used herein, the term solution provider refers to any third-party IT service company that implements the comprehensive managed services model according to the present invention. Such companies may include, but are not limited to, IT consulting companies, IT contractors, IT support companies, or computer software or hardware vendors.

[0032] Although the system architecture 100 may employ remote management of customer systems, the solution provider's services may include on-site visits or even continuous on-site presence. As illustrated in FIG. 1, the data center 110 includes a systems management/update server 111, a server management system 112, an anti-spam server 113, and an anti- virus server 114. It is understood, however, that the data center 100 may include additional systems necessary to provide the managed services desired by customers. Although, it is also understood that the servers can be located at a remote location, e.g. through a hosting service, it may be preferable that servers are located locally at the client site

10106946.1 - 7 - Atty Docket No. 039650-10

120, in order to make business operations less vulnerable to interruption when there are problems communicating over the network to remote facilities.

[0033] In general, there are several approaches to managed services that are based on where staff and hardware are physically located and what services are being provided. Some offerings may provide only remote monitoring and security, data warehousing and hosting, or packaged software distribution. Because of this potential for variation, the present invention is flexible and provides many embodiments of a comprehensive managed services solution. [0034] The system management/update server 111 facilitates server and desktop management by automating deployment of operating system and application patches and upgrades to end-user systems, e.g. workstations. The release of patches and upgrades are controlled from a central administration console, which ensures that computing environments are standardized throughout the enterprise. In general, the system management/update server 111 allows sophisticated, monitoring, analysis, testing, deployment, reporting, and enforcement of software updates from the data center 110.

[0035] As described further below, the solution provider and the customer can enter into a service level agreement (SLA). This SLA may govern how patches and upgrades are deployed. Software updates may be prioritized according to a severity rating system. In addition, the SLA may set out deadlines for the deployment of the software updates according to the severity rating system. For instance, the rating system may categorize software updates, such as patches, as: critical, important, moderate, and low. A "critical" patch, for example, may address a security threat that can spread easily and quickly, such as an Internet worm. An "important" patch, for example, may address a security vulnerability that that does not spread easily. Meanwhile, a patch of "moderate" or "low" severity, for example, may involve deployment of service packs, BIOS updates, or firmware that address problems with a moderate or low impact. Accordingly, as a further example, an SLA may require "critical" updates to be deployed within three days, important updates within two weeks, and moderate or low updates within three months. In addition, other software updates can be categorized as functionality upgrades or major version updates. In these cases, for instance, the SLA may require functionality upgrades to be rolled out within six months and major version updates within one year.

10106946.1 - 8 - Atty Docket No, 039650-10

[0036] The server management system 112 facilitates the central administration of many servers from the data center 110. In particular, operating systems and applications can be automatically installed on dozens or even hundreds of bare metal systems across large, scaled-out installations. Thus, the servers have consistent configurations.

[0037] The anti-spam server 113 provides centrally-managed intelligent spam filtering for enterprise- wide mail and messaging . systems. Meanwhile, the anti-virus server 114 provides centrally-managed protection from computer viruses for all servers and end-user computers.

[0038] In order to provide the managed services in the architecture 100, the customer may be required to have broadband Internet access and to maintain software maintenance agreements with the software vendors and hardware maintenance/spare plans with the hardware vendors.

[0039] As further illustrated in FIG. 1, the system architecture 100 also includes a remote monitoring system 130, a remote backup system 150, and a remote web services system 150. These remote systems demonstrate that any number of the managed services offered by the third-party solution provider can be provided from other sites managed by other parties who have partnered with the solution provider. It is understood, however, that the managed services can be provided entirely by a single solution provider.

[0040] The remote monitoring system 130 may employ a monitoring agent for the customer's servers, workstations, and network devices at client site 120. Monitoring agents may also be used with temperature and humidity probes to ensure a proper operating environment for servers and other devices. The solution provider is automatically notified of any equipment failure or performance problems, and most issues are resolved by the solution provider before the customer becomes aware of them. In general, the monitoring system 130 provides advanced problem notification to promote faster problem resolution and to minimize downtime.

[0041] The monitoring system 130 may provide automatic alerting and escalation based on customizable thresholds, which may correspond with an SLA between the customer and the solution provider. The monitoring system 130 may provide the customer with periodic health reports on each server, including information on alerts received from the server and actions taken, as well as metrics, such as disk, memory, and processor usage.

10106946.1 - 9 - Atty Docket No. 039650-10

[0042] The remote backup system 140 may provide remote backup over a standard broadband connection onto on tape, optical device, disk, or other storage media. The backup strategy and retention periods for the backups generally depend on the customer. The backup strategy may also correspond to a disaster recovery plan. Moreover, the backup system 140 may permit a convenient way for the customer to initiate small-scale data restorations. [0043] The remote web services system 150 includes website hosting 151 and DNS hosting 152, which allows the customer to maintain a public website. [0044] Advantageously, the present invention permits managed services to be provided according a variety of pricing schemes. The system architecture, such as the exemplary embodiment illustrated in FIG. 1, provides the efficiencies of automation. [0045] In addition, with many customers and standardized operations, the solution provider benefits from economies of scale. For instance, as small and medium-sized organizations become more dependent on information technology and the Internet, they increasingly want features, functionality, and security that in the past were available only to large enterprises. However, the expense required to design, deploy, and maintain such an environment is often too great for small and medium-sized organizations. Due to economies of scale, a solution provider can provide smaller customers services that previously were only available to large organizations, at a reasonable cost.

[0046] Accordingly, the solution provider can offer a flexible, yet predictable, pricing plan. Offerings based on the comprehensive managed services model may include, without limitation:

• Fixed-fee, per-device support with no customer ownership of hardware: The customer is charged a predictable amount per network device (e.g. server, workstation, or router) over a specific period of time (e.g. one to three years). This monthly fixed fee can include all hardware, software, and services required.

• Fixed-fee, per-device support for customer-owned hardware: If the customer chooses to purchase hardware and software via their existing vendor or leasing agent, the monthly fixed fee amount includes the services required to remotely monitor, patch, and upgrade all network devices and systems under management.

10106946 1 - 10 - Atty Docket No, 039650-10

• Time-and-materials billing: In some cases, the solution provide? may offer a fixed fee charge for the initial configuration of the environment (assessment, standardization, and upgrades), but the customer pays for all ongoing administration for monitoring, maintenance and site visits entirely on a time and materials basis. The initial configuration can also be provided on a time and materials basis.

[0047] The fixed-fee, per-device support offerings above are examples of subscription- based pricing arrangements. It is understood that subscription-based payments can be made per-employee or per-service, rather than per-device. Moreover, subscription-based arrangements are not limited to payment according to monthly interval. [0048] In a particular example, the solution provider may offer a subscription-based pricing scheme, where the fixed-fee is based on the selection of managed services selected by the customer. The business can select a managed services solution that more closely fits its needs. In general, a subscription-based pricing scheme involves low up-front investment costs and requires no long-term commitments. However, the length of agreements between the solution provider and customers preferably last at least twelve months from the date of system installation.

[0049] As described in detail below, while the packages may contain a predefined set of services, the managed services model also permits selection of individual services in a-la- carte fashion to create a customized solution that exactly fits the customer's needs and requirements.

[0050] Because there are also costs associated with pre-deployment activities, the solution provider may charge fees for initial setup activities. In particular, the solution provider may charge a fee for a pre-deployment assessment of the customer's existing IT systems. The assessment fee accounts for travel requirements, pre-assessment discovery, analysis of the customer's server network and supporting infrastructure, as well as creation of a report. The assessment fee also depends on the type, size, and location(s) of the customer's infrastructure. The solution provider may charge the customer a one-time setup fee or amortize the setup costs over the customer's periodic subscription payments. [0051] Specific examples of pricing for a managed services solution are described further below.

10106946.1 - 11 - Atty Docket No. 039650-10

[0052] The system architecture of FIG. 1 also enables rapid deployment of the managed services solution. FIG. 2 illustrates basic steps in an exemplary implementation of a managed services solution. The information gathering phase takes place in the first step 210. The solution provider may conduct pre-assessment meetings with key management and functional area representatives on the client side. The solution provider may also collect any relevant documentation on the customer's current infrastructure. After gathering the necessary information .from step 210, the solution provider should understand the customer's organizational needs, critical issues and systems, system boundaries, and the managed services that the customer wants to receive. The information may be incorporated into a document that formally outlines the scope of the implementation project. The document \should finalize the systems and services that are within the scope of the project. The document may also describe the expected outcomes as well as final acceptance procedures. [0053] The analysis and planning phase take place in the second step 220. The solution provider assesses the customer's current infrastructure and identifies deficiencies, or gaps, in the current system. To complete the assessment, the solution provider may find it necessary to conduct site visits and interview IT staff and end-users to validate existing documentation and processes. In addition, the solution provider may conduct performance monitoring and usage analysis of existing systems. Such information may be useful, for instance, in determining whether existing systems can be consolidated. During this step, the solution provider may create documentation to supplement the existing documentation. An architecture design is developed according to the operational efficiencies and opportunities that the solution provider has identified during the assessment of the customer's infrastructure.

[0054] The analysis and , planning phase of step 220 also includes transformation planning. The transformation plan identifies risks and required resources, creates a budget, and outlines a deployment timeframe with expected outcomes.

[0055] Additionally, in step 220, the solution provider may conduct a detailed cost- benefit analysis, which may include a total-cost-of-ownership (TCO) and/or a return-on- investment study.

[0056] The transformation phase takes place during step 230. Dedicated teams implement the transformation plan developed during the analysis and planning phase in step

10106946.1 - 12 - Atty Docket No. 039650-10

220. For example, the following teams may be organized: Patch Management .and Upgrade Team, Server Consolidation and Optimization Team, , Messaging (e.g. e-mail) Team, Thus Client Computing Team, Network Infrastructure Team, Storage Team, and Process (e.g. change management, configuration management) Team.

[0057] The transformation phase of step 230 ' creates an up-to-date, secure, and financially viable foundation for IT operations. Before the managed services solution is deployed enterprise-wide in step 240, however, the system is first lab tested and a pilot implementation is evaluated. A follow-up is conducted for each risk identified in the transformation plan. At the conclusion of step 230, all decisions have been made and tested so that everything is ready for the rapid and trouble free deployment and operation in step 240.

[0058] In step 240, functionality is verified and customer accepts by signing off. The operation of the system is then transitioned, or handed off, to the solution provider. The solution provider assumes responsibility for the managed services and devices outlined in the contract between the customer and solution provider. The managed services solution is integrated with the customer's existing operations environment. The solution provider employs a comprehensive operations plan, which incorporates best practices. [0059] In step 240, users are also trained to use new features of the new IT solution, streamline business processes, and realize business value. In addition, all documentation is finalized and turned over to the customer.

[0060] Managed services offerings expand a solution provider's ability to address customer needs and fill gaps left by traditional consulting companies. The comprehensive, yet flexible, managed services model allows a solution provider to build a foundation for long-term revenue generation for its organization. By creating customized solutions based on the comprehensive managed services model, the solution provider increases both short-term business opportunities and long-term revenue stream. A business based on the comprehensive managed services model is both proactive and predictable, enabling the solution provider to increase its revenue and improve its employee retention. Applying the comprehensive managed services model helps the solution provider create long-term business relationships both internally among its teams and externally with its customers.

10106946.1 - 13 - Atty Docket No. 039650-10

[0061] FIG. 3 illustrates an exemplary process for implementing a managed services solution from the perspective of the third-party IT solution provider. From a high level, the process includes a sale step 310, a transformation- step 320, an on-site installation step 330, and a maintenance step 340. Aspects of these steps are described in further detail herein. [0062] To implement a comprehensive managed service offering, the solution provider considers the requirements of implementing the infrastructure and services offerings for both its organization and its customers. Before its organization offers managed services to its customers, the solution provider creates an infrastructure capable of providing those services. After its internal infrastructure is prepared, the solution provider then prepares the necessary infrastructure for each new customer.

[0063] The major phases of creating a comprehensive managed services infrastructure include deciding which services to include, developing internal processes for handling management tasks, and developing and documenting technical procedures. [0064] The first phase in creating a managed services infrastructure is to determine the services that should be provided. When the solution provider is planning to provide remote management services, it might find many components of its proposed offering duplicates services that is has already been performing. In this case, once the solution provider begins offering comprehensive managed services, it can benefit from the core competencies it already has, but may partner with other organizations and solution providers to cover services outside of those core competencies. However, the solution provider's areas of core competence grow as its organization's skills, experience, and confidence grow under the managed service model. >^τ

[0065] To manage and secure customer environments comprehensively, the solution provider must have a strong technical infrastructure and associated internal services. The solution provider may take either a centralized or decentralized approach to establishing the infrastructure components required to provide managed services. Depending on the solution provider's goals and core strengths, its infrastructure approach may be more or less centralized. For a centralized system, the solution provider adds the required functionality to its existing infrastructure. ■

[0066] However, the comprehensive managed services model is flexible in terms of centralization, so the solution provider can choose the most efficient mix of internal and

10106946.1 - 14 - Atty Docket No, 039650-10

external resources to support its offerings to customers. Thus, if a centralized approach is not viable, a solution provider can create a virtual data center through a combination of centralized services and strategic relationships with third-party affiliates who specialize in a specific area. In general, an affiliate is another third party that is contracted to provide components of the managed services offering that¹ are beyond the solution provider's resources or goals. Through affiliates, the solution provider can gain the benefits of economies of scale, lower the operations costs, and reduce liability.

[0067] FIG. 4 illustrates exemplary phases which enable a third party IT solution provider to develop a managed services business. The phases include: building a comprehensive managed services offering (step 500), developing an operations process for a comprehensive managed services offering (step 600), developing a comprehensive managed services marketing plan (step 700), selling the comprehensive managed services solution (step 800), building the comprehensive managed services process (step 900), and providing comprehensive managed services support (step 1000).

[0068] FIG. 5 illustrates exemplary steps for building a managed services offering 500. The step 510 involves identifying business opportunities. In other words, a solution provider first identifies potential clients and the demand for a potential managed services offering. Business opportunities may include chances to provide customers with: a cost-effective monitoring, management, protection, and support solution; infrastructure technology; solutions based on enhanced knowledge of customer needs and an in-depth understanding of their current environment; or customer expansion services (e.g. remote offices and secure VPN access). Other opportunities that might arise include: selling and configuring core infrastructure hardware; licensing and deploying core infrastructure software; or providing supporting technology solutions like VoIP, intrusion detection systems, or thin clients. [0069] The greatest opportunity for selling comprehensive managed services to small and medium-sized businesses may occur when the business:

• has limited or no in-house IT staff

• has limited or cost-prohibitive support available in the organization's location(s)

• has many small locations making on-site IT staff less cost efficient

• is frustrated with other support options that are inefficient or ineffective

10106946.1 - 15 - Atty Docket No. 039650-10

• require Internet connectivity, but are concerned about security risks

• desire improved cost efficiencies through the use of up-to-date technology

• recently lost their in-house IT support

• is a rapidly, growing organization that is looking to add more help desk or LAN administrators to handle routine tasks such as applying security patches, maintaining virus updates, changing, passwords, or proving compliance with

■ business integrity regulations

• is a new organization that is looking to hire an internal computer person

• is an organization that is acquiring other organizations and trying to integrate the systems cost effectively

• is a new organization that has been spun off from an existing larger organization and has no current IT staff

• is a K- 12 school district that cannot afford to hire internal IT staff year-round

• is a local government that cannot afford a full-time IT department

• is an organization that possesses server, desktop, or network hardware under a lease that is about to expire

• is an organization that knows they must replace their server hardware

• is organization seeking to reduce capital expense due to hardware and software licenses purchase

• is an organizations that want to spread payments over time

• is a progressive business that recognizes the value of its IT investment and seeks maximum leverage through comprehensive support

• is a customer looking for cost-effective way to gain access to IT experts [0070] Large, or enterprise organizations, face many of the same challenges as small and medium-sized organizations, and the opportunities for a comprehensive managed services solution are similar. However, a solution provider's approach toward larger customers may be dramatically different.

[0071] A comprehensive managed services solution may compliment the enterprise customer's internal staff. As a result, the in-house IT staff can focus on being system architects, strategists and project managers, while the solution provider's staff handles day- to-day IT operations and assists with implementing the latest technologies.

10106946.1 - 16 - Atty Docket No, 039650-10

[0072] An opportunity to sell a managed services solution to an enterprise oustomer may arise after the solution provider has helped the customer with an upgrade or the roll-out of a new technology. The solution provider may attempt to sell a managed services package that maintains the new system. Enterprise customers rriay also be likely to subscribe to a managed services package when members of the in-house IT staff leave, when the company grows, or when the IT work load is increasing.

