About Aryaka Networks, Inc.

Aryaka delivers a fully managed, end-to-end Cloud-First WAN service for the cloud-first era. Aryaka’s technology integrates multi-cloud connectivity, application optimization, security, last-mile management, and visibility into an SLA-driven OPEX-only solution.

These Services Description and Terms apply to Customer’s use of Services and, where specified herein, certain third-party products. The Services are only as expressly described in these Services Description and Terms. Capitalized terms used in these Services Descriptions and Terms but not defined below have the meanings in the Aryaka Networks, Inc. Master Subscription Agreement (the “Agreement”). Aryaka has the right to update these Services Descriptions and Terms from time to time without notice. The most current version of the Services Descriptions and Terms is set forth at: www.aryaka.com/services-terms/.

A. Description of Aryaka SmartServices

The Aryaka SmartServices portfolio provides a Cloud-First WAN service that combines a global optimized private network, SD-WAN functionality, L3 VPN connectivity, Cloud Connectivity, WAN Optimization capabilities (including compression, Data Deduplication, Application Acceleration proxies), security with cloud-based management and visibility using the MyAryaka Cloud Portal. Security functionality provided by 3rd party Aryaka partners are managed via the respective 3rd party tools.

Portfolio: The Aryaka SmartServices portfolio consists of the following services (“SmartServices”):

  1. Aryaka SmartManage (“SmartManage”)
  2. Aryaka SmartConnect (“SmartConnect”)
  3. Aryaka SmartOptimize (“SmartOptimize”)
  4. Aryaka SmartCloud (“SmartCloud”)
  5. Aryaka SmartSecure (“SmartSecure”)
  6. Aryaka SmartInsights (“SmartInsights”)

Pricing Models: Aryaka SmartServices portfolio is available under two (2) pricing models:

  • Standard pricing model, including all SmartServices and related subscription pricing plans for Global deployment scenarios only;
  • Enterprise Flex pricing model additionally includes, besides Global deployment scenarios, Regional deployment scenarios, Elastic Subscription, and Bandwidth Pooling options, as described below.

Global deployment is used for enterprises operating in multiple regions, with traffic traversing the Aryaka core globally. Regional deployment is used for enterprises operating primarily in a single region, as defined by Aryaka, where traffic traversing the Aryaka core stays within the region.

1. SmartManage provides the foundational capabilities required to power the SmartServices platform for deployments at enterprise sites, such as branch offices, stores, service centers, and data centers.

  1. SmartManage-SiteLicense means the basic SmartManage service required to connect enterprise sites. SmartManage-SiteLicense comes in different tiers (Bring Your Own – “BYO”, Small, Medium, and Large). The SmartManage-SiteLicense service includes activating, orchestration, always-on monitoring, and 24×7 support by Aryaka’s Global Networking Operating Centers (NOCs). Optionally, ANAP hardware and shipment thereof are included. Aryaka’s ANAP is a hardware appliance that hosts Aryaka’s operating system and, of which some hardware models can host certified virtual machines (“VM”). The ANAP is included and is part of Aryaka SmartServices. The capacity and specification of the optional ANAP hardware included with the SmartManage-SiteLicense differs for each tier and are subject to change. The ANAP 1500 or equivalent is provided with the Small Tier; the ANAP 2600 or equivalent with the Medium Tier; the ANAP 3000 or equivalent with the Large Tier. Global and Regional pricing plans are available for each of the above SmartManage-SiteLicense tiers.
  2. SmartManage-ElasticSubscription-Multiplier means allowing for the on-demand incremental consumption (also called Elastic Subscription) of Aryaka SmartServices already purchased at any time, including but not limited to incremental bandwidth, additional sites, or any other SmartService. The charges related to Elastic Subscription are billed monthly in arrears, with the option to cancel the Elastic Subscription at any time.

Terms of Use of SmartManage Services:

  1. Aryaka reserves the right to match the ANAP device type with the Customer subscription and capabilities desired.
  2. Aryaka reserves the right to determine the POP for connecting a site to its network based on providing optimal service delivery.

2. SmartConnect provides the connectivity services, including first, middle, and last mile, to enterprise sites, such as branch offices, stores, service centers, and data centers. SmartConnect leverages Aryaka’s global private core to connect enterprise sites at high performance with a managed SLA. SmartConnect comes with the option to directly connect enterprise sites securely over the internet using Site-2-Site InternetVPN and/or MPLS, including service management. All SmartConnect services require a SmartManage-SiteLicense, as defined in section 1 above.

The Aryaka SmartConnect services consists of the following features:

  • InternetVPN
  • MPLS
  • Private Core Subscribed Bandwidth (“SBW”)
  • Inter-Region Multiplier
  • Bursting
  • High Availability (“HA”)
  • Last Mile Management
  • Last Mile Service
  1. SmartConnect-InternetVPN means the ability for two sites to communicate securely over the Internet using site-2-site VPN and Aryaka HybridWAN technology.
  2. SmartConnect-MPLS means the ability for a site-to-peer with a Customer Edge MPLS Router.
  3. SmartConnect-PrivateCore-SBW means the ability for enterprise sites to connect over Aryaka’s middle-mile private core. Pricing of subscribing to Aryaka’s SmartConnect-PrivateCore-SBW differs per region, as defined by Aryaka in Table 1 below. Enterprise sites are assigned to one specific Region (as defined below) based on the nearest proximity to one of the Aryaka POPs.
  4. Table 1: Aryaka SmartConnect-PrivateCore-SBW regions are defined as:

    Aryaka RegionsDifferent regions of the world
    UCMUSA, Canada, Mexico
    EUREurope (excluding Russia)
    INDIndia
    APJKAsia (excluding India, Mainland China)
    MLCHNMainland China
    SAFSouth-Africa
    SAMSouth America
    ISRIsrael
    DUBDubai
    AUSNZAustralia and New Zealand

    Customers can subscribe to bandwidth on the Aryaka middle-mile private core on a per-site per-Region basis. Subscribed bandwidth is abbreviated as SBW. Aryaka provides “Global” and “Regional” pricing plans for SmartConnect-PrivateCore-SBW. With a Global bandwidth subscription sites can connect from their respective Aryaka Region to any other Region. Regional bandwidth subscriptions allow sites to connect within their respective Aryaka Region only. Global and Regional pricing tiers are available for most Aryaka Regions.

  5. SmartConnect-InterRegion-Multiplier allows Regional Sites to communicate to sites in Regions other than the Region in which the site resides. Any traffic sent to or from a Regional Site to any site not located in the same region is InterRegion traffic. All InterRegion traffic is metered and billed at the end of the month based on the Inter Region-Multiplier on the Sales Order Form. Without the InterRegion-Multiplier enabled it is not possible for a Regional Site to send to and receive traffic from any site located outside of its region.
  6. SmartConnect-HighAvailability (HA) provides additional levels of redundancy for enterprise sites consuming SmartServices.
    • SmartConnect-ANAP-HA Redundancy is enabled at the ANAP device level for a site. Should the active ANAP fail as described in the SLA, the redundant ANAP will automatically become active and start routing traffic to the designated Aryaka POP. The redundant ANAP is included in this service. SmartConnect-ANAP-HA is available in different tiers: Small, Medium, and Large.
    • SmartConnect-POP-HA Redundancy enabled in case of POP failure and traffic is routed to a backup Aryaka POP. SmartConnect-POP-HA includes a redundant ANAP enabling the rerouting to another Aryaka POP in case of POP failure. SmartConnect-ANAP-HA is available in different tiers: Small, Medium, Large.
  7. Bursting-Multiplier allows Customers to exceed the purchased SmartConnect-PrivateCore-SBW by up to 50% of the SBW per site with an upper limit of 100 Mbps per site. All Bursting usage, exceeding the SBW, is calculated and billed at the end of the month based on the multiplier on the valid Order Form. The calculation for bursting usage is based on the 99th percentile of the consumed bandwidth. Customers will pay an additional usage fee, as set forth in the Order Form, for the extra bandwidth used.
  8. SmartConnect-LastMileManagement gives Customers 24×7 proactive Link Monitoring and management of Customer’s last-mile links that connect an Enterprise Site to Aryaka Services. Aryaka’s Support team proactively works with the Internet Service Providers of Customers to raise and resolve any issues on the Customer’s behalf. Last Mile Management is per last-mile link.
  9. SmartConnect-LastMileService allows a Customer to purchase first-mile and last-mile Internet circuits from Aryaka. SmartConnect-LastMileService always comes with SmartConnect-LastMileManagement. SmartConnect-LastMileService is always sold separately from all other SmartServices on a separately processed and signed sales Order Form.