[0073] Enterprise customers may purchase comprehensive managed services in an a-la- carte fashion - starting out with monitoring and patching, for example - rather than purchasing full management as many small and medium-sized organizations may choose. In addition, enterprise customers are more likely to purchase managed services for systems they deem strategic for the organization. They need these systems to be predictable and want a proactive level of IT management rather than the reactive, chaotic environment. [0074] As further illustrated in FIG. 5, step 520 involves the creation of a business plan. A good business plan focuses on three major areas: selling and marketing managed services to customers; creating a cost effective technical managed services solution for the customers; and providing operations and ongoing support for managed services. A general business plan may include the following sections:

• Executive Summary o Mission Statement o Vision Statement o Objective

• Company Information o Ownership o Locations o Organizational Structure

• Services ' o Service Descriptions o Competitive Analysis

. o Sales and Marketing Overview o Fulfillment o Technology

10106946.1 - 17 - Atty Docket No. 039650-10

o Future Products

• Strategy and Implementation o Strategic Initiatives o Milestones o Employment Strategy o Customer Strategy o Partner Strategy ^• o Pricing Strategy o Promotion Strategy o Competitive Strategy o Marketing Strategy o Sales Strategy o Sales Forecast o Back Office Strategy o Investment Strategy o Growth Strategy

• Market Analysis

• Management Summary

• Financial Plan

• References

[0075] As shown in FIG. 5, another step 530 in building a managed services offering is determining whether adding a comprehensive managed services offering is right. In this particular step, the solution provider assesses whether it has the core skills needed to build a comprehensive managed services offering. In addition, as discussed further below, a solution provider, in step 530, assesses requirements for infrastructure, administration and staff, facilities, marketing, and training.

[0076] To launch a comprehensive managed services offering, the solution provider needs a solid, reliable infrastructure. In particular, the solution provider's organization must be able to provide remote management, notification, and reporting capabilities for the customer environment. This does not necessarily mean that a large investment is required, as the solution provider may already have many of the necessary infrastructure components in

10106946.1 - 18 - Atty Docket No. 039650-10

place. Depending on the depending on existing infrastructure, a solution provider may provide comprehensive managed services in several ways:

• Use an existing data or network operations center: If the solution provider already has a data or network operations center, it can leverage that investment for managed services. '

• Create a virtual data center: Advances in security technologies make it is easier than ever to deliver managed services regardless of geography. Thus, a solution provider can integrate standard phone systems, e-mail systems,. and voice over IP (VoIP) technology with remote desktop utilities to provide routine management and user support.

• Work with affiliates: As mentioned previously, by working with affiliates who specialize in services like anti-virus solutions, the solution provider can take advantage of economies of scale without needing to invest in additional staff and equipment.

[0077] Whether a solution provider delivers comprehensive managed services through its own operations center, a virtual data center, or affiliates, the infrastructure needs to provide:

• Remote access to customer sites: Remote access dramatically improves response time. The solution provider can establish remote access through VPN tunnels. Whatever technology is selected, using a single access method is preferred, to improve operational efficiency.

• Internal process management procedures: These procedures help ensure the solution provider meets customer agreements by providing standardized call continuity, problem logging, issue resolution, and customer change management.

• Call center capability: The solution provider must be able to receive customer calls or e-mail requests properly, log the issue presented, and track the issue through to resolution.

[0078] As mentioned above, step 530 requires assessing administrative and staffing requirements and costs. Establishing a successful managed service offering requires coordinated sales, technical, and administrative teams to provide tailored solutions to each

10106946.1 - 19 - Atty Docket No. 039650-10

customer. If the solution provider already provides infrastructure solutions, the roles necessary for the new managed services offering can be easily added to existing staff responsibilities. As_. the managed services client base grows, specific staff may need to be dedicated to each of these roles.

[0079] In addition, the solution provider might need legal help to review customer contracts and affiliate agreements and accounting staff to track managed services revenue and costs. Accounting staff might also need to address credit checks, credit card payments, and invoicing in advance.

[0080] As the managed service organization grows, the solution provider may create a website to enable internal employees and customers to view reports, track .changes, open incidents, and make change requests. Staffing and administration costs depend completely on how quickly the solution provider wants to expand its managed services business.

Preferably, staff should grow as business dictates instead of hiring many people with the hope business will come.

[0081] In step 530, the solution provider also assesses marketing requirements and costs.

When a solution provider starts a comprehensive managed services offering, it may use existing sales representatives to promote it, thereby making sales staff requirements and costs virtually nonexistent. The only requirement is training.

[0082] The solution provider needs to develop marketing materials to help sell a comprehensive managed services offering. These materials may include:

• Brochures

• Case studies }

• References

• Web sites • , ^■

• Sales templates

• Sell sheets

• Pricing guide

• FAQ

• Presentation materials

[0083] The solution provider may also want to consider developing:

• Call campaigns

10106946.1 - 20 - Atty Docket No. 039650-10

• Web seminars . »

• Seminars

• Radio and TV ads

• Billboards

[0084] Additionally, the solution provider, in step 530, assesses training requirements and costs. Training that covers the managed service model is generally required for staff. The technical staff is instructed to follow best practices documentation, including how to set up, configure, optimize and maintain each type of server on a daily, weekly, monthly, and quarterly basis.

[0085] Furthermore, step 530 requires an assessment of facilities requirements and costs. Providing comprehensive managed services does not require a network center. If the solution provider already has such facilities, it may choose to leverage that investment for the managed services offering. However, as discussed previously, the solution provider can implement comprehensive managed services without data center facilities if customers choose to keep their servers in their own facilities.

[0086] If a customer wants the services of a full data center, the solution provider may rent rack space from a suitable data center provider. The cost to rent rack space is typically pay-as-you-go. If a hosted setting is selected, the solution provider may either resell it or let the customer purchase it in the customer's name. A cost-effective way to start offering comprehensive managed services without investing in any facility is to use affiliates to provide monitoring, patching, and end-reporting services.

[0087] Technologies, such as e-mail, instant messaging, text messaging, pagers, and cell phones, make it easy for staff members who provide managed services support to be notified automatically by affiliates when thresholds are exceeded. Laptops, cell phones, and pagers can often replace the need to invest in buildings. Taking a virtual data center approach enables the staff to bill more hours at customer sites rather than spending time watching a monitor or traveling between locations.

[0088] On the other hand, the solution provider may choose to have a small office for administrative staff, meeting space, Internet connectivity, and access to a color printer and marketing materials, or if the solution provider offers repair services, hardware and software resale, or training services.

10106946.1 - 21 - Atty Docket No. 039650-10

[0089] As illustrated in FIG. 5, the step 540 requires identifying the organizational impact of adding a comprehensive managed services offering. In particular, it is necessary to understand the impact on technical staff, operations, and sales and marketing. Before starting a comprehensive managed, services offering, it may be necessary to communicate the vision of this new model to employees. In particular, the reasons for adopting this business model may need to be communicated to ensure that the staff understands the benefits to both the customers and the solution provider's organization. The framework of the comprehensive managed services offering should be explained, stressing the benefits to the company. [0090] When moving to a comprehensive managed services offering, technical staff will be required to be on call 24 hours a day, seven days a week. In addition, operations staff will need to:

• Handle more customer calls and communication

• Arrange agreements and manage integration with affiliates

• Generate and collect more invoices

• Make credit checks

• Arrange to receive credit card payments

• Consult with an accountant to prepare profit and loss statements

• Work with legal counsel to review and modify contracts

• Obtain or increase appropriate insurance and increase general liability amounts

[0091] Comprehensive managed services will affect how the sales and marketing staff work. Educating the sales staff is critical to a successful transition, as is seeking their input on how to package and price a comprehensive managed services offering. After an offering is positioned, sales and marketing staff should be encouraged to seek customer input as they communicate the overall vision.

[0092] After a comprehensive managed services offering is established, the sales -staff should conduct regular month-end reviews with customers. They should review trend analysis and solicit feedback. In addition to the customer and sales representative, a senior technician and the account manager should participate. Good marketing and sales materials are critical.

10J06946.1 - 22 - Atty Docket No, 039650-10

[0093] Referring again to FIG. 5, step 550 requires designing the business model architecture for the comprehensive managed services .offering. A comprehensive managed services offering requires the following core building blocks:

• Remote monitoring

• Automated reporting

• Remote control and troubleshooting capability

• Event notification

• Trend analysis

• Monitoring

• Managing

• Optimizing

• Protecting

• Patch management

[0094] Depending on the solution provider's assets, it might choose to leverage an existing network operations center, data center, or monitoring solution that already exists in- house. If these facilities are not available, an affiliate can help get a monitoring and patch management system in place quickly and cost-effectively. Building the infrastructure internally requires substantial financial investment in hardware and software. Thus, the technical staff should identify the most cost-effective solution for the organization.. [0095] Steps 610-680 of FIG. 6 illustrate the steps required for developing an operations process for a comprehensive managed services offering. Step 610 requires defining personnel requirements for operations support, which includes defining personnel requirements and descriptions and defining compensation plans. The current size of the solution provider's organization and the skill levels of its operations staff are major factors in how the solution provider applies the comprehensive managed services model. To ensure that the managed services are consistent and stable, the staff must be able to handle the increased technical and administrative workload. Depending on the size and nature of its organization, the solution provider may combine some positions or split others up among part-time staff. Regardless of how the staff roles are defined, the staff must be able to meet the customer needs generated by the solution provider's managed services offerings.

10106946.1 - 23 - Atty Docket No. 039650-10

[0096] In some cases, the solution provider already maintains a consulting practice with technical and support staff. Thus, it may already have all the necessary staff members in place, and all that is necessary is to adjust their key responsibilities to support the managed service offerings. In any case, the following position descriptions illustrate the personnel that may be required for providing comprehensive managed services. The positions are not presented as requirements. ,

• The billing administrator performs tasks that apply standard accounting principles, procedures, and techniques. The primary objectives of the billing administrator are to support staff by administrating accurate and timely accounting, to improve efficiency, and to enhance customer service.

• The financial analyst is responsible for developing and maintaining highly complex financial information, plans, and projections by applying knowledge of advanced financial theory and understanding of both the solution provider's organization and the customer. Financial analysts are assigned to complex projects that require return on investment (ROI) or cost analysis breakdowns.

• The contract specialist provides assistance and oversight in the preparation and negotiation of contracts and subcontracts. The contract specialist serves as the liaison between the solution provider and other vendors and service companies, as well as with customers. The contract specialist also ensures that all contractual revisions are mutually accepted, communicated, and documented according to the specified change control process.

• The operations manager must balance costs and value while providing general oversight, including responsibility for personnel management, solution development, revenue growth, customer satisfaction, profitability, and business coordination. The operations manager should have an excellent understanding of sales processes, competitors' strategies, technology and industry trends, financial implications of technology decisions, and legal and regulatory requirements.

• The systems engineer provides infrastructure analysis and recommendations and is responsible for monitoring internal and customer systems from both a technical and financial perspective. The systems engineer must stay current with technology

10106946.1 - 24 - Atty Docket No, 039650-10

and the competitive marketplace as well as assist in defining, planning, and overseeing technical operations.

• The technical specialist provides technical expertise and guidance in the design, testing, documentation, implementation, and maintenance of IT systems.

•, The project manager ensures that the project is delivered on time, does not exceed its budget, and meets the customer's needs by maintaining a cooperative, motivated, and successful project team and ensuring that any affiliates involved in a project meet or exceed delivery expectations.

• The staff coordinator provides leadership and overall management of all technical staff and must be able to respond staff allocation conflicts and requests expeditiously.

• The sales and customer liaison is responsible for working directly with and on behalf of the managed services customers. Customer liaison staff will coordinate

_ and support a variety of tasks to ensure that customer needs for solution deployment and support are addressed. A sales and customer liaison is a customer's primary point of contact and essential to ensuring that solutions are aligned with customer needs.

[0097] Applying the comprehensive managed services model introduces new customer requirements and demands to meet the terms of service level agreements. In many cases, meeting expectations requires providing round-the-clock support every day of the year. Sales people, technicians, and help desk staff are directly affected by these requirements. As a comprehensive managed service provider, the solution provider must have technical specialists, help desk staff, and even sales and customer liaisons who are available on very short notice. Staff members who meet the need for off-hour support typically will expect a different compensation package than personnel who work traditional business hours. By creating and defining specific compensation plans for the resources, the solution provider is proactive in ensuring the happiness, stability and growth of those resources, and in return has the ability to provide flexible, reliable, and consistent customer support for managed services customers.

lβlO6946.1 - 25 - Atty Docket No. 039650-10

[0098] In step 620 of FIG. 6, the solution provider creates comprehensive managed services architecture designs. This step involves choosing the degree of centralization, designing vendor affiliations, organizing the internal architecture, and creating standard customer architecture designs.

[0099] The basic design for the managed services infrastructure should be transparent to customers, but the degree of centralization of the infrastructure is important within the solution provider's organization. Before the solution provider plans and implements its managed services infrastructure, it carefully evaluates the organization's immediate business needs, as well as its long-term plans for providing comprehensive managed services. [0100] As described above, taking a decentralized approach enables, the solution provider to deliver the same capabilities without requiring a large capital investment in a physical data center. The decentralized approach leverages data and communication technology to provide a virtual network operations center at a much lower cost than a traditional operations center. Due to advances in firewall and other security technologies, the influence of geography on how the solution provider organizes its staff and other resources is minimized. For example, the solution provider can integrate standard phone systems, e-mail systems, and voice-over-IP (VoIP) technology with remote desktop and remote assistance software to provide routine management and user support. Customers can place a call or send a message for support and receive the same prompt response they would receive from a traditional operations center. Unlike a centralized system, a support call in a decentralized system can involve a user in one location, a support call worker at a different site, and a technician at yet another sijte.

[0101] As the solution provider plans how to provide comprehensive managed services, it might determine that it can provide some services with minimal retooling or change of focus with respect to its core competencies. However, other services, though critical to a comprehensive offering, might be outside the solution provider's current areas of expertise and would require substantial investment. In such cases, the solution provider may decide to offer these services through a strategic affiliation with another third party rather than by developing the ability to provide them internally.

[0102] When the solution provider decides to provide some elements of the managed services through affiliates, it consolidates all of the affiliate offerings and presents them as a

10106946.1 - 26 - Atty Docket No. 039650-10

single package for the customer. Because the single solution provider is responsible for the total package, selecting the right affiliates and establishing clear lines of accountability are critical tasks.

[0103] The first step in selecting affiliates is to determine which elements of the managed service offering are provided internally and which are outsourced. In making this decision,^' the solution provider considers what services fall within a core competency of the solution provider and what services would require substantial investment in training, equipment, and staff. In addition, the solution provider considers whether it would take on additional liability by offering a service.

[0104] One example of a service that may be outsourced is remote backup service. In order to provide remote backups internally, a solution provider would have to make a large investment in Internet connectivity and mass storage. Anti-spam filtering and anti-virus protection may also be outsourced by managed services providers. Furthermore, because handling customer e-mail entails legal liability and the need for additional hardware and bandwidth resources, this core component of comprehensive service packages may also be outsourced to an affiliate.

[0105] After the services for outsourcing to affiliates have been selected, the solution provider identifies and selects affiliates to provide those services. Factors that enter into affiliate selection include technical competency, contract and licensing flexibility, responsiveness, and company culture.

[0106] The solution provider is responsible to the customer, so all services are provided in such a way that the customer cannot distinguish between the services that are provided internally and those that are provided by affiliates.

[0107] Contract and licensing terms with affiliates must support the customer offerings effectively. Because any outsourcing is transparent to the customer, all branding and licensing agreements reflect this requirement. Preferably, the selected affiliates see the mutual benefits of working together and are flexible enough to structure an agreement to meet both parties' needs. Affiliates with a core focus in the required area are preferably selected, rather than a company with a broad focus and potentially competing managed services offerings.

10106946.1 - 27 - Atty Docket No. 039650-10

[0108] Possible affiliates are also evaluated for their willingness to satisfy requests for technical development or support. Affiliates are preferably also flexible enough to expend development effort to accommodate the solution needs.

[0109] Finally, company culture is an important aspect of a potential affiliate. The relationship is more productive when both firms trust each other and are working confidently toward the same goal. This synergy has the best likelihood of occurring when affiliates have organizational goals similar to those of the solution provider.

[0110] The capacity of the remote management infrastructure is a significant factor in successfully offering managed services. The solution provider supplies monitoring, detection, response, and maintenance services for both its internal environment and for the facilities, equipment, and software that support customers. The solution provider's organization is a virtual operations center that provides on-demand, professional, and courteous support. The design of the virtual operations center depends on many factors, including customer requirements, the solution provider's capital investment, and the breadth of services it provides. The infrastructure supports the processes and procedures needed to record communications with customers properly and to respond to both planned and unplanned customer needs.

[0111] Establishing a comprehensive managed services environment for a customer requires the solution provider's sales and technical teams to work with the customer to determine the scope of the managed services agreement. To facilitate both professional sales engagements and efficient deployments, the solution provider develops at least one standard customer configuration that is used as a baseline for selling managed services agreements and deploying new customer environments. In other words, the standard customer configuration determines the infrastructure components that the customer must have in place before deployment of the solution provider's managed services.

[0112] A standard customer architecture design may require that the customer have: maintenance contracts with software vendors for all software covered under the managed services agreement; warranty coverage and/or a hot spare plan on all hardware covered under the managed services agreement; broadband Internet access; and remote access to customer systems, hi a particular, high-speed Internet access ensures that remote support can be

10106946.1 - 28 - Atty Docket No. 039650-10

provided appropriately. In addition, remote access to customer systems enables monitoring, management, and support from any location.

[0113] Preferably, remote access and other customer architecture requirements are defined in the customer agreement. Required improvements to the existing infrastructure may also be required as part of the transition process or as a separate consulting project before the managed services agreement takes effect.