Terms of Use for SmartConnect Enterprise Services:

  1. Customer’s purchase of the optimized bandwidth will be on a per region basis and can be allocated only among the sites in a particular Region as defined in Table 1 above.
  2. Site moves, bandwidth reallocation and add-on relocations are limited to no more than one (1) change per site in any given month.
  3. If Elastic-Multiplier is not included in the Order Form, Customers shall not exceed the purchased aggregate bandwidth, number of site licenses and/or service limits (“Increase”) as set forth in the Order Form. If such Increase does occur, Customer will be notified, in writing, and the Parties shall execute an amended Order Form.
  4. If Bursting-Multiplier is not included in the Order Form, Customers shall not exceed the purchased aggregate bandwidth as set forth in the Order Form.
  5. Any billing schedule based on the deployment dates shall be set forth in the Order Form.

3. SmartOptimize provides network and application optimization services, respectively Aryaka TurboNet (“TurboNet”) and Aryaka TurboApp (“TurboApp”), require a SmartManage-SiteLicense and SmartConnect-PrivateCore-SBW license.

  1. SmartOptimize- TurboNet is a set of network optimization protocols, including Aryaka’s multi-segment TCP Optimization and LinkAssure as defined below. TCP Optimization improves Quality of Experience (“QoE”) for all applications using TCP, including but not limited to the Internet, file sharing, and streaming applications. LinkAssure mitigates packet loss by various techniques such as link aggregation, load balancing, path selection, and error correction algorithms.
  2. SmartOptimize-TurboApp consists of WAN Optimization protocols and application acceleration proxies. WAN Optimization includes Aryaka’s patented byte-level data deduplication (byte-caching) algorithm, termed Advanced Redundancy Removal (“ARR”). ARR is a unique unanchored technique that is designed to compress and accelerate WAN traffic and improve network throughput. Aryaka’s application proxies such as CIFS, SSL significantly enhance the performance of WAN-intolerant applications by intercepting the connections securely and shortening the feedback loop. SmartOptimize-TurboApp is available in different tiers: Small, Medium, and Large. Global and Regional pricing plans are available for SmartOptimize-TurboApp.

Terms of Use for SmartOptimize:

  1. Optimization and application compression vary by application behavior and deployment scenario.
  2. If ANAP is not deployed, some of the features included in SmartOptimize-TurboApp will not be available.

4. SmartCloud enable multi-cloud networking delivered as-a-service. SmartCloud leverages Aryaka’s global private core to connect enterprise sites to SaaS and IaaS.

  1. SmartCloud-Azure-VWAN This service allows Customers to connect to the Azure VWAN Hub from Aryaka’s endpoint (ANAP) over the Internet. Aryaka manages connectivity to Azure VWAN Hub. SmartCloud-Azure-VWAN requires a SmartManage-SiteLicense.
  2. SmartCloud-SaaS-APP-License is a site license required to connect a SaaS application to Aryaka’s global private core (i.e., Office365, 8×8, SFDC).
  3. SmartCloud-IaaS-License is a site license required to connect an IaaS site (i.e., AWS, Azure, GCP, Alibaba, Equinix ECX) to Aryaka’s global private core.
  4. SmartCloud-PrivateCore-SBW provides the ability for IaaS and SaaS sites to connect over Aryaka’s middle-mile private core. SmartCloud-PrivateCore-SBW always requires at least one or more of SmartCloud-SaaS-App-License and/or SmartCloud-IaaS-License. Pricing of subscribing to Aryaka’s core for these services differs per Region, as defined below by Aryaka. Hosted locations for IaaS and SaaS are assigned to one specific Region, as defined in the Table 2 below.
  5. Table 2: Aryaka’s SmartCloud Regions are as defined below:

    Aryaka RegionsIncluded POPs
    Mainland ChinaBeijing, Shanghai
    Rest of WorldEvery other region excluding Mainland China

    Terms of Use for SmartCloud:

    1. Pricing for subscription to Aryaka’s core for these SmartCloud Services differs per region, as defined by Aryaka.
    2. Hosted locations for IaaS and SaaS are assigned to one specific region.

    5. SmartSecure includes all security capabilities offered on the Aryaka platform, including native security capabilities on the ANAP and certain management functions with respect to select third-party firewall services.

    1. SmartSecure-EdgeEssentials service includes native security capabilities offered on the ANAP, including a stateful firewall (L3/L4), zones, and micro-segmentation. The stateful firewall delivers north-south access protection. Zones provide site-segmentation to secure east-west branch traffic. Micro-segmentation enforces end-to-end network isolation between different network segments. SmartSecure-EdgeEssentials is available in different tiers: Small, Medium, and Large.

      Terms of Use for SmartSecure-EdgeEssentials:

      i) Tiering of SmartSecure-EdgeEssentials (Small, Medium, Large) is mapped to the SmartConnect Site license sizing.

    2. SmartSecure-CloudSecurity-Connector service allows Customers to connect to select third-party Cloud Secure Internet Gateway solutions licensed by the Customer from its third-party provided (not by or through Aryaka) (such as Zscaler, Palo Alto Prisma, Check Point CloudGuard connect, Symantec) from an ANAP over the Internet. Aryaka monitors and manages connectivity to the respective Cloud Security providers.
    3. Terms of Use for SmartSecure-CloudSecurity-Connector:

      1. Procurement of Secure Internet Gateway licensing is not included as part of the offering.
    4. SmartSecure-Hosted-VM-Firewall-Service provides the ability to host select third party virtual firewalls licensed by Customer from its third-party provider (not by or through Aryaka) (a “Customer-Owned Firewall”) on an ANAP. In addition to hosting capability, Aryaka provides VM life cycle management consisting of initial provisioning, start, stop and deletion of the Firewall virtual machine as part of this offering. Security policy and configuration management of Firewalls, monitoring of threat events, and procurement of the third-party firewall license are outside the scope of the SmartSecure Hosted-VM-Firewall-Service and are the sole responsibility of the Customer. The SmartSecure-Hosted-VM-Firewall-Service is available in different tiers: Compact and Standard.
    5. Terms of Use for SmartSecure-Hosted-VM-Firewall-Service:

      1. Hosting capabilities of the SmartSecure Hosted VM Firewall Service and the provision of the SmartSecure Hosted VM Firewall Service are limited to third party next-generation Firewall vendor solutions and form factors that are approved and qualified by Aryaka (“Approved Hosted Firewalls”). Currently, Approved Hosted Firewalls are the following:
      2. Approved Hosted Firewalls – Compact: Palo Alto Networks VM-50 and Check Point CloudGuard Edge (1 vCPU form factors).

        Approved Hosted Firewalls – Standard: Palo Alto Networks VM-100 and Check Point CloudGuard Edge (2 vCPU form factors).

      3. In order to receive the SmartSecure-Hosted VM Firewall Service, Customer must first acquire appropriate license rights with respect to the Customer-Owned Firewall sufficient to allow Aryaka to host the Customer-Owned Firewall and to access the Customer-Owned Firewall as necessary in connection with its provision of the SmartSecure-Hosted VM Firewall Service (for example, during set-up to ensure traffic flows are acceptable and interface settings are correct) and provide proof to Aryaka of such license rights. Customer must always thereafter maintain such license rights in effect while receiving the SmartSecure-Hosted VM Firewall Service. Customer represents and warrants to Aryaka that Customer has obtained and will maintain such license rights, and Customer agrees to indemnify and hold harmless (without application of any exclusions of damages or exclusions or limitations of liability in the Agreement), and at Aryaka’s request defend, Aryaka and its affiliates, successors and assigns (and its and their officers, directors and employees) from and against any and all claims, losses, liabilities, damages, settlements, expenses and costs (including, without limitation, attorneys’ fees and court costs) which arise out of or relate to Customer’s failure to have obtained and maintained such license rights. Customer hereby grants to Aryaka and its affiliates the right and license to host the Customer-Owned Firewall and to access the Customer-Owned Firewall in connection with Aryaka’s provision of the SmartSecure-Hosted VM Firewall Service to Customer.
      4. CUSTOMER ACKNOWLEDGES AND AGREES THAT CUSTOMER-OWNED FIREWALLS ARE NOT AN ARYAKA SERVICE OR PRODUCT AND THAT ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO CUSTOMER-OWNED FIREWALLS.
    6. SmartSecure-Managed-Firewall-Service is comprised of the operations management described below by Aryaka of select third- party firewalls licensed by Customer from its third party provider (not by or through Aryaka) (a “Customer-Owned Firewall”) hosted on an ANAP or physical firewall appliances. This service is compromised of the following functions with respect to the Customer-Owned Firewall: (i) configuration and change management, (ii) firewall and network access policy rules as determined and approved by the Customer, (iii) software patching, (iv) 24×7 support, and (v) firewall device health monitoring. This service excludes (x) security policy design, formulation, Firewall configuration migration services, managed Security Operation Center (“SOC”) services, and (y) procurement of the Customer Owned Firewall, each of which is the sole responsibility of the Customer.
    7. Terms of Use for SmartSecure-Managed-Firewall Service:

      1. The provision of the SmartSecure Managed Firewall Service is limited to third party next-generation Firewall vendor solutions and form factors that are approved and qualified by Aryaka (“Approved Managed Firewalls”). Currently, Approved Managed Firewalls are the following:
      2. Palo Alto Networks
        -Compact Firewall: Palo Alto 200 series, 500 series, VM-50
        -Standard Firewall: Palo Alto 800 series, VM-100
        -Full Size Firewall: Palo Alto 3000 series

        Check Point
        -Compact Firewall: CloudGuard Edge 1 vCPU
        -Standard Firewall: CloudGuard Edge 2 vCPU, SMB 1530, and SMB 1550
        -Full Size Firewall: SMB1570, SMB1590

      3. Full Size Managed Firewall is restricted to physical Firewall appliances only.
      4. Security policy design and formulation and managed SOC (Security Operation Center) are not part of the scope of the SmartSecure Managed Firewall Service offering, and Customer is solely responsible for these functions.
      5. Security posture is determined solely by Customer, and Aryaka will only be acting as the implementor of Customer’s security policies under direction and authorization by Customer is solely responsible for its security policies.
      6. Day 0 Firewall policy formulation or configuration migration from a third-party Firewall is not part of the scope of SmartSecure Managed Firewall Service
      7. In order to receive SmartSecure-Managed-Firewall Services, Customer must first acquire appropriate license rights with respect to the Customer-Owned Firewall sufficient to allow Aryaka to access, manage and otherwise perform SmartSecure-Managed-Firewall-Services with respect to the Customer-Owned Firewall on behalf of the Customer and provide proof to Aryaka of such license rights. Customer must always thereafter maintain such license rights in effect while receiving the SmartSecure-Managed-Firewall Services. Customer represents and warrants to Aryaka that Customer has obtained and will maintain such license rights, and Customer agrees to indemnify and hold harmless (without application of any exclusions of damages or exclusions or limitations of liability in the Agreement), and at Aryaka’s request defend, Aryaka and its affiliates, successors and assigns (and its and their officers, directors and employees) from and against any and all claims, losses, liabilities, damages, settlements, expenses and costs (including, without limitation, attorneys’ fees and court costs) which arise out of or relate to Customer’s failure to have obtained and maintained such license rights. Customer hereby grants to Aryaka and its affiliates the right and license to access, manage and otherwise perform SmartSecure-Managed-Firewall-Services with respect to the Customer-Owned Firewall on behalf of the Customer in connection with the provision of SmartSecure-Managed-Firewall Services.
      8. CUSTOMER ACKNOWLEDGES AND AGREES THAT CUSTOMER-OWNED FIREWALLS ARE NOT AN ARYAKA SERVICE OR PRODUCT AND THAT ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO CUSTOMER-OWNED FIREWALLS.
      9. SmartSecure-Check Point-Managed-Firewall-Service is comprised of the same scope of service as provided for the SmartSecure-Managed-Firewall Service (Section 5.d. above) and further includes a subscription license to Customer for the firewall product(s) offered by Check Point Software Technologies Ltd. (“Check Point”) and set forth on the applicable Order Form (“Check Point Products”).
      10. Terms of Use for SmartSecure-Check Point Managed Firewall Service:

        1. Check Point Products are provisioned through Aryaka solely for use in connection with the SmartSecure-Check Point Managed Firewall Services and are licensed by Check Point to the Customer pursuant to the Check Point End-User License Agreement located at:
          https://www.checkpoint.com/support-services/software-license-agreement-limited-hardware-warranty/ (as may be updated from time to time), as provided by Check Point or which accompany the Check Point Products (“Check Point EULA”). By ordering the Check Point Products pursuant to an Order Form, Customer acknowledges that its use of the Check Point Products is subject to the Check Point EULA. Customer further authorizes Aryaka, acting as agent for Customer, to accept the Check Point EULA on behalf of Customer as part of the installation process of the Check Point Products. Customer’s license and use of Check Point Products and Check Point’s use of personal information that it collects or generates both in relation to the Check Point website (www.checkpoint.com) and Check Point Products are subject to the terms of Check Point’s Privacy Policy located at https://www.checkpoint.com/privacy/ (as may be updated from time to time). Customer consents to the use of such personal information in accordance with Check Point Privacy Policy.
          Customer further acknowledges and agrees:
        2. Any software contained in the Check Point Products is licensed in object code form only. Customer agrees: (a) not to reverse engineer, decompile or disassemble Check Point Products; (b) not to remove any identification or proprietary notices from Check Point Products; (c) except for back-up copies, not to copy Check Point Products or develop any derivative works thereof; (d) not to develop any other products based on Check Point’s intellectual property contained in any Check Point Products; and (e) not to develop methods to enable unauthorized parties to use Check Point Products.
        3. Check Point, and its licensors, own and shall retain all right (except those expressly and unambiguously licensed in the Check Point EULA), title and interest in and to the Check Point Products, including all hardware and software incorporated therein, as well as any accompanying documentation, including but not limited to, all intellectual property rights embodied therein.
        4. EXCEPT FOR ANY PRODUCT WARRANTY MADE BY CHECK POINT DIRECTLY TO CUSTOMER PURSUANT TO THE CHECK POINT EULA, CHECK POINT MAKES NO WARRANTIES WITH RESPECT TO ANY PRODUCT, LICENSE OR SERVICE AND DISCLAIMS ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTIES OF NONINFRINGEMENT. CHECK POINT DOES NOT WARRANT THAT THE CHECK POINT PRODUCT(S) WILL MEET ANY REQUIREMENTS OR THAT THE OPERATION OF CHECK POINT PRODUCTS WILL BE UNINTERRUPTED OR ERROR FREE. ARYAKA MAKES NO WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE CHECK POINT PRODUCTS AND EXPRESSLY DISCLAIMS ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING AS SET FORTH ABOVE.
        5. EXCEPT TO THE EXTENT EXPRESSLY SET FORTH IN THE CHECK POINT EULA, CHECK POINT WILL HAVE NO LIABILITY ASSOCIATED WITH THE CHECK POINT PRODUCTS. CHECK POINT PRODUCTS ARE NOT AN ARYAKA SERVICE OR PRODUCT AND ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO CHECK POINT PRODUCTS.
        6. By subscribing to the SmartSecure Check Point Managed Firewall service, Customer is agreeing to a ‘non-cancellable’ Check Point subscription for the applicable Check Point Products valid for the duration specified in the Order Form.
        7. Security posture is determined solely by Customer, and Aryaka will be only acting as the implementor of Customer’s security policies under direction and authorization by Customer. Customer is solely responsible for its security policies.
        8. Check Point Products available in connection with the SmartSecure Check Point Managed Firewall belong to (1) NGTP – Next Gen Threat prevention or (2) NGTX – Next Gen Threat Prevention and Sandboxing subscription categories, based on user selection, as such products are described by Check Point in its Product Datasheet.
        9. Customer will have access rights to the Check Point Products provisioned in connection with the SmartSecure Check Point Managed Firewall service only when the Aryaka Managed Firewall Service on Check Point is active. Customer’s subscription and license to the Check Point Products will not be valid after discontinuation of SmartSecure-Check Point-Managed-Firewall-Services from Aryaka.
      11. SmartSecure-HighAvailability provides additional levels of redundancy for Enterprise Sites with a hosted and, optionally, a Managed Firewall Service. SmartSecure-HighAvailability, in all cases, requires SmartConnect-ANAP-HA and/or a SmartConnect-POP-HA.
        • SmartSecure-HostedVM-FW-HA: provides the ability to enable firewall redundancy at the virtual machine (“VM”) level by hosting a redundant firewall on a redundant ANAP. Should the active hosted firewall fail, the redundant firewall on the redundant ANAP will automatically become the active firewall. The SmartSecure-HostedVM-FW is available in different tiers: Compact and Standard.
        • SmartSecure-FirewallManage-HA: provides SmartSecure-FirewallManage for a redundant firewall (hosted on an ANAP or a firewall appliance). SmartSecure-FirewallManage is available in different tiers: Compact, Standard, and Fullsize.
        • SmartSecure-Check Point-Managed-Firewall-Services-HA: this service is the same s the SmartSecure-FirewallManage-HA , while including the subscription to a Check Point Product on and subject to the same Terms of Use set forth above with respect to the Check Point Managed Firewall Service.