[0114] As shown in FIG. 6, the step 630 in developing an operations process involves defining service level agreements and internal service policies. Step 630 may include: defining affiliate service level agreements, defining customer service level agreements, defining internal service level responsibilities, and defining effective compensation schemes. [0115] In addition to having a strong technical infrastructure, a solution provider also employs an effective set of service level agreements for affiliates and customers. Moreover, the solution provider also has clear internal policies that define the roles and responsibilities for staff members supporting the managed services offerings. . '

[0116] When the solution provider establishes standards for affiliate service level agreements, the agreements ensure that the affiliates provide products and services flexibly, and in compliance with the solution provider's branding needs. In particular, the affiliate agreements require that affiliates bill the solution provider directly and that all materials they deliver have the solution provider's branding or no branding at all.

[0117] While affiliate and customer agreements both define external relationships for the solution provider's organization, customer agreements are typically more numerous and more complex. When the solution provider defines an agreement with an affiliate, the solution provider generally only has to state its needs in sufficiently specific terms. However, when the solution provider defines a customer service level agreement, it must address the all of the customer's needs and expectations, as well as the solution provider's own internal process management needs.

[0118] The SLA between the solution provider and the customer defines the parameters of the services provided by the solution provider. The contents should include a specified level of service(s), support options, enforcement or penalty provisions for services not provided, a guaranteed level of system performance as relates to downtime or uptime, a specified level of customer support, and a detailed inventory of hardware and software

10106946.1 - 29 - Atty Docket No. 039650-10

supported. Additionally, a customer service level agreements may cover: incident management, problem management, configuration management, change management, release management, automated updating and patching, e-mail anti-virus and anti-spam, desktop and server anti-virus, backup services, remote monitoring and alerting, web hosting and DNS services.

[0119] Customer SLA's may also address the following areas: telephony integration, voice mail, faxing, voice over IP, web filtering and monitoring, intrusion detection and prevention, vulnerability assessment and remediation, digital rights management (DRM), secure e-mail, portal integration services, application web services, policies and procedures, inter-network device management (router, firewall, switches), web site hosting and DNS services, help desk services, and managed desktops and printers.

[0120] Of course, the individual service level agreements will depend on the type of services the solution provider provides.

[0121] After the solution provider signs an agreement with a customer, it is responsible for supporting the covered services established in the agreement. The solution provider has the staff and infrastructure to respond to any needs or service requests covered by the SLA.

As discussed previously, the solution provider may need to adjust its internal compensation schemes to retain the staff required to deliver the promised services.

[0122] Step 640 in FIG. 6 involves establishing scope of work standards, which addresses setting contract terms, determining invoicing parameters, establishing assessment fees, setting pricing options, writing service level agreements, providing customer reports, and setting cancellation fees.

[0123] Scope of work standards outline the topics and issues that should be addressed when defining what the solution provider and the customer expect from an engagement.

When the scope of work standards are used for a statement of work or a service level agreement, the essential project parameters are documented in a logical and consistent format. The scope of work standards minimize miscommunication and confusion, and help develop sound customer expectations and a collaborative consensus between the solution provider and the customer; Scope of work standards address all procedures and processes involved in fulfilling customer agreements, including cost information and any deliverables that customers receive. In particular, scope of work standards may be organized according to

10106946.1 - 30 - Atty Docket No, 039650-10

the following areas: background, project goals, deliverables, scope, requirements, resources and organizations, key tasks and schedules, and budgets.

[0124] Contract terms define standards and requirements for customers before the solution provider deploys and provides managed services. Well-defined contract terms for managed services may include provisions to address the following: ownership of custom software, e.g. software licenses, termination of licenses, and third party interests; warranties; limitation of remedies and liabilities; and indemnification of customer and the solution provider.

[0125] . Because the solution provider typically pays its affiliates a monthly fee in advance of receiving services, the solution provider preferably invoices its customers in advance for services to be provided in an upcoming period, e.g. the upcoming month. The solution provider preferably requires all new customers to pay their first month's invoice, in addition to an initial set-up fee, before beginning deployment or enabling their services.

Invoicing customers for the upcoming month's services and requiring the first payment before services help to minimize upfront costs.

[0126] In general, the solution provider's pricing options address the needs and concerns of the customers. To ensure the sales staff have flexibility in offering services, the solution provider establishes several pricing plans and variations as discussed previously.

[0127] When the solution provider begins a managed services relationship, it assesses and documents every element in the customer's current environment that might affect the migration to a managed services environment. A thorough assessment can uncover organizational problems that might affect the shift to managed services. The docμmentation generated by an assessment can help shape the service level agreement, while also providing a starting point for the migration plan and helping to estimate the cost of the customer transition. The solution provider may charge a fee for this assessment. The assessment fee accounts for travel requirements, pre-assessment discovery, analysis of the customer's server network and supporting infrastructure, as well as creation of a report. The assessment fee also depends on the type, size, and location(s) of the customer's infrastructure.

[0128] At the end of each month, or a specified period, the solution provider provides customers with a report on the health of each of their covered systems, any alerts received, and the actions taken to address each alert. The solution provider's customer support team

10106946.1 - 31 - Atty Docket No. 039650-10

may deliver these reports and review them with appropriate customer staff. These periodic reviews of system health reports provide customers the opportunity to ask questions, further identify their needs, and appreciate the value of the. solution provider's services. [0129] To protect the solution provider, the SLA also addresses occasions when a customer wants to cancel managed services entirely or remove specified devices or services from the original agreement. For instance, the standard SLA may require the customer to pay a charge for service cancellations or reductions. In addition, the customer may be responsible for liquidated damages due to the difficulty of determining actual costs, losses, and liabilities associated with an early termination.

[0130] Step 650 illustrates the creation of a cost analysis and return pn investment template. To provide comprehensive managed services profitably, the solution provider needs a thorough understanding of its organization's costs. Armed with knowledge of its own costs, a solution provider achieves an understanding of the fees it can charge its customers. Thus, the solution provider can communicate how much it can reduce a customer's IT spending and increase its ROI by moving them to managed services. To help ensure continuous, full knowledge of costs, the solution provider may establish a cost review process that verifies all costs before delivering a managed services proposal to a customer. [0131] The solution provider's accounting staff may conduct consistent cost reviews of each proposal before the sales team presents it to customers. A thorough cost analysis breaks down all relevant components of the proposed managed services offering, which may include:

• All hardware: desktops, servers, UPSs, routers, switches, firewalls, cables, printers, external disk, back-up hardware and media

• AU software licenses: operating systems, CALs, anti-virus and spam filtering, back-up and systems management software, and custom software

• Financing costs for leased components

• Affiliate costs: monitoring, anti-virus, spam filtering, back-ups, etc.

• Internal support: how much staff time is required for each service, including monitoring, notifying, on-call support, reporting, analyzing, optimizing, debriefing, patching, and upgrading

10106946.1 - 32 - Atty Docket No, 039650-10

[0132] The solution provider may also track costs in the following categories:

• Technical Specialist internal cost (folly burdened hourly rate): This is the average internal hourly rate (including all benefits) for junior technical staff who will be performing low-level managed services tasks like monitoring, first level on-call support, help desk support, remote support, troubleshooting, problem management and logging, testing all patches, patching, software distribution, performing routine maintenance, image backup, verifying that certain events occurred (back-ups, anti-virus update, patches applied), regular event-log analysis, preparing reports for senior consultants, and vulnerability assessments.

• Systems Consultant internal cost (folly burdened hourly rate): This is the average internal hourly rate (including all benefits) for senior technical staff who will be performing higher-end managed services tasks like level-3 on-call support, trend analysis, regular customer debriefing and strategizing, optimization services, customer research, vendor escalation support, high-end troubleshooting, and software upgrade planning and architectural design.

• Managed services setup cost: The cost associated with making a device ready to be managed. It should include all billable time for an upgrade, applying patches, or installing remote monitoring and management software.

[0133] The amount of time to complete a managed services task, such as applying a software patch, depends on the type and number of managed devices. For a customer with the same type of server at multiple locations, it might take a few hours to test a patch folly, but the test results will be valid for multiple servers.

[0134] The solution provider's technical staff estimates how many hours per month each task will take for each device and then calculates the total number of hours for all devices per customer. This total is then multiplied by the hourly rates for the technicians involved to determine the internal support costs. The total should account for any free support hours provided under the managed services agreement.

[0135] When analyzing monthly tasks for junior and senior technicians, the tasks to consider may include:

10106946.1 - 33 - Atty Docket No. 039650-10

• Monitoring

• First level on-call support

• Help desk support

• Remote support

• Troubleshooting

• Problem management and logging

• Testing patches

• Patching, software distribution

• Routine maintenance

• Image backup '

• Verify backups, anti-virus updates, patches applied

• Regular event-log analysis

• Preparing reports

• Vulnerability assessments

• Level-3 on-call support

• Trend analysis

• Regular customer debriefing and strategizing

• Optimization services

• Customer research

• Vendor escalation support

• High-end troubleshooting

• Software upgrade planning

• Architectural design

[0136] The solution provider's cost review process also accounts for all internal costs associated with each specific managed services offering. The solution provider decides how much to mark up each specific piece of the offering. For example, the solution provider may add 10% to the cost of hardware, 15%-20% to the cost of software, 20-25% to the cost of vendor affiliate services, and 40-50% to internal staff costs. The solution provider then totals the markups and costs and divides that total by the number of devices being managed to get a per-device monthly fee for the customer.

10106946.1 - 34 - Atty Docket No. 039650-10

[0137] To demonstrate to customers how much they can reduce their IT_* spending by using comprehensive managed services, the solution provider may create a return on investment (ROI) template. To create an effective ROI template, the solution provider needs to understand its internal cost structure and its customer's current IT cost structure. Direct costs that may require consideration include: •^' Internal staff costs

• Consultant fees

• Staff augmentation costs

• Internal staff training costs

• Internal staff mileage and travel costs

• Hardware, software, and services required for internal support staff

• Affiliate remote incident support costs

• Recruiter, advertising, and recruiter fees

• Subscription fees to publications for internal support

• Emergency support costs

[0138] With an understanding of the customer's direct costs, the solution provider may analyze this information to see which of these costs can be reduced or avoided by using managed services. In some cases, the biggest potential for cost savings may be realized by convincing the customer to delay hiring another internal IT support person. By avoiding the hiring of more IT staff and using comprehensive managed services, customers will not only save money, the customer will get a more stable and secure IT foundation for their work. The ROI template should make it easy to compare a customer's current costs to the anticipated monthly fee.

[0139] Customers probably incur a number of indirect costs by maintaining their current IT environment internally. Indirect costs are those that cannot be easily and accurately identified with a specific project. A customer might undervalue the potential savings gained by minimizing these costs, but the savings are real and should be taken into consideration when deriving the return on their investment. Some of the potential indirect savings include:

• Depreciation of hardware and software

• Cost of unplanned downtime

• Employee time lost to handling IT problems

10106946 1 - 35 - Atty Docket No. 039650-10

• Increased tax savings because managed services can be treated as an operating expense instead of a capital expense

• Increased employee productivity through use of the latest software

• Guaranteed secure environment that brings peace of mind

• Predictable IT costs

[0140] As further illustrated in FIG. 6, step 660 involves creating internal support processes, which includes creating a response process, creating an escalation process, creating an incident management process, and establishing communication standards. [0141] Strong internal support processes are important to keeping customers satisfied. By formally defining internal support processes, the solution provider establishes how its organization provides effective incident response, resolution, and follow-through. Without strong internal processes, the solution provider risks vague, ineffective incident responses and haphazard work by support' staff. By defining support processes, the solution provider sets the specific areas of responsibility for each of the staff roles. Using well-defined internal support processes, support staff work consistently, independently, and effectively. Some basic elements that may be a part of the internal support process design include: response; escalation, incident reporting, resolution reporting, closure reporting, and communication flow. An incident is an event that has interrupted or diminished the quality of services for a customer.

[0142] The primary goal of a response process is to restore normal .service operation as quickly as possible, thereby minimizing the consequences of a service interruption. Effective response management is a'*' complex process that requires interaction with many other support processes. The response process helps the solution provider to methodically address the following questions: . , ■

• Who will receive and acknowledge the incident?

• What information is required when customers report the incident?

• Who responds to the incident?

• What is the escalation process of the incident? • _. Who is part of the communication process?

• Who resolves the incident?

• Who closes the incident?

10106946.1 - 36 - Atty Docket No, 039650-10

• How is the incident tracked and reported? . .

[0143] The solution provider also defines level ofresponse by categorizing events. The categories indicate the severity and required response time for an incident. For example, events may be categorized according to the following levels:

• Level 1 - Technical issue - Halts productivity - 15-minute initial response to customer - Best effort and continued escalation until resolution

• Level 2 - Functionality issue - "How to" question - Delays productivity - 30- minute initial response to customer - Best effort and one business day for resolution

• Level 3 - Functionality — General question — Not delay to productivity — 60- minute initial response to customer - two business days for resolution

[0144] An escalation process determines who to contact and what steps to take when an initial response fails to resolve a problem. If the solution provider provides some services through affiliates, it ensures that the escalation process addresses problem resolution with those¹ affiliates. The escalation process may identify initial contacts, technical and core service specialists, management contacts, and executive contacts.

[0145] To manage incidents effectively, the solution provider establishes standards to guide its support staff to a successful and timely resolution. The complexity of the incident processes depends on the type and importance of the solution provider's services, service level agreements (SLAs), and the relationship between the solution provider and its customers. A larger client base may call for a more sophisticated incident management system to handle the workload.

[0146] Incidents are recorded in a timely and accurate manner. The incident reporting process may include the following components:

• Incident reporting contact and/or records

• A member of the solution provider's support staff who receives the incident alert

• Incident reporting system

• Repository for detailing and tracking

• Incident controls

• Customer's name

10106946.1 - 37 - Atty Docket No. 039650-10

• Details of events

• Date and time of all incident activities

• Time spent on resolving the incident *

• Incident communications

• Who to notify and under what circumstances

• Means of communication

• Incident classifications and priority based on SLA standards

• Response for each type

[0147] Creating an efficient and effective incident resolution process is important to the overall success of comprehensive managed services. Implementing a solid incident resolution process can help decrease down time for both the solution provider and its customers. Weak, or absent resolution processes can lead to serious service disruptions and declining customer satisfaction. " ^■■

[0148] The resolution process begins immediately after a customer reports a problem and establishes:

• Incident controls

• Incident classification and priority

• Whether the incident is new or can be matched to multiple incidents

• A support routing process for technical specialists or vendor affiliates

• Appropriate levels of notification to senior level management

• Communications processes (internally, with customers, and with affiliates) i [0149] After an incident is handled and resolved, all related information is recorded in the incident reporting system so.it can formally be closed. The incident closure process may document:

• Time and date the incident was reported

• Contact information for the person reporting the incident

• Details of the incident

• Actions taken to resolve incident

• Person or organization who resolved the incident

• Time required to resolve incident

10106946.1 - 38 - Atty Docket No, 039650-10

• Whether the resolution was covered by the customer's SLA <

[0150] The steps taken to resolve an incident is recorded as precisely as possible. An accurate record of an incident can help resolve similar incidents more quickly. [0151] The internal communication flow is important to successful incident management because it affects every part of the incident management process. Poor communication can lead to misunderstanding or extended service interruptions. Effective communication standards ensure that the solution provider meets its service level agreements and keeps customers satisfied. When the solution provider establishes communication standards, it ensures that its policies, at minimum, address the following questions for each support process:

• Who should participate in this process?

• What should I communicate?

• What communication format should I use?

• When should I communicate?

[0152] Creating effective communication standards can help strengthen relationships among the solution provider's staff and between the solution provider and its affiliates and customers. The solution provider's communication standards may require that written communication be used as much as possible to minimize misunderstandings often associated with oral communication. In addition, the standards promote clear and concise communication, and promote collaboration. The solution provider continuously reviews and revises communication standards.

[0153] As shown in FIG. 6, step 670 involves creating call processes to support managed services customers. Specifically, this step addresses receiving support requests, responding to support requests, escalating support requests, reporting support requests, closing support requests, and documenting support requests.

[0154] Most managed services, such as regular maintenance and remote monitoring, that the solution provider provides are proactive and preventative in nature. However, when a managed service fails suddenly or performance degrades to below standards set by a customer's SLA, the customer must be able to inform the solution provider about the problem.

101O6946 1 - 39 - Atty Docket No. 039650-10

[0155] To provide the best possible service, the support process is as simple as possible for customers. The solution provider may establish multiple ways for customers to initiate a support request. For instance, communication > via telephone and e-mail are typically available to customers. Regardless of how a support request is submitted, however, the procedures followed should be the same.

[0156] The solution provider establishes a dedicated support channel for support requests from its customers. The nature of this support channel will depend on the number of customers and the volume of calls expected. For instance, if the solution provider's customer base is small, responsibility for support calls can be incorporated into the job of several staff roles. On the other hand, as the managed services customer base grows, the solution provider may enlist a staff fully dedicated to handling support requests.

[0157] To provide efficient and effective responses, the solution provider ensures that a specific person or team is always responsible for incoming support requests. For instance, the solution provider avoid strategies such as a shared e-mail address or telephone number that forwards a request to a group mailbox or a voicemail box, respectively. Responsibility for a support request is assigned immediately upon receipt of the call, and any subsequent transfer of responsibility for the request is formally recorded.