        Terms of Use for SmartSecure-HighAvailability Offerings for Managed Firewall Service and Check Point Managed Firewall Service:

        1. Definition of Compact, Standard and Full-Size Firewall is based on the definitions under SmartSecure Hosted VM Firewall Service and Managed Firewall Service.
        2. SmartSecure-HighAvailability offerings will be an optional add-on on top of SmartSecure services defined in Section 5(c), 5(d) and 5(e), and subject to the terms and conditions and Terms of Use of the above respective sections.
        3. SmartSecure-Check Point-Managed-Firewall-Services-HA is subject to the same terms and conditions and Terms of Use, as in section 5(e) for SmartSecure-Check Point-Managed-Firewall-Services.
        4. SmartSecure-HighAvailability requires SmartConnect-ANAP-HA service.
        5. SmartSecure-VPN-Accelerate (formerly known as Secure Remote Access) allows enterprises that already own a virtual private network (VPN) solution to optimize global performance and user experience by leveraging the Aryaka global private core as a VPN “onramp”.
          • SmartSecure-VPN-Accelerate-Concentrator-License privately connects a specific VPN concentrator procured by Customer from its third-party provider (not by or through Aryaka) on the Customer premise to Aryaka’s global private core (the origin POP). Per VPN concentrator license, a maximum of eight (8) entry-points (the edge POP) are enabled on the Aryaka Private Core.
          • SmartSecure-VPN-Accelerate-SBW-Worldwide provides a single worldwide bandwidth pool to connect remote and mobile users to the Customer’s VPN concentrator using Aryaka’s middle-mile private core.
        6. SmartSecure Private Access is a managed VPN as a Service offering from Aryaka that provides the Customer with VPN gateway infrastructure for enabling remote user access to Customer’s Private network over Aryaka Private Core. SmartSecure Private Access is delivered as a Managed Service comprised of the following:
        • Access to globally distributed and redundant VPN gateways g(referred to as Private Access Nodes) deployed on Aryaka POPs as a cloud service.
        • Private Access VPN client application (referred to as Private Access Client) provided to the Customer by Aryaka (which will need to be deployed by the Customer on their user devices such as PCs, laptops, mobile phones, etc.).
        • 24 X 7 health monitoring of Private Access Nodes and technical support for the Private Access solution.
        • Configuration and policy management for Private Access Nodes.
        • Incident management of Private Access Nodes.
        • Integration into Aryaka SmartConnect and SmartCloud Services (subject to the Customer’s subscription to the SmartConnect and SmartCloud Services).

        The SmartSecure Private Access Service does not include any of the following functions, which shall be the Customer’s responsibility:

        1. Distribution and installation of Private Access Clients.
        2. Ensuring no conflicting VPN apps/agents are running on the end-user device that is running the Aryaka Private Access Client, as that may result in interoperability or connectivity issues outside the scope of Aryaka support.
        3. Level 1 troubleshooting and support for corporate users of Customer based on the documentation and guidance provided by Aryaka to Customer.

        Terms of Use for SmartSecure Private Access:

        1. SmartSecure Private Access is licensed based on a ‘per user’ licensing. A user is identified by a unique identity/userid as captured in the Customer’s authentication server or identity provider (such as Microsoft Active Directory, LDAP server, etc.) connecting to the Service during each month.
        2. SmartSecure Private Access license packaging is available as different tiers based on the size of the user block for which Customer commits. Per user pricing and the number of SmartSecure Private Access Nodes the Customer users can connect to depends on the committed user count elected by the Customer in the Sales Order Form.
        3. PackageNo. of UsersNo. of SmartSecure
          Private Access Nodes
          (POPs) by default
          Tier-1 Volume50-4992
          Tier-2 Volume500-9993
          Tier-3 Volume1000-49994
          Tier-4 Volume5000-100005
          Tier-5 Volume>100006
        4. Customer will be billed based on number of unique users connecting to the Service during the month.
        5. Upon activation of the SmartSecure Private Access Service, all user licenses purchased by the Customer will be billed from the date of activation of the Service.
        6. At the end of the month, if the number of unique users connected to the SmartSecure Private Access Service has exceeded the committed user count, then the additional usage will be invoiced in arrears. Excess users will be billed based on the per user pricing as agreed upon in the Sales Order Form.
        7. Customer can opt in for an additional number of SmartSecure Private Access Node at an incremental monthly recurring charge any time during the contract period.
        8. Aryaka reserves the right to choose the location of SmartSecure Private Access Nodes that will be reserved for the Customer users to connect to the Service, while reasonable efforts will be undertaken by Aryaka to provide the optimal connectivity and experience to end users subject to resource availability with respect to infrastructure and compliance needs.
        9. SmartSecure Private Access is not currently available from Ayaka’s Mainland China POPs, and Customer is not currently entitled to connect to SmartSecure Private Access Nodes in Mainland China. Customer will need to separately purchase a Mainland China specific offering of SmartSecure Private Access, if and when made available as a commercial offering, to connect to SmartSecure Private Access Nodes in Mainland China.
        10. Aryaka reserves the right to throttle the bandwidth usage for any remote user if an abusive pattern of consumption is observed on a consistent basis that is materially beyond the normal consumption pattern.
        11. Aryaka reserves the right to decide what capabilities will be added, modified or removed from the list of supported capabilities and that will be reflected on the product documentation made available to Customers.
        12. SmartSecure Private Access offering is powered by the remote access technology and VPN client offering from NCP engineering, Inc. (“NCP”). By installing the SmartSecure Private Access Client (powered by NCP), end users are agreeing to the license agreement with NCP as specified below: NCP_License_Terms_Client_EN.pdf