[0158] When the solution provider receives a request, it must gather certain information about the issue to route and assign it properly. As such, the information recorded according to support request procedures may include the following:

• Customer name or ID number

• Contact information for the person requesting support

• Devices and/or services affected

• Specific symptoms or errors encountered

• Steps to recreate the error

• Any changes in the customer environment at approximately the same time the issue arose

[0159] The support request process includes steps to acknowledge the request from the customer and prioritize the request. The priority assigned to the request may also have a corresponding response time. Regardless of how the request is received, the solution

10106946.1 - 40 - Atty Docket No, 039650-10

provider has staff who can apply their understanding of the request to assign a priority. For example, the priorities may include the following:

• Critical: multiple systems or sites affected; production halted - one hour response

• High: single system or site affected; work^' stoppage at a single site - two hour response

• Normal: single system affected; performance issue or other non-critical request — Next business day response

• Low: Minor performance-affecting issue, limited scope or affect - Two business day response

[0160] After request information is collected and a priority is assigned to the request, the request is assigned to an available technical resource, e.g. technician or engineer. After this assignment, the priority and the terms of the customer SLA determine if the support requests takes precedence over existing calls. For instance, a request with a very high priority may take precedence over an older lower priority request.

[0161] Once the support request is assigned and prioritized, the responding technical resource begins troubleshooting the support request. The responding technical resource is also responsible for meeting any additional terms of the SLA, which may dictate escalation and status reporting requirements. The responding technical resource is aware of the terms of the SLA that are in effect for each request in order to make an appropriate response. Moreover the responding technical resource is also aware of any limitations to the SLA for each request. For example, if a support request is determined to be related to a hardware failure, the request may need to be immediately referred back to the customer if the SLA does not cover hardware issues. As another example, if the terms of the SLA dictates that some types of response or troubleshooting are billable, the responding technical resource may need to obtain customer permission before proceeding.

[0162] Escalating a support request transfers responsibility for the request to another person inside the solution provider's organization or possibly to an affiliate. To define an escalation process, the solution provider may divide escalation into two categories: technical and administrative.

[0163] Technical escalation transfers a support request to a more experienced technician or engineer and typically is initiated when the current technical resource determines that a

10106946.1 - 41 - Atty Docket No. 039650-10

request is beyond his or her capabilities, requires higher security privileges than he or she possesses, or requires a change to an underlying process or procedure. Technical escalations are reduced by obtaining as much information as possible during the initial call, so the request can be assigned to the most appropriate technical resource. If an escalation requires a change to an underlying process or procedure, it may be transferred from the support request system to a change management system. .

[0164] Administrative escalation is a separate process designed to ensure that all support requests are resolved according to the customer's SLA by setting thresholds for resolution. The threshold for administrative escalation may be a percentage of the time limit for resolution of a request required by the SLA. If the request remains open past, the threshold, the request is transferred to a service manager or similar staff member for a higher level of attention. This attention might include assigning additional staff to the request, escalating to a more experienced technician or engineer, or contacting the customer to discuss alternative solutions. Administrative escalation typically requires an automated process to function optimally, which may entail a comprehensive helpdesk or support application. Multiple levels of administrative escalation are possible, and may involve continued escalation to higher levels of responsibility within the company. When a support request exceeds time limits established in the customer's SLA, the request may be escalated to the executive staff to ensure that the request customer receives an effective and appropriate response. [0165] The terms of SLA also dictate the requirements for communicating status to the customer. A SLA may require periodic status reports to the customer to verify that the request is being addressed. The responding technical resource is aware of any reporting requirements so that the customer receives the communication according to the requirements of the SLA. [0166] The form of status updates to the customer may also be dictated in the SLA. For instance, status updates may be communicated through by telephone, manually composed e- mail, or automated messaging using support software. [0167] Support requests typically fall into one of the following status categories:

• New: a new support request that has been assigned but work has not yet begun.

• Open: a support request that has been assigned and is actively being addressed.

• Hold for research or testing: a support request that has a preliminary resolution but needs further internal research or lab testing to confirm resolution.

1-0106946.1 - 42 - Atty Docket No. 039650- 10

• Hold for resolution: a support request that is either awaiting additional information requested from the client, or that has been resolved and is awaiting confirmation from the customer.

• Pending, fix identified: a support request for which a potential resolution has been identified, but is awaiting customer approval to deploy.

• RPC submitted: a support request for which a formal change approval process has been initiated, and which has not yet been approved.

• Closed: a support request for which a resolution has been applied, and the customer has confirmed that the issue has been resolved to their satisfaction.

[0168] After a support request is resolved, the customer is asked to confirm that the issue was resolved to its satisfaction. This helps verify that the solution provider has complied with the customer SLA and enhances customer's appreciation of the solution provider's services. Much of the value of comprehensive managed services is in the higher level of attention and support the customer receives, and properly closing each support request is an important part of that higher level of service.

[0169] When a technician believes that a support request has been resolved, he or she may set the request to status "Hold for resolution." The technician or another staff member then contacts the customer to confirm that the issue is resolved. If the customer indicates that the issue has not been resolved, the technician maintains responsibility for the support request and troubleshooting continues. If the customer indicates that the issue is resolved, the date and time are noted on the support request, and the technician begins work on the next highest priority request.

[0170] The solution provider and its customers need to be able to check the status of a support request at any time. If the client base is relatively small, the solution provider can provide request tracking through a dispatcher or other staff member. When the client base grows larger, however, the solution provider may want to deploy helpdesk software that can track requests through to completion. This type of tracking software also enables technicians to search a knowledgebase of past support requests to help analyze current problems. [0171] Tracking is also important for business planning purposes as well as customer service. Unless the solution provider properly documents support requests, it cannot see

10106946.1 - 43 - Atty Docket No. 039650-10

trends for requests received or the time spent on each request. Moreover, thorough request documentation also can strengthen periodic reports to customers.

[0172] The step 680, shown in FIG. 6, involves designing a centralized customer data repository, which includes, developing a comprehensive managed services marketing plan. Having an internal customer data repository in place to organize documentation helps to ensure the efficiency, continuity, and consistency of the managed services. [0173] Data repositories are a collection of resources that organize customer information and documentation in one central location. Data repositories also control how the information and documentation is distributed. Repositories often consist of several databases tied together by a common search engine. A properly designed repository can help enforce configuration management standards for all customers. Other benefits of customer data repositories include:

• Simplified workflow through coordination and standardization

• Increased quality of customer service

• Improved project collaboration through centralized issue tracking

• Embedded support for meeting customer expectations and requirements

[0174] Ensuring the accuracy of the data repository depends on customer contributions, repository updating responsibilities, process flow training, and continuous follow-up and maintenance. Below are some best practices for maintaining an effective centralized data repository:

• The solution provider's organizational standards are applied. An outline is created to ensure there^?is a logical organization for all documentation. If documentation standards already exist, the repository is shaped accordingly to minimize rework.

• Users of the data¹ repository are given training. Training sessions are provided during the building of the comprehensive managed services offering. The staff is knowledgeable about the design of the data repository, and have mastered the functions of the repository.

• The data repository is kept organized. Effort is made in creating, developing, and maintaining the repository structure. Maintenance duties are assigned to customer

10106946 1 _ 44 - Atty Docket No. 039650-10

support teams. Monthly reviews are scheduled with customers to. ensure they understand and agree with the records are being kept.

• Contents are protected. Providing managed services requires the trust and confidence of customers. Security considerations are identified and addressed to protect customers' confidential data. The repository is based on a stable and scalable platform that is backed up daily. To secure customer data internally within the organization, access to the repository is based on job function.

• Policies, procedures, guidelines, and management are established. The policies, procedures, and guidelines of each of the components of the customer data repository are established and defined.

• The data repository is easy to use. A focus group may be created with likely users in order to assess and guide the software acquisition and configuration choices for the repository.

[0175] When providing comprehensive managed services, many different members of the solution provider's staff work with or for the customers. Keeping a comprehensive record of all staff and their roles in providing services is important to long-term success. Minimally, this record includes the staffer's name, areas of expertise and responsibility, contact information, availability information, and their relationship to a particular configuration item. This helps the staff identify appropriate personnel to resolve performance issues, etc.

[0176] Invoicing conditions may differ among the solution provider's customers. Each customer's requirements or preferences are documented accordingly within the customer centralized repository. Maintaining an accurate record of invoicing terms, pricing conditions, and SLAs ensures accuracy in monthly invoicing.

[0177] When recording a customer's inventory in the data repository, the solution provider assesses and documents all the assets covered by the managed services solution. Asset management is important to controlling and supporting a customer's infrastructure. Comprehensive records of customer assets can help ensure that billing, support, and maintenance are handled in accordance with SLAs. [0178] At a minimum, customer inventory repositories should include:

10106946.1 - 45 - Atty Docket No. 039650-10

• Serial numbers of all equipment

• Make and model of all equipment

• Server and, desktop hardware configuration

• Server and desktop software configuration

• Associated applications

• Warranty information

• Software agreements

• Managed services migration date

[0179] Asset management can be a time-consuming and complex task. Effective control of the solution provider's and customers' assets enables the solution provider to obtain the highest use and return on each of its investments.

[0180] Deploying a knowledge management and collaboration software can provide increased productivity, better communications, and improved access to information. The solution provider may also employ a customer communication site to ensure that communications with customers are consistent, timely, and secure. Such a site also enables the solution provider and its customers to find relevant information quickly and easily. [0181] The customer communication site can be the cornerstone of the customer data repository. It empowers customers by giving them accurate and up-to-date information accessible at all times. When used effectively, a customer communication site can enhance task flow and decision-making for all customers.

[0182] The centralized repository also reflects the scope of work (SOW) standards for managed services customers. The SOW documents specify service commitments to customers. Embedding the scope of work standards into the design of the customer data repository provides a consistent and clear reference point for the solution provider and its customers.

[0183] Every managed services relationship begins with a contract between the solution provider and the customer. This original contract provides a foundation for all subsequent contracts and addendums and is easily accessible as a quick reference point. The solution provider can streamline the process of establishing a managed services customer by signing a master contract with the customer before it develops a scope of work document and service

10106946.1 - 46 - Atty Docket No, 039650-10

level agreement. Including the master contract in the data repository can provide a foundation for relevant staff to use when SOW documents and SLAs are finalized.

[0184] New security requirements such as Health Insurance Portability and

Accountability Act (HIPPA) and Sarbanes-Oxley are affecting the way some businesses must track and protect information. Because of this, the customer data repository must be secure and designed to support customers' regulatory compliance needs.

[0185] In the event of a major service interruption or disaster, the solution provider must expedite the restoration of the customer's operations. To help build the customer's confidence and trust, the solution provider must provide a solid, reliable, and proven disaster recovery plan, which may be incorporated with data within the customer repository.

[0186] FIG. 7 illustrates the steps that are involved in developing a comprehensive managed services marketing plan 700. As described further below, the steps may include: developing the comprehensive managed service offerings; providing a four-tiered comprehensive managed service offering; understanding customer challenges and communicating solutions; developing sales and marketing materials; and developing internal training.

[0187] After a solution provider has decided to offer comprehensive managed services, it engages the market. Based on current information about the marketplace, a thoughtful and comprehensive marketing plan is important to the long-term success of a solution provider's comprehensive managed services offering. Effective sales and marketing strategies support corporate branding, improve targeted marketing, and drive profits. Basic goals for a sales and marketing strategy include:

• Increase organization awareness

• Develop new markets

• Research and produce innovative offerings

• Improve customer satisfaction and retention rates

• Increase profits

[0188] If the solution provider already has a customer base, it might already know a great deal about the marketplace and business needs. The solution provider may be able to quickly and easily propose and sell a comprehensive managed services solution to existing clients. Converting existing customers to comprehensive managed services clients can then

1-0106946.1 - 47 - Atty Docket No. 039650-10

help the solution provider develop a portfolio of case studies that can be used to support marketing for prospective customers.

[0189] Marketing_, targeted to new customers is very different from marketing to existing customers. The solution provider first creates and analyzes a high-level list of all potential customers in its market. Factors to consider include size, location(s), and market sector of the businesses. To remain competitive within the market place, the solution provider also analyzes each competitor's value proposition and pricing strategy.

[0190] As shown in FIG. 7, the step 710 involves developing comprehensive managed service offerings. In other words, business opportunities arise from providing a comprehensive managed service offering. The primary and secondary, opportunities presented by offering comprehensive managed services may include:

• Primary Opportunities

• Planning,, design, and implementation of a secure and remotely manageable environment

• On-going remote monitoring, patching, support, and management

• Secondary Opportunities

• Selling and configuring new hardware and license and configure new software

• Selling, licensing, and configuring secondary technology (e.g. VoIP -based phone systems)

• Increased solution selling due to enhanced knowledge about customers increased customer confidence in the solution provider's services

[0191] In order to capitalize on primary and secondary business opportunities, the solution provider's marketing plans should emphasize that the solution provider has the ability to enhance other aspects of the customer's environment while providing the comprehensive managed services. Moreover, the marketing plans also explain that the solution provider has the flexibility and customization options to suit each customer's needs and goals.

[0192] Step 720 in FIG. 7 involves providing a four-tiered comprehensive managed service offering, though the pricing schemes according to the present invention are not limited to this type of offering. How the solution provider structures the services it offers and

10106946.1 - 48 - Atty Docket No. 039650-10

how it bills for services contributes to successful marketing. As such, the solution provider's offerings balance the solution provider's business needs for standardization with the value customers place on flexibility. One strategy is to offer, four tiers of service, with three tiers dedicated to standard packages that provide increasing levels of support and a final tier reserved for fully customized solutions. The following table illustrates an example set of standard^' packages for servers:

10106946.1 - 49 - Atty Docket No. 039650-10

TABLE 1

[0193] Various features or conditions may be included in a set of offerings, such as those shown in TABLE 1. For example:

• Technical support can be used for phone support or remote assistance.

• Total hours must be used for the month earned and cannot be carried forward. Tech support accrues in 15-minute increments.

• Free on-site emergency support is provided for hardware or software failure caused by managed service providers' changes.

• Emergency support is provided for hardware failures or failures caused by a customer's change will be charged to the client.

• Flex hours can be saved and used later for either tech support or on-site project work (must be used in four-hour increments). Flex hours expire at the end of the calendar year.

10106946.1 - 50 - Atty Docket No. 039650-10

• Quantity discounts may be available for multiple servers. Discount does not apply to hourly rate for emergency hourly support, or on-call hourly support.

• An additional discount might apply for some single-purpose servers or if a significant number of servers have the same configuration.

[0194] In the example in TABLE 1, the Bronze level of service is designed for large customers. Large customers are likely to be able to take advantage of a multiple server discount when they choose one of the managed services components like monitoring and patching. In these environments, IT staff is already present, but by relieving them of after- hours support necessities and daily requirements, the solution provider presents its organization as an asset that helps them meet their strategic needs.

[0195] In the example in TABLE 1, the Silver level of service is designed for any customer who wants to add major platform upgrades included to the basic service provided in the bronze level offering. These customers probably will have multiple servers and be able to take advantage of a multiple server discount. The Silver service level may be more applicable to small and medium-sized organizations that maintain IT staff but do not have the time to invest in routine maintenance of configuration standards and security, hi most cases, major platform releases occur every 18 to 24 months. The additional monthly per-server charge enables the solution provider to bank $250.00 per contract month to help offset the labor costs associated with performing the upgrade. The services included in the future upgrade of operating systems include design, research and development, and deployment of the upgrade. [0196] In the example in TABLE 1, the Gold level of service is designed for any customer who needs to have major platform upgrades and broad 24x7 support provided to them at no additional charge. The Gold service level is designed primarily for small organizations that need to outsource their overall IT support, but some medium-sized organization might also be interested. The Gold service level enables customers to outsource their all their IT services. AU customer servers are set up to a standard configuration and the solution provider assumes full responsibility for management and support. With this level of service, the solution provider is again able to bank and additional $250.00 per contract, per month to assist in offsetting the labor costs associated in providing remote phone support, 24x7x365 onsite support where required, and the necessary operating upgrades to ensure the managed service customer is always on the most recent and updated version.

10106946.1 - 51 - Atty Docket No. 039650-10

[0197] In addition to standard service offerings, the solution provider may provide customized offerings. Add-on ("a-la-carte") services may include:

• Telephony integration

• Voicemail

• Faxing

• Voice over IP

• Web filtering and monitoring

• Intrusion detection and prevention

• Vulnerability assessment and remediation

• Digital Rights Management (DRM)

• Secure e-mail

• Portal integration services

• Web application services

• Policies and procedures

• Anti-virus

• E-mail anti-virus and anti-spam

• Network device management (router, firewall, switches)

• Web site hosting and DNS services

• Managed desktops and printers

[0198] A-la-carte services are designed for customers who have needs that do not map exactly to the standard packages. A-la-carte options enable sales and technical staff to customize solutions for the customer while maintaining the advantages gained from economies of scale. The solution provider gains the most from its affiliates through a Ia carte options. For example, the customer might choose a gold level agreement, but in addition would like the solution provider to host an e-mail or Web server. The associated pricing for the a-la-carte options usually are handled in a cost-plus pricing model, but as a flexible managed service provider, those costs must be incorporated into the customer's monthly bill. A systems engineer should be consulted when a-la-carte options are designed and offered. All technologies included in comprehensive managed services solution are both compatible and operationally efficient for the customer.

10106946 1 - 52 - Atty Docket No. 039650-10

[0199] In general, the Bronze, Silver, and Gold service levels in TABLE 1» are designed to cover a base foundation for most of the customer's needs. Meanwhile, a-la-carte options help the solution provider to easily and effectively supplement its standard offerings so that it meets nearly any customer needs.

[0200] Step 730 in FIG. 7 involves understanding customer challenges and communicating solutions. To be a successful managed service provider, the solution provider must understand the issues and challenges its customer is facing, so that it can position its comprehensive managed services offering to address their needs.