        6. SmartInsights Service is delivered via the MyAryaka Cloud Portal providing visibility into the WAN health, performance, utilization, and entitlements. The MyAryaka Cloud Portal provides self-servicing options for Service changes and configuration requests and tracking of support tickets.

        B. Description of Aryaka SmartCDN (IADS)

        In addition to the aforementioned portfolio of SmartServices, Aryaka separately provides an Aryaka SmartCDN Service.

        Aryaka SmartCDN provides IP Application Delivery-as-a-Service (“IADS”) as a usage-based service. IADS is used for accelerating any web or IP-based public applications, such as web servers and VDI farms, over Aryaka’s global network using capabilities, such as TCP optimization, caching, and compression with cloud-based management and visibility, when using the MyAryaka Cloud Portal.

        Terms of Use for Aryaka SmartCDN Services (IADS):

        1. Aryaka reserves the right to choose the edge POPs and Origin POPs to deliver the Services on its global network.
        2. Aryaka reserves the right to limit the maximum data transfer rates achieved over the Aryaka network based on the aggregate commits purchased.

        C. Service Usage Calculations

        With a few exceptions, for most of the above Services, the service usage calculation for billing purposes is based on the committed subscribed quantity, as stated on the Order Form.

        This section details the service usage calculation methods for usage-based Services where billing is based on actual usage, and not solely on the committed subscribed quantity.

        1. Service usage calculation for Elastic Subscriptions

        Elastic Subscriptions for all Aryaka Services are allowed when the SmartManage-ElasticSubscription-Multiplier option is present on the Order Form and has been elected by the Customer. Any actual provisioned quantity of a Service exceeding the subscribed quantity for the Service is defined as oversubscription usage. The unit price for each unit of oversubscription usage is calculated as the product of the SmartManage-ElasticSubscription-Multiplier and the unit price for the Service, each as set forth in the Order Form.

        2. Service usage calculation for InterRegion Traffic

        InterRegion traffic for SmartConnect-PrivateCore-SBW with regional pricing is allowed when the SmartConnect-InterRegion-Multiplier option is present on the Order Form and has been elected by the Customer. InterRegion traffic for a Regional Site is the max of the 99th percentile of the traffic sent to or received from the Regional Site to all other sites that are not in the same Region. InterRegion traffic for a Region is the sum of the InterRegion traffic for all the Regional Sites in that Region. The unit price for InterRegion traffic is calculated as the product of the SmartConnect-InterRegion-Multiplier and the unit price, per the Regional pricing tier, for the Aryaka SmartConnect-PrivateCore-SBW Service, each as set forth in the Order Form.

        3. Service usage calculation for Bursting

        Bursting for SmartConnect-PrivateCore-SBW is allowed when the SmartConnect-Bursting-Multiplier option is present on the Order Form and has been elected by the Customer. Bursting is the actual bandwidth usage above the subscribed bandwidth for SmartConnect-PrivateCore-SBW as set forth in the Order Form. Bandwidth Usage for a site is the max of the 99th percentile for the traffic sent or received over Aryaka’s private core. For Regional sites, InterRegion traffic is not accounted for in the Bandwidth Usage. For the Enterprise Flex pricing model, Bursting is calculated for each Region by subtracting the aggregate subscribed bandwidth from the aggregate bandwidth usage for all the sites in that Region. For the Standard pricing model, Bursting is calculated for each site by subtracting the subscribed bandwidth from the bandwidth Usage. The unit price for Bursting is calculated as the productof the SmartConnect-Bursting-Multiplier and the unit price for the Aryaka SmartConnect-PrivateCore-SBW Service, each as set forth in the Order Form.

        Note: For all the above usage-based services, in the case of multiple Order Forms, the unit price and multiplier are determined by the latest Order Form.