[0201] To position its managed services offerings properly, a solution provider understands the challenges to its customers, the best pricing models for its customers, and the benefits the solution provider's managed services solutions can provide to its customers. [0202] Many customers want to achieve one or more of the following goals:

• Streamline system administration and proactively control IT costs

• Increase organizational security and reduce downtime

• Boost organizational productivity, capabilities, and effectiveness

• Improve help desk and system support

[0203] Some of the customer goals that the solution provider emphasizes when marketing its solutions may include:

• Increase Operational Efficiency

• Lower IT staff costs. IT staff costs are often perceived as excessive can be difficult to correlate to justify to upper management. Although large organizations often understand that IT spending is a strategic investment that can provide a very high return, small and medium-sized organizations might need help understanding the benefits of investing in proactive maintenance.

• Improved overall IT management. The system standardization that is part of comprehensive managed services enables small, and medium-sized organizations to make the most of their IT budgets. By relying on strong system standards, customers can better identify opportunities to reduce costs. They also can improve user efficiency by eliminating the costs associated with maintaining diverse systems.

10106946.1 - 53 - Atty Docket No. 039650-10

• Increased IT cost predictability. IT management can be an increasing part of an organization's costs. Comprehensive managed services can enable small and medium-sized organizations to predict and manage IT costs more accurately and successfully. Guaranteed system-wide software and hardware compatibility can simplify decisions about future directions for the organization.

• Lower maintenance costs through standardization. Systems built on strong security standards require less maintenance.

• Opportunity to focus on core tasks. Customers can benefit by focusing their IT staff on productive projects rather than ongoing maintenance and support. As technology grows more complex, specialized knowledge becomes more important and the cost of maintaining in-house IT staff grows. Through comprehensive managed services, customers can benefit from the solution provider's technical specializations at a lower cost than they would pay to maintain the same level of expertise in-house.

• Improve Security and Stability

• Reduced employee access to unauthorized and unproductive applications. System security and minimal loss of work time are essential to the customer's productivity. Comprehensive managed services can reduce system vulnerabilities through increased security and continuous remote maintenance. Additionally, sensitive materials are less likely to fall into the wrotig hands.

• Enhanced IT security through critical update management. Automated update management can greatly simplify system maintenance by making it much easier to apply critical security fixes quickly and consistently, thereby minimizing the risk of virus attacks and other security breaches.

• Improved security reduces the possibility of loss. Information is many organizations' most valuable asset. Enhanced security technology, an effective security design, and proper monitoring and maintenance can reduce the risks of loss of assets, possible fines, and litigation associated with the failure to comply with information protection laws.

946.1 - 54 - Atty Docket No. 039650-10

• Reduced probability of improper configuration. Standardization and routine maintenance helps to ensure .reliability and consistency throughout an organization. This can enable improved problem identification and resolution, enhance employee productivity, and lower employee stress.

• Enhanced security through technology. By installing the latest security technologies, the customer can take advantage of newer and more efficient IT system components.

[0204] Illustrated as step 740 in FIG. 7, developing sales and marketing material is an important part of developing a comprehensive managed services marketing plan. When developing sales and marketing materials, the solution provider:

• Identifies the goals and objectives of its managed service offerings.

• Forecasts and plans its sales to help improve its understanding and management of its business.

• Researches its competitors and their offerings and uses this information to improve its offerings.

• Assesses customer needs to determine better ways of positioning its solutions.

• Researches current market trends to improve its market targeting.

[0205] Brochures are an affordable and familiar way to get a message to a target market. Brochures can provide a high-level overview of a solution provider's comprehensive managed services offerings which makes customers interested. The solution provider incorporates brochures in its marketing strategies by using a them as a follow up to cold- calling a prospective customer, including them in a direct-mail campaign, and distributing them at events.

[0206] Case studies present examples of real deployments. Case studies enable the solution provider to show concrete results and benefits of transitioniήg to comprehensive managed services. The solution provider creates case studies to chronicle events that take place in a customer's environment during the transition to managed services. When the solution provider begins offering comprehensive managed services, it works with a satisfied customer to build an effective case study that it can use in its sales and marketing efforts. The solution provider can offer its customer a discounted rate for receiving managed services

10106946.1 - 55 - Atty Docket No. 039650-10

for a predetermined amount of time, in exchange for the customer's agreement to be a test ground and case study for its managed services initiative.

[0207] Customer references provide the highest level of credibility and are an excellent way to promote an solution provider's comprehensive managed services offerings. Having a customer endorsement shows potential customers that the solution provider is reputable and has a proven ability to provide a reliable and secure managed services solution. Techniques for collecting references may include asking customers to fill out a brief customer satisfaction survey after every successful managed services implementation, requesting permission to use the customer's name in marketing materials, documenting positive feedback from clients, or asking customers to write reference letters. ,

[0208] Web sites can help the solution provider's business with marketing and customer service. External web sites are generally accessible all the time and can promote the solution provider's company to a global audience. The solution provider can update Web content quickly and easily, and reduces the need to print materials. When the solution provider design a customer-facing Web site, it may consider the following goals:

• Generating prospects and customers. Provide a single, worldwide portal of leading visitors and prospective customers to the solution provider's web site to facilitate their conversion of needs into actual opportunities.

• Online sales. Sell managed services offerings 24 hours a day, 365 days a year.

• Business promotion. Provide a tool for new and existing customers to gain information about the comprehensive managed services offerings.

• Information dissemination. Provide a single portal for communications of recent events, trends, and analysis.

• Reduced marketing costs. Provide a single, worldwide portal for all marketing materials that can be easily revised and maintained.

• Company awareness. Provide a single portal to the company's missions, culture, vision, and goals.

10106946.1 - 56 - Atty Docket No. 039650-10

• Support customers. Provide FAQs₅. offer Web-based e-mail support, distribute newsletters, and host discussion groups for existing customers.

[0209] Meanwhile, an intranet Web site enables the solution provider to provide employees and authorized affiliates quick access to material required to complete their work. If the solution provider takes a virtual data center approach to offering managed services, its support staff may be in many different locations. In such cases, a strong intranet Web site can help ensure all staff members have ready access to the most up-to-date information while keeping that information secure through role-based access control. In addition to keeping employees well connected, an intranet site can help reduce operating costs for printing and document distribution, improve collaboration, enhance individual productivity, support information management policies, and protect confidential information while keeping it accessible to appropriate staff.

[0210] The intranet Web site design is task-oriented. It provides straightforward navigation and enables easy content updates. Content for an intranet Web site may include:

• Project tools and templates

• Sales tools and templates

• Engineering tools and templates

• Marketing material

• Sales collateral

• New service offerings

• Accounting requirements (expense forms, mileage reports)

• Employee contact information

• Human resource information

• Organizational financials

• Monthly newsletters

[0211] In most cases, the solution provider has several, or even many, managed services offerings to communicate to customers. The solution provider ensures that all external sales content has a consistent look and feel. By developing a standard sales template, the solution provider can speed the creation of professional, customized sell sheets for all services. Sales templates may provide a framework that includes:

• Headline — The name of the offering

10106946.1 - 57 - Atty Docket No. 039650-10

• Introduction — A high-level overview of the offering

• Benefits — Advantages of the offering

• Features and/or specifications — The complexity and amount of technical detail offered will vary according to the target for a particular piece

• Value — Explicitly detail the value of the offering by comparing it to other offerings that cost more or provide less

• Conclusion — Summarize the overall content and provide contact information [0212] The solution provider's staff may use sell sheets to communicate marketing information to customers. Creating and maintaining accurate sell sheets keeps staff members and customers informed about the solution provider's latest services and the value that each of the services provides. The sell sheers may also be distributed directly through the mail, e- mail, or an external Web site to new or existing customers as part of a marketing outreach. Sell sheets for external distribution may include:

• Detailed outline of the specific offering

• What operational challenges the offering resolves

• How the offering can improve budget performance

• Options for customizing the offering

• Value statement for the offering

[0213] The solution provider may also use a pricing guide, which is an internal tool that provides a clearly organized description of the pricing model and options for managed services. The set of available pricing model options may be broad and flexible. Pricing options may include include:

• Monthly reoccurrihg fixed fees, for comprehensive managed service offering

• Per-device, reoccurring monthly fixed fees

• Higher volume per-device, quantity-based discount and reoccurring monthly fixed fees

• Per-service, per-device monthly options for single component support (e.g., monitoring, patching, updating, or anti-virus)

• Hourly rates defined for time and material requirements

• Hourly rates defined for escalated service level agreement requests

10106946.1 - 58 - Atty Docket No. 039650-10

• Hourly rates defined for managed service opportunities that result <in individual and scheduled projects or assessments

• Hourly rates defined for after hours and weekend technical support . • Calculated profit integrated into each sell price

• Maximum and minimum sell rates or profit allowances

[0214] The solution provider may also itemize its a-la-carte offerings to enable its sales team to sell an individual component and add it to an existing agreement. In some cases, the pricing guide is simply used as a starting point, and final pricing may vary.

[0215] Additionally, the solution provider may prepare a Frequently Asked Questions

(FAQ) document to help its sales and technical teams give accurate responses to customer's commonly asked questions about its managed services offerings.

[0216] Developing electronic slide presentations for customers provides a useful technique to provide an overview of the managed service offerings. Such slide presentations generally provide high-level points in presentations, but staff member are prepared to answer detailed questions about each point.

[0217] Guidelines for customer presentations may include:

• Include only high-level facts.

• Use speaker's notes for additional details or presentation guidance.

• Include a brief company background when meeting a customer for the first time.

• Include a brief overview of the comprehensive managed services model.

• Review the managed service components that can meet the customer's specific needs.

• Make concrete connections between the benefits the solution provider can provide and the customer's challenges.

• Ensure that any prominent graphics included are relevant and easy to understand.

• Include success stories or recommendations from similar customers.

• Invite customers to ask questions throughout the presentation.

• Include a strong summary that clearly illustrates the value customers will receive, from the solution provider's managed services offerings.

[0218] Step 750 of FIG. 7 illustrates that developing internal training is also a component of developing a comprehensive managed services marketing plan. Implementing

10106946.1 - 59 - Atty Docket No. 039650-10

a comprehensive managed service offering introduces new knowledge requirements for the solution provider's staff. A training plan provides the staff with skills essential to implement, operate, manage, and sell managed service offerings. An internal training strategy also helps manage the organizational and cultural changes brought about by offering comprehensive managed services.

[0219] The solution provider provides internal training and support to facilitate effective incident response. The organization develops in-house training and manuals that detail the overall process, roles and responsibilities, as well as system specifications. As an ongoing activity, training focuses on both soft and technical skills. Failure to set aside time to build, maintain, and foster this knowledge limits the solution provider's efficiency and market success.

[0220] Moreover, a vigorous internal training plan motivates employees, improves quality of work, strengthens a team environment, increases profitability, increases productivity, and fosters greater customer confidence. Investment in the staffs knowledge development increases the solution provider's ROI as employee retention increases, collaboration improves, and individual goals become aligned with those of the organization. [0221] Several training topics for all staff members may include:

• Comprehensive managed services overview. Provide a clear understanding of what comprehensive managed services entails, define the managed services offered, and describe how managed services will benefit the organization, staff, and customers.

• Roles and responsibilities. Provide a clear definition each staff role involved in providing managed services. It is important that all staff understand both their own responsibilities and how all managed services roles are interdependent.

• Target market and trends. Provide current market trends and analysis on managed services to build awareness and understanding of the position of managed services.

• Corporate goals and direction. Provide a clear understanding of the organization's goals and how managed services offerings fit into the overall strategy.

• Customer response to the solution. Provide a clear understanding of customer challenges and how managed services can provide resolutions.

10106946.1 - 60 - Atty Docket No. 039650-10

• Requisite knowledge. Provide a clear understanding of how to access and work with the centralized customer data repository.

[0222] Adopting the industry-standard Information Technology Infrastructure Library (ITIL) framework can help the solution provider systematically apply best practices to keep its customers' IT assets performing at peak efficiency. The ITIL approach focuses on two main areas of providing managed services: service support and service delivery. Service support practices are focused on operational goals while service delivery components are tactically oriented.

[0223] Effective service support management ensures that the solution provider provides the services customers require with minimal disruption. The five key components of ITIL- based service support management are:

• Configuration management defines standards for recording configuration items (CIs) and specifying relationships between CIs.

• Incident management processes handle events that are not part of the standard operation and which cause or might cause a service disruption or reduce quality of service.

• Problem management addresses situations arising from a single significant . ' incident with unknown causes or identified by analyzing incident patterns.

• Change management defines routine processes for the addition, modification, or removal of CIs.

• Release management controls the introduction of approved changes such as deploying a new service or application to address a customer challenge.

[0224] Service delivery management formalizes tactical strategies for assessing service support management and sales and marketing practices. Effective service delivery management ensures that comprehensive managed services teams have everything they rieed to both meet customer needs and internal organizational goals. The five key components of ITIL-based service delivery management are:

• Service level management maintains quality of service through continuous monitoring and analysis and defines steps to take when service quality problems are identified.

10106946.1 - 61 - Atty Docket No. 039650-10

• Financial management can help predict and control budgets by accounting for the funds spent to support customers and the fees received.

• Capacity management monitors and analyzes the performance of all managed services and facilitates both internal and external reporting.

• Availability management optimizes IT infrastructure to deliver a cost-effective and sustained level of availability.

• Continuity, management identifies the minimum requirements to support the customer, determines how much the customer might lose because of a disaster or other service interruption, and defines escalation processes based on the identified loss.

[0225] The solution provider adapts ITIL standards to its needs to improve its customer communications and operational efficiency. To benefit from applying ITIL standards, the solution provider plans carefully and ensures its organization is committed to the, change. The solution provider ensures that its executive staff is committed to these new practices. If the organization implements ITIL, or any other industry standard, full internal support is required. Executive staff needs to believe in the process and convey the value to the entire organization to ensure successful adoption.

[0226] Because selling comprehensive managed services solutions requires the sales staff to be resourceful, creative, and independent in its selling approach, the staff is well trained in the solution provider's managed services offerings, positioning, and negotiation policies. To sell managed services offerings effectively, the ^ales staff has a thorough understanding of all offerings and pricing guidelines as well as licensing costs for the software at the core of the solution provider's solutions.

[0227] The sales staff pfays a role in positioning the solution provider's offerings in the market, so they also know the customers' needs and challenges. By addressing customer challenges in the sales training, the solution provider gives the sales staff a tool for improving performance. The sales staff understands that closing deals depends on offering a customized solution with clear benefits and quantifying the return on investment that customers can gain through managed services.

[0228] After the sales staff has helped customers to envision a managed environment, it focuses on collaborative design for the overall solution. Sales training encourages staff to

10106946.1 - 62 - Atty Docket No. 039650-10

take a creative and cooperative approach with the customer to find a comprehensive solution to meet customers' needs while also generating profits. ,

[0229] Customer liaisons are responsible for providing high-level relationship management with customers as advocates for the comprehensive managed services offerings. Because customer liaisons are senior sales staff, their training should include all material offered to the general sales staff. Because customer liaisons work with customers to ensure that managed services engagements are successful, their training emphasizes soft skills such as presenting solution strategies and persuading customers that proactive systems management is a valuable investment.

[0230] System engineers provide solution recommendations based on an analysis of customer needs. They are responsible for monitoring the strategic direction and growth of solutions from both a technical and financial perspective. They stay current with both technology changes and the competitive marketplace. They also assist in defining, planning, and overseeing technical and operational solutions and requirements for the organization and customer. Because their work affects all other aspects of offering comprehensive managed services, system engineer training provides overviews of ITIL, project management, and sales best practices.

[0231] Technical specialists work directly with systems engineers during the managed services migration. They also provide technical expertise and guidance in the design, testing, documentation, implementation, and maintenance of the solution. Their training focuses on required technical competencies, ITIL, and project management best practices. [0232] The technical staff monitors customer sites, provides configuration management services, runs system backups, and performs other routine operational tasks. To implement and maintain managed services successfully, technical specialists have operating system, networking, and security experience.

[0233] Providing comprehensive managed services requires a structured approach to the. way projects are managed. Project managers ensure that projects are delivered on time, do not exceed the budget, and meet both internal quality standards and the customer's needs. Project managers work closely with staff coordinators to ensure that the technical staff is informed of best practices related to each customer engagement and that a cooperative, motivated, and successful project team is assembled for every engagement.

10106946.1 - 63 - Atty Docket No. 039650-10

[0234] The project manager's role spans all managed services functions. Thus, their training includes overviews of all personnel responsibilities and associated training. The training plan for project managers also should include extensive study of ITIL standards. [0235] The call center, may be the primary point of communications for customers with problems or requests. In this case, the call center staff provides professional and timely customer service. Furthermore, the call center staff is trained in the following areas:

• Organizational service support processes

• Customer specific service support process

• Troubleshooting hardware and software

• Documenting solutions and associated service level expectations

• Managing conflicts

• Managing customer expectations

• Accessing third and fourth level support specialists

• Managing communication

[0236] Staff coordinators are ultimately responsible for the overall management of the technical personnel, managing and supporting their daily activities. Staff coordinators also provide instruction and guidance to all personnel. Coordinators understand the technical competencies of each of member of the technical staff so they can assign the right people to the right job. Therefore, training for staff coordinators may include the following topics:

• Budget and bench time reporting for all technical personnel

• Resource scheduling and forecasted scheduling

• Managed services migration process

• Ongoing training plan development for technical staff

• Leadership development

. • Base level project management

[0237] FIG. 8 illustrates the components of selling the comprehensive managed services solution, which includes targeting potential managed services customers, understanding managed services customization options, positioning comprehensive managed services solutions, and defining and customizing the scope of work.

[0238] Step 810 in FIG. 8 involves targeting potential managed services customers. Any organization with an IT infrastructure can benefit from implementing comprehensive

10106946.1 - 64 - Atty Docket No. 039650- 10

managed services. However, a customer's willingness to explore managed services often depends on their size, what they do, their IT staff needs, and the importance they place on IT infrastructure.

[0239] Although small and medium-sized organizations are typically good candidates for comprehensive managed services, a customized sales approach can effectively target customers of all sizes.

[0240] Small organizations may run all their critical systems on a single server and have a several workstations. Because their server must run smoothly with little to no down time, they need expert care. Usually, that single server is supported by a single person who is forced to be an IT generalist. Generalists, however, may lack the expertise necessary to maintain the full array of technologies in use, and that lack of knowledge can itself cause system problems. Organizations depending on an IT generalist often are looking for a better solution and may find comprehensive managed services attractive.

[0241] Medium-sized organizations may have 3-50 servers and 50-500 workstations.

These organizations might employ up to 10 dedicated IT support staff. These customers tend to be excellent candidates because they have all the same needs as large organization without the benefit of economies of scale.

[0242] If a customer has several servers running different systems, the solution provider can start by focusing on a single system and identifying a critical system that currently is performing erratically and disrupting the customer's work. The solution provider can then offer a managed services solution to address the problem. Completing a consulting job to address the single problematic system demonstrates the value of a managed services solution to the customer and may provide an opportunity to sell a comprehensive managed services solution.

[0243] Existing IT departments in organizations with 20 or more servers and 500 or more workstations might feel threatened by managed services. The sales and marketing strategies for these organizations may emphasize how comprehensive managed services can free valuable internal staff time for more productive projects by relieving them of routine maintenance and support duties.

[0244] Organizational, or corporate, culture is the subject of much formal research and even more practical observation by sales staff. The solution provider may develop strategies

10106946.1 - 65 - Atty Docket No. 039650-10

to work with different organizational cultures. When these common strategies are developed, the staff can work effectively with clients and the entire organization can present a consistent, professional approach. Below are some example organizational culture categories and strategies for selling to those, cultures: .

• Controlling environment. Emphasize the value of the standardization that comes with managed services. Stress the efficiency of the change management, configuration management, and release management processes. Discuss how the solutions are based on rigorous industry standards like ITIL.

• Highly technical group. Comprehensive managed services can free internal IT staff time for high-level work like research and solution design by, reducing time spent on routine maintenance. Sell the solution as a way to relieve them of the burdens of tedious maintenance tasks and being on-call for support.

• Afraid to do anything. Some IT departments face huge responsibilities and are afraid to disturb their infrastructure. Typically, these organizations have experienced high staff turnover and their systems have no history of standardization or documentation to guide current staff. Emphasize the thorough infrastructure documentation that comprehensive managed services can provide, and the fact that the solution is based on proven technology and leading industry standards like ITIL.

• Looking for a way to reduce head count. Many organizations have embraced outsourcing. Their executives do not see IT infrastructure as core work for their organization; they see it as a chore. Focus on the senior executives and emphasize the ability to meet ,all of their IT needs with comprehensive managed services.

[0245] While the solution provider needs to consider the customer's financial situation to sell them the right managed services solution, comprehensive managed services eliminates the need for customers to worry about the solution provider's viability. Historically, organizations are very cautious about IT service providers, and worry in particular about the provider's financial viability. The customer has a lot to lose when the IT service provider goes out of business. With comprehensive managed services, however, the solution provider can remotely manage the customer's systems, and the customer can keep its servers at its own site. Because all systems are completely up-to-date and are maintained according to strict

10106946.1 - 66 - Atty Docket No. 039650-10

standards and guidelines, the customer is at minimal risk if something happens to the solution provider's business. . ,

[0246] The solution provider can find potential managed services customers in a variety of ways. As discussed above, the solution provider may search the existing customer base for organizations matching the criteria outlined above. Other methods exist, however, to find businesses that may be interested in a managed services solution. For instance, the solution provider may find potential customers by looking through, the job postings to identify seeking IT staff.

[0247] The solution provider may employ cold calling to find customer. With this approach, the solution provider researches small and medium-sized organizations in the geographic service area. After obtaining a general understanding of the organizational background for each prospect, the solution provider directly calls the prospect using a sales script which delivers a short message focusing on the cost savings and security benefits of a managed services solution.

[0248] The solution provider may also schedule an onsite meeting to educate a prospective customer about the solution provider's organization and. the benefits of the managed services offering. The discussion with the prospective customer may begin with a series of open-ended questions, which may encourage the prospective customer to consider a comprehensive managed services solution more closely:

• What are the top priorities for your IT department in the next year or two?

• Has your organization ever outsourced any IT services?

• How do you view your IT group?

• Do you have defined SLAs, and, if so, for what systems?

• Do you have service or hardware contracts with vendors or other IT service companies?

• Are you evaluating how to improve system management within your next budget cycle?

• Do you have any regulatory or auditing requirements today?

• How many people are in your IT department?

• What are the major roles in your IT department?

• How many desktops and laptops do you manage?

10106946.1 - 67 - Atty Docket No. 039650-10

• What desktop operating system or systems are you running?

• How frequently do you replace desktop hardware?

• How do you track and manage hardware assets?

• Roughly, how many different applications run on your desktops?

• What are your critical applications?

• How do you deploy applications?

• How many sites are in your organization?

• How many sites are large datacenters, regional hubs, and branch offices?

• Do you track help desk call volume and times to resolution?

• What are your top help desk calls?

• Is your IT department understaffed or overstaffed?

• Have you lost any IT support personnel?

• Do you want to hire more IT personnel, and what the full cost for those positions?

• How much do you spend annually hiring outside support to help manage your network?

• How much time do you spend on routine IT tasks instead of strategic projects?

• What are the major roadblocks for your staff to get their work done?

• Do you currently monitor your systems?

• Do you do any proactive maintenance?

• Do you analyze current trends for your IT systems on a regular basis?

• Are you compliant with regulatory obligations?

• Do your IT staff like being on-call?

• How many people know your server setup?

• What does your IT staff like or dislike about their jobs?

• What is your internal cost to manage desktops and servers?

• What do your non-IT staff say about the IT support they are getting?

• Do you think your computing environment is highly secure and why?

• Is your organization struggling to keep up with software upgrades and patches?

• What is your existing patch management process?

• How frequently do you distribute patches? - 68 - Atty Docket No. 039650-10

• Can you ensure that all computers install a patch when you distribute <it?

• Do you use a tool to manage desktop software deployments and if so, what tool?

• What operating systems do your critical applications require?

• Do you have a disaster recovery?

[0249] The solution provider may also use web seminars as a convenient forum to find interested customers. A web seminar requires customers to dial into a conference call while simultaneously logging onto a web site to view a presentation. This method can provide many of the benefits of in-person discussion without the demands of travel. Web seminars can shorten the sales cycle and save money on facilities, travel, promotional materials, refreshments, and employees' time. Ideally, a Web seminar should last 30-60 minutes and the major components may include:

• Introduction

• Overview of comprehensive managed services

• Reasons to employ comprehensive managed services

• Sample reports

• Open-ended questions (see above)

• Case studies and references

• Pricing

• Next steps

[0250] Alternatively, a traditional live seminar can be used in place of the web seminar. The presentation at a live seminar may be organized like the web seminar. However, live seminars enable customers to meet the solution provider's staff and encourage networking among attendees.

[0251] In general, the solution provider may employ a marketing campaign, which may include any of the following:

• Mailers

• Invitations

• Radio and/or TV ads

• Ads in a local publications

• Web site updates

10106946.1 - 69 - Atty Docket No. 039650-10

• Cold calling

• Web seminars

• Seminars ,

• Marketing collateral including price sheets, case studies, references, process guides, sample reports, and battle cards

• Promotional items

[0252] Another component in selling the comprehensive managed services solution is shown in step 820 as understanding managed services customization options. The solution provider's success in selling managed services depends on the sales team's ability to align the solution provider's offerings with customer needs. Both the sales and technical teams must be well versed in the details of the solution provider's offerings and able to identify each customer's challenges.

[0253] As discussed above, one approach to help ensure the staff can master these important details is to build a set of standardized packages and define standards for offering a Ia carte services. Flexible pricing and options helps the solution provider to reach an agreement with the customer.

[0254] As shown in step 830, another aspect of selling the comprehensive managed services solution is positioning comprehensive managed services solutions. This step involves identifying customer needs, tailoring solutions to meet customer needs, selling comprehensive managed services benefits, and identifying and positioning additional opportunities.

[0255] When the solution provider first engages a prospect customer to sell a comprehensive managed services solution, the solution provider provides an in-depth overview of what the comprehensive managed services solution has to offer and how it will benefit the prospective customer's specific challenges and needs. As the solution provider interacts with a prospective customer, it identifies the prospective customer's needs, tailors a solution to meet those needs, positions the benefits of managed services, and identifies additional opportunities.

[0256] When the solution provider meets with a prospective customer, one of the solution provider's primary objectives is to gain a thorough understanding of the prospect's infrastructure and IT challenges. The solution provider is prepared with a series of questions

10106946 1 - 70 - Atty Docket No, 039650-10

to help identify the prospect's core tasks and understand how IT supports each work process. The solution provider may take a partnering approach, .rather than a sales approach, to let the prospect know that it understands the devices on their network, etc.

[0257] After discussing the prospect's needs arid challenges with the prospect, the solution provider may recommend an assessment that can provide a further understanding of the transition to a comprehensive managed services environment.

[0258] When negotiating with a prospective customer, the solution provider may recommend a phased approach instead of an immediate transition to comprehensive management, especially if the prospect is not an existing customer. By taking a phased approach, the solution provider can ease the customer's concerns about adverse effects on the customer's organization, while also demonstrating that the comprehensive managed services solution can prove improve the customer's IT environment.

[0259] A phased approach may involve using a specific server or group of servers within the customer's infrastructure for pilot implementation. For example, the solution provider may identify a system that is problematic or one that is essential to the customer's needs. To begin, the solution provider may perform the pilot work on a time-and-materials basis before moving the customer to a subscription-based managed services solution. Doing so may demonstrate to the customer that solution provider is willing to customize its services and pricing scheme to address the customer's concerns.

[0260] As the working relationship grows and the customer feels more comfortable, the customer can be eased into a comprehensive managed services solution. If the pilot work involves an upgrade to a problematic system, preferably the service offering involves monitoring the system according to a managed services approach. This step demonstrates the cost savings, reliability, and ease of operations that a managed services solution provides. Once the managed services approach has proved itself to the customer, the solution provider may propose additional managed service components. These additional components may also be provided in a phased approach. For instance, the solution provider first provides monitoring, alerting, and reporting only. After a period of time, the solution provider then adds patching services. After yet more time, the solution provider manages, analyzes, and optimizes systems, in addition to the first two sets of services. Finally, full administration

10106946.1 - 71 - Atty Docket No. 039650-10

can be passed to the solution provider, which becomes the customer's virtual system and network administrator.

[0261] The benefits to the implementation¹ of a comprehensive managed services solution are discussed extensively herein. The solution provider keeps these benefits at the forefront of its discussions when meeting with potential customers. A high-level summary of these benefits includes:

• Reduced cost of managing IT infrastructure

• Increased productivity: o Decreased downtime o Improved network performance

• More reliable IT environment:

• Proactive systems management

• Automated alerting and event notification _.

• Secure infrastructure

• Asset management

• Access to experts on demand:

• Experts respond to problems quickly

• Opening incidences with experts

• No need to hire hourly consultants

• Staff freed of on-call support

• Month-end trend analysis with an expert

• All work follows best practices

[0262] The solution provider can add components to a customer's solution any time a new need is identified. Below is a list of additional services that may be offered through affiliates or the solution provider itself:

• E-mail, anti-virus, and anti-spam filtering

• Web site hosting and DNS services

• Managed desktops

• Managed printers

• Administration

10106946.1 - 72 - Atty Docket No, 039650-10

• Web filtering, monitoring and reporting »

• Intrusion detection and prevention

• Vulnerability assessment and remediation

• Managed firewalls

• Disaster recovery service

• Backup service

• Mobile device support (e.g. Blackberry, SmartPhone)

• Managed routers and switches

[0263] Step 840 shows that defining and customizing the scope of work is another component of selling the comprehensive managed services solution. Every managed services engagement begins as a partnership between the solution provider and its customer. One of the first steps in establishing this partnership is defining and customizing the scope of work that will be provided to the customer. Defining the scope of work minimizes any misunderstanding about what is included in, or excluded from, a managed services engagement. The scope of work defines the services being provided, the duration of time to perform the services, staff roles and responsibilities, and the costs to provide these services. [0264] To create effective scope of work documents, the solution provider defines the customer's needs, customizes the managed service solution, defines service level agreements, and provides financial justification. By addressing these elements, the solution provider documents the expectations for the solution provider and the customer and define the elements essential to establishing harmonious managed services relationship. [0265] To align managed service offerings effectively with customer needs, the solution provider attains a solid understanding of the customer's environment as well as its organizational culture. The solution provider may understand what the customer requires from its IT environment by collecting information about the following aspects of the customer's environment:

• Key work processes

• Value proposition

• Mission critical activities

• How managed services can improve these activities and processes

• How IT disruptions affect work

10106946.1 - 73 - Atty Docket No. 039650-10

• What the maximum acceptable downtime for each device is

[0266] By documenting the customer's IT requirements and expectations, the solution provider establishes a map for customizing a managed services solution for the customer. This alignment between the solution and customer expectations permits the solution provider to assess and respond to a customer's critical needs. Identifying the customer's needs accurately and understanding how they can benefit from comprehensive managed services enables the solution provider to substantiate and articulate the value to the customer. [0267] Pricing is an important tool the solution provider has to customize solutions to meet the needs of particular customers. Pricing is typically the primary driver behind the type of service solution customers choose. Thus, the pricing is based on the objectives of the customer and created to satisfy their expressed needs.

[0268] The solution provider may create custom service offerings to address customer requirements that cannot be addressed through a pre-packaged solution. As indicated previously, the pre-packaged solution offerings include a complete packaged solution, a per- device solution, and a fee-based solution.

[0269] A complete packaged solution suits smaller customers that might already have internal IT support. The focus of this solution is to provide remote management and security services to enable the internal IT staff to focus on strategic projects.

[0270] A per-device solution suits organizations that have an internal IT department or have already made a significant investment in hardware. The solution provider may provide managed services for specific servers without providing the licensing and hardware. This pricing model gives customers the ability to outsource specific aspects of their environment and enables them to focus on strategic IT projects.

[0271] A fee-based solution suits customers whose infrastructure already includes hardware and software that meet the solution standards or for those customers who are more comfortable with a time-and-materials approach.

[0272] For smaller customers, the solution provider may provide a complete solution including hardware, software, and services. This type of solution provides everything a small organization needs at a low monthly cost. The standard package may include a server, firewall, switch, and UPS device. The customer may decide to own or lease the hardware,

10106946.1 - 74 - Atty Docket No, 039650-10

but in either case all hardware provided to the customer is covered by manufacturer warranty for the length of the customer agreement.

[0273] The customer's needs and challenges determine whether a pre-packaged solution will suffice or if additional components will be needed. Additional services can be provided under the pricing models described above. Furthermore, services may be provided on an a- la-carte basis, as explained in detail previously.

[0274] Service level agreements specify the quality, capacity, and timeliness of the service expected by customers. An SLA can be a highly effective tool for helping the solution provider and its customers manage expectations, clarify responsibilities, and objectively assess service effectiveness.

[0275] An SLA defines the boundaries of the engagement in terms of the functions and services that the solution provider provides to its customers. A well-defined service level agreement correctly sets expectations for both the solution provider and the customer, and provides targets for accurately measuring those objectives. A service level agreement improves the delivery of managed services in accordance with the customer's needs and helps sustain customer relationships by setting achievable and realistic expectations and benchmarks.

[0276] A service level agreement may act as:

• A communications tool. A service level agreement assists in achieving a mutual understanding and opens up communications to build stronger relationships.

• A conflict prevention tool. A service level agreement helps to avoid and manage disputes by providing a shared understanding of needs and priorities. If conflicts occur, they can be resolved more expeditiously because expectations are documented.

• A living agreement. The managed services organization should set a predetermined frequency both internally and with customers to review and assess the services being provided, and negotiate any required revisions.

[0277] To further sell the customer on the comprehensive managed services model, the solution provider helps the customer justify the cost of the employing the model. In particular, the solution provider may perform both a cost analysis and return on investment analysis for the recommended solution. Because customers are concerned about the value

101O6946.1 - 75 - Atty Docket No. 039650-10

they receive from their expenditures, the solution provider communicates the value of managed services, the cost benefits, and the return on investment that the solution provides. [0278] The solution provider may emphasize, -particularly in a scope of work document, the following efficiencies of a comprehensive managed services solution:

• Lower staff overhead. The salary, benefits, and training associated with employing IT staff can often be the largest portion of an organization's IT budget. Having on-demand managed services resources provides higher quality, better- trained IT support at a lower cost to the customer.

• Reduced expenses through improved IT cost management. Through the standardization and control provided by managed services, customers can identify opportunities to reduce total fixed costs. The standardization entailed in adopting comprehensive managed services also helps to eliminate unnecessary costs associated with maintaining diverse systems.

• Increased cost predictability. Environments that are managed and secured remotely can provide increased abilities to predict and manage IT costs more accurately and successfully.

[0279] After establishing a customer's scope of work requirements, the solution provider finalizes the goals, requirements, and expectations of the offering with the customer. This finalization step provides the solution provider and the customer an opportunity to revise the scope of work to address any questions, concerns, or last-minute issues, in addition to confirming the customer's expectations. During the finalization step, the solution provider reviews and verifies the implementation process with the customer. Specifically, specific topics that may have a greater impact on the customer's organization should be reviewed and confirmed. For instance, project timelines and requirements for customer resources may have an impact on the customer and its other ongoing projects or initiatives. [0280] FIG. 9 illustrates the steps for building the comprehensive managed services process. The steps include developing a managed services transition plan, developing internal communication processes, and developing external communication processes. [0281] As shown in step 910, developing a managed services transition plan involves documenting a site survey process, documenting a managed services technical design

101O6946.1 - 76 - Atty Docket No. 039650-10

process, documenting a flowchart process, documenting a managed services migration plan, documenting a pilot implementation process, documenting a functionality acceptance process, and documenting a disaster recovery plan.

[0282] Transitioning a customer to a managed services solution requires careful planning to ensure that the solution coincides with the customer's expectation and that the implementation goes as smoothly as possible. The solution provider minimizes issues during implementation by following a process that includes the following phases:

• Completing a comprehensive site survey

• Following a consistent technical design process

• Creating a customized migration plan for each implementation

• Deploying a pilot implementation

• Testing functionality and gaining customer acceptance

• Defining a recovery process

[0283] After the solution provider determines the scope of the managed services solution as described above, the solution provider performs a site survey and documents the existing environment. This documentation forms the basis for the migration plan, the support agreement, and the cost estimate.

[0284] The level of detail and scope of the site survey depends on the managed services the solution provider deploys for the customer. Managing a single IT asset requires a detailed understanding of only a few specific aspects of the customer infrastructure, and has little or no interaction with other aspects of the customer network infrastructure. For instance, an offering to manage e-mail spam filtering requires a detailed understanding of the domain names the customer has registered, which ISPs host Msolution provider records, and internal and external mail flow, but is not concerned with other aspects of the customer's network, such as which servers host terminal services or what operating system the customer's workstations are running.

[0285] On the other hand, more comprehensive managed services offerings generally require detailed and complete information about the customer's existing infrastructure. For example, a managed services offering that includes outsourced management of several existing servers require a great deal of information about the services those servers provide, how the servers are currently configured, and how the servers are currently managed and

10106946.1 - 77 - Atty Docket No. 039650-10

patched. In addition, if the solution provider shares some aspects of administering a device with internal IT staff, the site survey includes information about customer practices that affect the covered device. A managed services offering that is based on the implementation of new software also requires a site survey to determine what interaction the new software will have with existing systems, and how any existing work processes (e.g. disaster recovery or backup) will be affected by the implementation.

[0286] The design of each customer's managed services environment may be a unique solution created by a joint effort between the solution provider and the customer. Factors that might affect solution design includes the customer's current level of sophistication, its internal IT support capacity, and its organizational needs.

[0287] In small environments, the solution provider may recommend a standard core offering of services with a few modifications to meet the customer's needs. Implementing a

Standard core offering may be preferable, because it enables the solution provider to develop a large base of standardized customer environments that can be support easily with a small staff.

[0288] For a larger customer, especially one with a well-developed internal IT staff, the overall solution may involve more customization, and as such, may be designed by a team of experts in their respective fields. For many customers, the design might require a senior-level network architect with several years of; experience.

[0289] Building the comprehensive managed services process may include documenting the process as a flowchart. As described above, implementing comprehensive managed services solution may consist consists of the following phases.

• Completing a comprehensive site survey

• Following a consistent technical design process

• Creating a customized migration plan for each implementation

• Deploying a pilot implementation

• Testing functionality and gaining customer acceptance

As such, FIG. 11 illustrates an example of a flowchart that summarizes how the sales, engineering, and operations teams work together to sell and implement a managed services offering.

10106946.1 - 78 - Atty Docket No. 039650-10

[0290] The migration plan is a step-by-step plan to move the customer fram its current environment to the managed services environment. Depending on the scope of the managed services solution and the size of the customer, the migration plan can be as simple as installing a firewall or as complex as a complete network re-design that requires formal project planning and a large deployment team.

[0291] ^' The migration plan should be written by the staff member who develops the solution design, and should include enough specific information for the customer to plan ahead for downtime and any necessary training for end users.

[0292] . Regardless of the complexity of the managed services solution, a managed services migration plan is different from a typical consulting engagement. In a typical consulting project, consultants are hired to produce a specific result dictated by the customer, or consultants might perform a needs assessment and develop some general recommendations.

[0293] In a managed services implementation, the end-state of the migration plan is not defined by the customer, but rather is defined by both parties during the creation of the managed services agreement. Another way of looking at the managed services migration plan is that the end-state is the point where the requirements of the customer agreement can be met and the managed services support team takes over control of the covered devices.

[0294] A pilot implementation, as discussed above, may be advantageous, but is required only if the scope of the change is large or the sensitivity of the customer is high. During the initial site survey and solution design, the solution provider and the customer decide whether to deploy a pilot implementation. An important factor in making this decision is risk. For instance, if there is a risk of significant downtime or data loss, the solution provider may test the solution either in a lab environment or with a limited group of users in a pilot implementation. The solution provider explains the risks of an enterprise-wide implementation and the time and resources required to conduct a pilot test, so the customer has the necessary information to decide on a pilot implementation.

[0295] With proper solution design, planning, and testing, the implementation of the solution design is a straightforward process. The solution provider keeps the customer informed with regular status reports and follows accepted project management methodology to address any deviations from the migration plan.

10106946.1 - 79 - Atty Docket No. 039650-10

[0296] After the solution provider implements a managed services environment, the customer must formally agree that the deployment meets the requirements set forth in the SLA. Functionality acceptance, is an important step, because it provides an opportunity for the customer to test the deployment, verify that the managed services meets requirements, and raise any concerns about functionality. By accepting functionality, the customer is agreeing that the solution has been implemented as planned. This provides important documentatiqn in the event of a disagreement later in the relationship. [0297] After the customer has accepted functionality, the solution provider begins ongoing operation of the managed services environment and assumes control of the systems and services covered by the SLA. At this point, change management processes and both parties' responsibilities under the SLA are enforced. Billing may also begin on the date the client formally accepts functionality.

[0298] Functionality acceptance also serves as the final checkpoint for the solution provider to verify that the new configuration meets technical requirements for ongoing support and management. The solution provider's managed services team tests all remote management, monitoring, and support components to ensure proper installation, configuration, and functionality before the solution provider accepts functionality. After the customer and the solution provider's managed services team have accepted functionality, the solution provider becomes responsible for meeting the requirements of the SLA. [0299] Regardless of the level of service desired, each customer expects the solution provider to have a comprehensive recovery plan in the event of a hardware failure or other emergency. Depending on their sensitivity to downtime, some customers might also demand SLAs that dictate the availability of service during certain hours, with financial penalties for downtime out of SLA terms., ' Unexpected downtime, even if it presents no contractual penalties, decreases the value of the solution provider's services. The solution provider maximizes service availability and customer value by building inherent redundancy into each offering and creating recovery plans.

[0300] The solution provider designs and builds its offerings with redundancy in mind. For instance, with a server-based offering, RAID-5 disk sub-systems, redundant power supplies, and redundant cooling fans may be required. Other hardware-based solutions should use whatever redundancy options are available. An external un-interruptible power

1O106946.1 - 80 - Atty Docket No, 039650-10

supply (UPS) may be employed to minimize hardware failure or unavailability due to a power spike or outage. Redundancy is analyzed for cost benefit, but basic forms of hardware-based redundancy are generally cost-effective. For. example, a simple hard drive failure in a server might require a new hard drive to be ordered. The new drive may not arrive for several days, and once available, a technician is required to perform the replacement (potentially pulling them from a billable engagement elsewhere). Even if hardware is under warranty, the cost of dispatching a technician likely outweighs the cost of the spare drive, not to mention the risk to the customer relationship posed by the downtime. [0301] . Redundancy can also be incorporated into offerings with no hardware components. In particular, support processes with redundant parallel paths can be employed. For example, a managed service to monitor a server and troubleshoot errors remotely must have some way, such as e-mail or a text message to a pager or mobile phone, to notify support staff in the event of an error. The solution provider may set up a redundant path to alert support staff via both paths to ensure receipt, or to notify via pager with a follow-up alert via e-mail if the alert is not acknowledged in a set amount of time. The solution provider may design systems to escalate automatically to a backup staff member if an alert is not resolved in a set amount of time by the person on duty.

[0302] The solution provider also designs each offering with a recovery plan in case of total failure. A recovery plan applies typically to hardware, such as a firewall that will not boot after a lightning strike or other catastrophic failure. Standardization and effective change management are the keys to quick recovery in this event. For example, employing firewalls with a standard configuration means that the solution provider can build a replacement quickly using assets already on hand. Therefore, recovering from a failed firewall involves retrieving a standard hardware configuration from inventory, following the standard build process, and then referring to the change management logs to reconfigure whatever minimal changes were applied after the firewall was initially placed on the customer site. While downtime is sometimes unavoidable, recovery is much quicker and easier if disaster recovery plans exist.

[0303] One additional level of disaster recovery applies to any services provided to customers through third parties. For any service that the solution provider provides through an affiliate, the solution provider has relationships with additional potential affiliates that

10106946.1 - 81 - Atty Docket No. 039650-10

provide the same or substantially similar service. This enables a quick transition if an active affiliate ceases doing business or is no longer cost-effective. Maintaining relationships with a wide array of affiliates keeps the solution provider independent from external factors. [0304] As further illustrated in FIG. 9, step 930 involves developing internal communication processes, which may include documenting an external change management process, documenting an external configuration management process, documenting an external release management process, documenting an external incident management process, and documenting an external problem management process.

[0305] Well-defined internal communication processes as well as strong documentation support effective, efficient system maintenance and problem resolution in an IT environment. Organizations of all sizes require communication processes to maintain successful operations and ensure that they use their assets effectively. Communication management is fundamental to the solution provider's approach to planning, implementing, maintaining, and revising its managed services offerings.

[0306] The solution provider bases a communication management strategy on five major processes: change management, configuration management, release management, incident management, and problem management. Organizing communication management strategies around these five processes allows the solution provider to accommodate a wide variety of customers with differing needs while maintaining consistency that promotes internal efficiency and enhances customers' sense of the solution provider's professionalism. [0307] IT systems are dynamic and always changing. Providing effective managed services means that change must be handled smoothly and continuously. A formal change management process ensures that the solution provider tests all changes against formal standards and methods and provides a record of changes. A well-designed change management process also schedules changes in a timely and non-disruptive manner. A simple internal change management process allows the solution provider to be more flexible in accommodating customer needs and requirements. A simple but effective process may be designed with three components: change requests, administrative authorization, and final review.

[0308] Change requests can by initiated by the solution provider's internal staff or by customers. Most internal change requests involve proactive maintenance, such as operating

10106946.1 - 82 - Atty Docket No. 039650-10

system and application patching, resource management, or directory health management. Customer requests vary widely according to the organization, but typically will ask for new applications or server services.

[0309] The change request process begins with a request for change (RFC). The solution provider establishes a standard format for RFCs that record all pertinent information regarding the proposed change. A standard RFC includes a unique identifier, an identification of the problem or need, a description of the desired result, parties potentially impacted by the change, the process for making the change, and a proposed deadline for the application, of the change. A standard RFC also includes the service continuity plan in case of failure, the cost of making the change, the budget amount for approval and sign-off, and the priority for the proposed change. The RFC contains sufficient information to enable a change manager or review committee to assess the change for authorization. [0310] Each new RFC is screened by a change manager who can provide administrative authorization for further work. The solution provider establishes permanent, full-time change managers or assigns the role to technicians with skills pertinent to each RFC. During administrative authorization, change managers who discover incomplete or inaccurate information contact the originator of the RFC to find the full and correct information. Change managers also review the priority assigned to the RFC and change it if appropriate. The last step of administrative authorization is to approve or reject an RFC. Depending on both the impact of the change and the standards set at the client's site, an RFC may be released immediately after administrative authorization. If the request for change is rejected, it is considered closed. Upon receipt of rejection, the RFC originator decides to withdraw the request or submit a new RFC for review.

[0311] The solution provider may also require additional authorization by a review committee when the RFC poses a potentially high impact on a customer organization. Review committee members should have strong experience with the context of the RFC so they can provide accurate projections of the results. Ensuring that proposed changes are scrutinized thoroughly is crucial before releasing a change to a production environment. . [0312] The pace and volume of configuration changes will vary from customer to customer, and managing those changes effectively is essential to the solution provider's long- term success. The configuration management process identifies, controls, and tracks all

10106946.1 - 83 - Atty Docket No. 039650-10

versions of hardware, software, documentation, and procedures of the solution provider's IT organization. Effective configuration management can ensure that only authorized components are used in the IT environment and that all changes are recorded and tracked. Effective configuration management requires proper organization of change records for easy future reference.

[0313] The solution provider may base a configuration management strategy on formal records called configuration items (CIs) that isolate and define the various components of both customer systems and internal systems that are being used to serve that customer. A CI is any element of an IT system (hardware, software, or documented process) that is formally defined and managed. CIs may be very simple, such as a brand of monitor tp purchase, or something much more complex, such as an operating system. A common challenge that many organizations face is maintaining hardware and software standards among their various departments. The solution provider can record every system element, from server hardware to system backup procedures, as a CI to improve overall management. [0314] The solution provider collects CIs in a centralized repository such as a configuration management database (CMDB). A CMDB provides a concrete tool that enables management to oversee infrastructure and maintain standards. When pertinent information for each CI is clearly present, revealing patterns in how CIs interact may be discovered. A CMDB can help standardize platforms and avoid implementing redundant processes and applications. For example, if a server needs to be imaged, a technician can access the CMDB to check for documentation on the standard imaging process. [0315] Release management is employed to handle deployment of changes after they are authorized, developed, tested, and packaged. The release management process ensures that all changes are deployed successfully into the production environment with minimal service interruptions.

[0316] To deploy a release management solution, knowledge of the environment is vital. Some relevant questions include: How many applications are there and what are their functions? What security standards do you and your customers require? What are the various system testing requirements and times allocated for your change windows? Does your test lab meet a level of satisfaction and enable you to know with confidence what effects a given change will have in the production environment?

10106946.1 - 84 - Atty Docket No. 039650- 10

[0317] Depending on the size of the solution provider's organization,* the release management process may be handled, at least in part, by the change manager. After all submitted changes have been prioritized and particular change teams created, the release process is documented and implemented.

[0318] When there is a system failure or service interruption, a resolution is implemented as soon as possible to return the system back to normal operation. Incident management is an important process that provides the solution provider with the ability to identify, record, and resolve the issue to minimize any negative business impact. The process also provides. management with detailed and accurate information on the incidents that are consistently affecting the organization. The incident management process ensures that the solution provider's support resources are focused on issues that have the highest level of urgency and potentially the greatest impact on business.

[0319] Past incidents recorded in the centralized repository or CMDB (Configuration Management Database) may provide information to help resolve a current incident, thus saving significant time in troubleshooting and returning the system to normal operation more rapidly. Furthermore, incident records can be used to identify network trends and problem areas, so that the solution provider's staff can be proactive and prevent serious issues from developing and interrupting business.

[0320] Problem management requires regular assessment of current CIs. By methodically examining and addressing problems that cause sustained incident patterns, the solution provider can save time for the support staff, thereby improving their overall productivity. Effective problem management helps to maintain continuity and ensures higher quality release management testing.

[0321] Methodical problem management helps the solution provider to determine the root causes of many incidents and address problems by making changes to internal processes, procedures, or the solution provider's infrastructure. To resolve a pattern of related, problems, the solution provider may reevaluate and change configuration standards or user practices. As such, problem and change management work side by side. [0322] Because no two organizations are alike, the solution provider may engage with some customers who maintain comprehensive formal processes, some who have partially formalized their processes, and some who have no methodical approach to IT at all.

10106946.1 - 85 - Atty Docket No. 039650-10

Regardless of a particular customer's previous IT management methods, effective external communication processes emphasize the solution provider's value as a managed services provider.

[0323] As shown in step 930 of FIG. 9, developing external communication processes is an important aspect of building the comprehensive managed services, process. Step 930 includes documenting an external change management process, documenting an external configuration management process, documenting an external release management process, documenting an external incident management process, and documenting an external problem management process.

[0324] Preferably, the solution provider establishes a seamless bridge between its internal and external communication processes. Requests for change (RFCs) and incident reporting between the two sides are based on the same standards and duplicated as configuration items (CIs) for each of the central repositories. If the solution provider is hired to develop its customer's processes from the ground up, it establishes full parity between internal and external communication processes with relative ease.

[0325] However, some customers may want the solution provider to integrate the solution provider services into the customer's existing processes rather than starting from scratch. Therefore, the solution provider may offer communication management solutions that align the customer's communications processes with the solution provider's processes.

Many software solutions can act as the foundation for the customer's communications management and centralized repository. When creating its external communication processes, the solution provider collects information about the communication processes its customers may have implemented and directs the flow of data between the customers' processes and its own processes.

[0326] As indicated with respect to the solution provider's internal communications, the goal of the change management process is to ensure that all changes for hardware, software, and processes are reviewed, approved, and documented in a way that facilitates analysis of the information.

[0327] The differences between the solution provider's and customer's change management processes may present a hurdle to establishing a comprehensive managed services solution. Keeping the solution provider's internal change management process

10106946.1 - 86 - Atty Docket No. 039650-10

relatively simple facilitates interaction between the solution provider's system and the customer's separate change management process. Items such as RFCs are duplicated so that a record is held by both organizations. For customers who have their own change managers, the solution provider will need to give special attention to external communication to avoid excessive management overhead.

[0328] ^' The manner in which the customer submits changes, manages information flow, and approves or rejects changes can differ greatly both from the solution provider's internal processes and from those of customers. Nevertheless, the underlying principles shaping the change management process remains the same.

[0329] Configuration management is the process of identifying, controlling, and tracking all versions of hardware, software, documentation, processes, procedures, and all other components of the IT infrastructure. Configuration management ensures that only authorized components are used in the IT environment and that all changes are recorded and tracked. Whether the solution provider only uses its own CMDB, establishes a unique CMDB for a customer, or links its CMDB to the customer's existing repository for CIs, effective external configuration management maximizes efficiency by strengthening the solution provider's understanding of each customer's environment and standardizing ongoing CI reviews. [0330] External release management are an important aspect of external communications processes. Much like the other core management processes, some customers might already have an internal release management process. This redundancy might seem a tedious burden, but it can create a powerful mechanism to promote communication and understanding between the solution provider and the customer by ensuring that released changes meet prerequisites and standards.

[0331] During customer environment assessments, document the various applications, revision levels, models of equipment, and required security standards. Understanding both the customer's IT systems and their organizational needs is essential to documenting an external release management process. Well-designed processes may save the solution provider's IT staff the time of repeating unnecessary tasks while helping to ensure successful change deployments.

[0332] In the event of a system failure or service interruption, a strong external incident management process enables problems to be resolved quickly and return to normal

10106946.1 - 87 - Atty Docket No. 039650-10

operations. The external incident management processes need to cover both customers and any affiliates.

[0333] Proactive monitoring and maintenance are essential to successful comprehensive managed services offerings. .The solution provider needs to be able to protect the integrity of its customers' systems and assess usage patterns to anticipate their changing needs. Depending on a particular customer's environment and the SLA, incident reporting might be recorded only in the solution provider's repository or by both the solution provider and the customer. When using dual repositories, the solution provider ensures that the records are consistent in both systems.

[0334] An effective problem management process can help ensure that the solution provider provides high quality services. The solution provider needs to take a rigorously analytical approach to the root causes of the incident that may lead to proactive changes to processes, procedures, or infrastructure to resolve the problem completely. Continuous monitoring and trend analysis saves time during problem resolution and helps minimize the damage from incidents. When initially assessing a customer's environment, the solution provider reviews any pre-existing or reoccurring incidents or CIs before developing the final transition requirements and plans for the customer's managed services environment. [0335] FIG. 10 illustrates the steps for providing comprehensive managed services support, which includes establishing managed services expectations, initiating comprehensive managed services, and maintaining comprehensive managed services.

[0336] After the solution provider completes a customer's transition to a managed services solution, its managed services team begins providing ongoing remote monitoring and management, automated patching and updating, and helpdesk support. After the transition, the solution provider needs to ensure that the solution provider has established clear managed services expectations, initiate the routine functions of comprehensive managed services, and then maintain those functions and report regularly on the results of all work. [0337] After the solution provider implements a transition to a managed services environment, it becomes responsible for meeting the requirements of the customer's managed service agreement. The support and maintenance for the customer is described in detail hereinabove.

10106946.1 - 88 - Atty Docket No. 039650-10

[0338] As shown in step 1010 of FIG. 10, establishing managed services expectations is an important aspect of providing comprehensive managed services support. Establishing proper expectations with the customer is critical to a successful managed services engagement, Although the solution provider formally establishes expectations with the customer in a managed services level agreement, expectations may change throughout the duration^'of the relationship between the parties.

[0339] Members of the sales, engineering, and implementation teams must be aware that customer expectations may be affected by discussions regarding pricing, service response requirements, preventative maintenance schedules, patching and updating schedules, requests and escalation processes. The ongoing support team also must understand customer expectations that were established during the sales and initial deployment processes and that are a part of the ongoing support procedures. To help manage ongoing customer expectations effectively, the solution provider reviews expectations for security and preventative maintenance schedules periodically.

[0340] Managed services customers expect that their environment will remain secure, as specified by their service level agreement. The solution provider informs its customers when and how it will perform security maintenance to ensure that it meets customer expectations regarding security.

[0341] Comprehensive managed services includes a centrally managed anti-virus solution, and the solution provider specifies the risk points that it scans, which may include e- mail servers, web servers, and workstations. The solution provider informs its customers that the anti-virus software and virus definition files are updated automatically. If a customer uses e-mail, the solution provider that the customer understands that the firewall may be configured to remove specific types of incoming attachments that are commonly associated with viruses.

[0342] The solution provider updates customers on all aspects of its server hardening, practices which will affect end users, including strong password policies and off-hours limits to certain network resources. The solution provider also has a defined procedure to ensure that security updates are applied promptly and consistently. The solution provider ensures that customers understand that although patches and updates are released often and on no particular schedule, centralized management from the solution provider's organization will

10106946.1 - 89 - Atty Docket No. 039650-10

ensure that all systems are kept up to date. The solution provider should plan to deploy patches and updates according to their level of urgency and ensure that the service level agreement reflects that plan. Possible definitions for software update urgency are discussed in detail hereinabove.

[0343] To ensure that the solution provider's staff and the customer have clear expectations, each level of urgency is associated with a testing procedure and deployment schedule. For example, major revisions likely will require extensive testing and detailed planning to implement while critical security patches will be deployed quickly after testing in your lab environment. Patch testing and deployment procedures should be defined in the

SLA.

[0344] The solution provider follows formal change management and configuration management procedures for testing and applying each update. As discussed previously, the customer may also have change management processes with which the solution provider must also work.

[0345] In addition to security updates, the solution provider performs regular maintenance on managed devices to ensure optimal performance. Remote monitoring may be the primary method of ensuring that the covered devices are functioning correctly. The solution provider can perform remote monitoring using a variety of methods. Regardless of the monitoring method, however, the solution provider must define and use critical metrics for determining actions. Some basic metrics may include: processor utilization, disk space available (system), disk space available (data), memory utilization, critical or warning alert in event logs, backup failures, UPS alert, threshold critical or warning alerts, virus detection, and firewall attacks.

[0346] The solution provider's response to an alert may involve remote troubleshooting from its operations center and possibly dispatching an engineer. Another important part of ensuring optimal performance is regular analysis of managed devices.

[0347] As further shown in FIG. 10, step 1020 involves initiating comprehensive managed services. After implementing a comprehensive managed services environment for a customer and establishing expectations, the solution provider need to begin providing regular services. To begin providing ongoing services, the solution provider may provide a health check, implement patching, and implement management processes for configuration changes,

10106946 1 - 90 - Atty Docket No, 039650-10

new releases, and problems and incidents. All of the processes should be .planned and managed with industry best practices in mind.

[0348] The first step after initially deploying a managed services environment is to run a basic systems health check to ensure that there are no patches or updates that should be applied. Depending on which systems are being serviced, vendor web sites might detect available patches, vendors might send e-mail announcing updates, or they might provide scanning tools that will tell the solution provider when patches are available.

[0349] With a mechanism in place to alert the solution provider to available patches, a documented process (configuration item in the central repository) is employed to deploy the patches.

[0350] After checking system health for the customer, the solution provider is ready to implement the patching policies that are defined in the SLA. The solution provider will patch systems frequently for its customers. Timely application of a given patch is the optimal goal, but it is imperative to exercise caution when releasing a patch to the production environment.

A single patch can have adverse effects on an entire network, but customers might not always appreciate the risks and can become concerned if they know a patch is available but is still being tested before deployment. The solution provider's communication management process provides an, efficient solution to these potential conflicts.

[0351] To begin the process of applying a patch, an RFC needs to be created and sent for an administrative and technical review. The RFC will need all pertinent information that applies to the patch. Items covered in an RFC for a patch may include:

• The component(s) requiring the patch

• The vulnerability or functionality issue addressed by the patch

• A description of the patch itself (e.g. file size, individual files included)

• A level of urgency for this patch

• Proposed time to deploy the change

• Documentation testing has been performed to date

[0352] RFCs must be sent to the designated change manager for review. Before approving the change, the change manager will decide what release requirements are necessary and whether or not the requirements have been met.

10106946.1 - 91 - Atty Docket No. 039650-10

[0353] Change management and configuration management are interdependent. During a change process, all information regarding the details of the change will be part of the RFC.

The solution provider should save all RPCs in its configuration item (CI) repository for future reference. Change managers may want to review past RFCs involving similar patches. To understand which users might be affected by the change, the change, or maintenance, windows applicable to given devices, or whether or not a given system has the resources to accommodate a change, the solution provider may access its configuration management database for assessment sheets.

[0354] Whether the change is accepted or denied, the RFC is archived in the solution provider's configuration item repository. The outcome of the RFC will be included as well so that as future incidents or needs arise, operations will be enhanced with an updated knowledge base of CIs and procedures already encountered or that might affect release of the change.

[0355] Even before the change manager receives an RFC for a patch, the release management process is initiated when the submitter began testing the patch. Under formal release management, test users determine whether the change will <;ause any harm to the customer's operations. Any negative effects that are encountered will require review and consideration. On occasion, the solution provider may need to weigh the benefits of applying a critical patch against the negative effects it might cause.

[0356] After the testing staff determines that no significant negative effects will result from completing the requested change, the release manager completes a final review of the testing process and grants a release approval.

[0357] As with the other management processes, incident management is intertwined with the request to patch from beginning to end. An integrated incident management process first detected the need for a patch. In the case of a critical patch, it is crucial to determine the need for it as soon after release as possible.

[0358] During the testing phase of release management, the incident management process monitors system resources and reviews error logs. Anything detected by the monitoring tools and procedures is noted. Even if release management decides there are no significant errors detected during the test, any alert is noted and can be referenced after patch deployment.

10106946 1 - 92 - Atty Docket No. 039650-10

[0359] After patch deployment, the systems are examined closely. All incidents are logged in a central repository. In some cases, a change release will produce a spike in incident reports that leads to a review of the central repository to analyze incident trends. If a cause for an incident spike is discovered, then a formal RFC will be submitted to change management.

[0360] Following are some highlights of management processes and ways to improve their efficiency:

• Change Management

• RFC submission: Include as much detail as possible without providing unnecessary information. The fewer times an RFC needs to be returned for updates or clarification the quicker the change can be processed.

• Use an appropriate change manager for RFC review: For the average RFC (e.g. a patch request), there may be a single change manager. However, for some requests, a technician who specializes in particular software may also be required. Consider appointing technical resource managers to support a designated change manager.

• Configuration Management

• Configuration items (CIs): Standardizing CIs will improve the efficiency in which they are created and understood.

• Configuration Management Database (CMDB): Remember that the purpose of a central repository is to provide reference information that helps provide services efficiently. Organize CIs in a logical fashion to support trend analysis.

• Release Management

• Test environment: Setting strict guidelines for the test environment is crucial for successful change deployment. Ensure that the customer's production environment is properly represented in the test lab.

• Incident Management

• Monitoring: Establish a monitoring solution that provides reliable alerting. The more variables the monitoring solution can track, the more effectively proactive care can be provided to customers' systems.

10106946.1 - 93 - Atty Docket No. 039650-10

• Problem Management

• Repeated review of incidents reported: Frequently examining the CMDB for incident trends can help the organization manage problems proactively. [0361] Documenting and implementing a communication management process is only half of the process in meeting the overall goal of efficient managed services for. customers. Maintaining the process once it is implemented within the customer's environment is an even more critical and challenging component.

[0362] As further shown in step 1030 of FIG. 10, another component of providing comprehensive managed services support involves maintaining comprehensive managed services, which includes reviewing monthly reports, findings, and recommendations. [0363] Reviewing monthly reports helps the solution provider improve internal processes. Moreover, reviewing reports together with customers promotes the customer's appreciation of the value provided by the solution provider's solution. Monthly reports keep customers aware of the actions the solution provider takes and provide a proactive view of network activity and needs. The information included in monthly reports depends on reporting capabilities and the needs of each customer. Preferably, information that is pertinent to the service level agreement is presented. Information such as the monthly incident reports, including incident resolutions and the status of any current RFCs, are also preferable. These reports should provide an attractive, user-friendly presentation of data that can facilitate proactive decisions about network resources. In addition to any technical data, an executive summary that clearly describes the technical data presented in plain language is also preferable.

[0364] In many cases, it is preferable to present the report to the customer in person to help the customer review the information. Reviewing reports in person promotes a strong working relationship with the customer. A goal of the monthly report is to provide the customer with practical knowledge of their environment and to foster confidence in the solution provider's services. The solution provider's support team should make every effort to answer any potential questions before the review meeting with the customer. Being prepared for possible questions reinforces the value of the managed services solution and displays the dedication of the solution provider's support team.

10106946.1 - 94 - Atty Docket No.039650-10

[0365] Although documenting daily operations is crucial to month-end reporting, issue resolution should also be documented. By documenting issue resolutions, the solution provider helps customers understand and appreciate the problem management process, as well as the value provided by the expertise of the solution provider's support team. After thoroughly analyzing the customer's issues, the solution provider also provides recommendations, which take into account the customer's needs, requirements, and limitations.

[0366] While various embodiments in accordance with the present invention have been shown arid described, it is understood that the invention is not limited thereto. The present invention may be changed, modified and further applied by those skilled in the art. Therefore, this invention is not limited to the detail shown and described previously, but also includes all such changes and modifications.

10106946.1

Claims

- 95 - Atty Docket No. 039650-10WHAT IS CLAIMED IS:

1. A method for implementing a managed services solution by a third-party services provider, the method comprising: building an offering for a managed services offering; developing an operations process for the managed services offering; developing a marketing plan for the managed services offering; selling the managed services offering; building a process according to the managed services offering; and providing support according to the managed services offering.

2. The method according to claim 1, wherein building an offering for a managed services offering comprises: identifying business opportunities; creating a business plan; assessing an addition of the managed services offering; identifying the organizational impact of the addition of the managed services offering; and designing the business model architecture for the managed services offering.

3. The method according to claim 1, wherein developing an operations process for the managed services offering comprises: defining personnel requirements for operations support; creating managed services architecture designs; defining service level agreements and internal service policies; establishing scope of work standards; creating a cost analysis and return on investment template; creating internal support processes; creating call processes to support managed services customers; and designing a centralized customer data repository.

4. The method according to claim 1, wherein developing a marketing plan for the managed services offering comprises:

10W6946.1 - 96 - Atty Docket No. 039650-10

developing managed service offerings; understanding customer issues and communicating solutions; developing sales and marketing materials; and developing internal training.

5. The method according to claim 1, wherein selling the managed services offering comprises: targeting potential managed services customers; understanding managed services customization options; positioning comprehensive managed services solutions; and defining and customizing the scope of work.

6. The method according to claim 1, wherein building a process according to the managed services offering comprises developing a managed services transition plan; developing internal communication processes; and developing external communication processes.

7. The method according to claim 1, wherein providing support according to the managed services offering comprises: establishing managed services expectations; initiating managed services; and maintaining managed services.

8. A system for implementing a managed services solution by a third-party services provider, the system comprising: means for building an offering for a managed services offering; means for developing an operations process for the managed services offering; means for developing a marketing plan for the managed services offering; means for selling the managed services offering; means for building a process according to the managed services offering; and means for providing support according to the managed services offering.

40106946.1 - 97 - Atty Docket No. 039650-10

9. The system according to claim 1, wherein means for building an offering for a managed services offering comprises: means for identifying business opportunities; . . means for creating a business plan; means for assessing an addition of the managed services offering; means for identifying the organizational impact of the addition of the managed services offering; and means for designing the business model architecture for the managed services offering.

10. The system according to claim 1, wherein means for developing an operations process for the managed services offering comprises: means for defining personnel requirements for operations support; means for creating managed services architecture designs; means for defining service level agreements and internal service policies; means for establishing scope of work standards; means for creating a cost analysis and return on investment template; means for creating internal support processes; means for creating call processes to support managed services customers; and means for designing a centralized customer data repository.

11. The system according to claim 1, wherein means for developing a marketing plan for the managed services offering comprises: means for developing managed service offerings; means for understanding customer issues and communicating solutions; means for developing sales and marketing materials; and means for developing internal training.

12. The system according to claim 1, wherein means for selling the managed services offering comprises: means for targeting potential managed services customers; means for understanding managed services customization options; means for positioning comprehensive managed services solutions; and

10106946.1 - 98 - Atty Docket No. 039650-10

means for defining and customizing the scope of work.

13. The system according to claim 1, wherein means for building a process according to the managed services offering comprises means for developing a managed services transition plan; means for developing internal communication processes; and means for developing external communication processes.

14. The system according to claim 1, wherein means for providing support according to the managed services offering comprises: means for establishing managed services expectations; means for initiating managed services; and means for maintaining managed services.

10106946.1