About Aryaka Networks, Inc.

Aryaka delivers a fully managed, end-to-end global SD-WAN service for the cloud- first era. Aryaka’s technology integrates multi-cloud connectivity, application optimization, security, last mile management, and visibility into an SLA-driven OPEX (Operating Expenses) -only solution.

These Services Description and Terms apply to Customer’s use of Services and, where specified herein, certain third-party products. The Services are only as expressly described in these Services Description and Terms. Capitalized terms used in these Services Descriptions and Terms but not defined below have the meanings in the Aryaka Networks, Inc. Master Subscription Agreement (the “Agreement”). Aryaka has the right to update these Services Descriptions and Terms from time to time without notice.

Definitions

“Activate” (“Activated” and “Activation” as grammatically appropriate) shall mean Aryaka has completed the connectivity of the Services and the Services are ready for use by the Customer regardless of whether Customer is actually utilizing the Services.

“ANAP” means the Aryaka Network Access Point (ANAP), a device that provides bandwidth optimization, SD-WAN capabilities, visibility for monitoring and application acceleration over a WAN Link  that is connected to an Aryaka Network Point of Presence (AN POP or Aryaka POP).

“Bursting” allows Customer to use bandwidth greater than the Activated bandwidth capacity.

“CPU” means Central Processing Unit.

“CSX” means Cloud Services Extension, where Aryaka leverages ISP’s backbone or fabric to extend to other regions, both locally and remotely.

“Customer” means the organization that has entered into an Agreement under which it has purchased and deployed Services.

“Enterprise LMC Services” shall include: Dedicated Internet Access (DIA), Ethernet Virtual Private Line (EVPL or P2P).

“IaaS” means Infrastructure as a Service.

“Internet Service Provider” (“ISP”) means any third-party carrier proving a Link to a Customer site.

“IT” means Information Technology-based

“L2 Private Core” or “Private Core” (without “L2” prefix) means Layer-2 based network within Aryaka’s Global Private network.

“L3 Private Core” means Layer-3 based network within Aryaka’s Global Private network.

“Last Mile Circuit” (“LMC”) means the physical Link (wired or wireless) that is used to connect Customer’s premise to the closest Aryaka POP.

“Link” means the pair of sites connected using the Services.

“Optimized Capacity” means subscribed bandwidth for all the sites per region.

“Order Form” means the ordering document for purchases hereunder, including addenda thereto, that are entered into between the Parties from time to time.

“Oversubscription” means a Customer has a temporary need to go beyond its subscription units as set forth in the Order Form. Units may be bandwidth, sites, Last Mile Management, and/or High Availability ANAPs.

“POP” means point of presence.

“ROW” means rest of the world.

“SaaS” means Software as a Service.

“SD-WAN” means software-defined wide area network.

“Services” means all services provided by Aryaka and any and all Aryaka downloaded materials (including but not limited to Java Applets, soft-ANAP, and browser/User Interface components), user guides, code, user interface passwords, accessories and other documents, that are purchased by Customer or its’ Affiliates under a fully executed Order Form, including associated offline components as may be further described in an Order Form or as set forth herein. Third-party products provided or made available in connection with Services may be subject to third-party terms or other additional terms as set forth herein, and as referenced in the Order Form.

“SKU” means Stock Keeping Unit.

“Small & Medium Business (“SMB”) LMC Services” shall include: Broadband, DSL, any wireless service and any future LMC Link technology not explicitly included in “Enterprise” Services.

“Strategic Network Optimization” means Aryaka initiated strategic resourcing activities of links, which Aryaka, at its sole discretion, deems appropriate to support ongoing performance, responsiveness and quality consistent with the SLA provided to the Customer. When appropriate, links are replaced to minimize the need for mitigation. In the event the Customer refuses a recommended Strategic Network Optimization event, the remaining Link shall no longer qualify for credits under Aryaka’s SLA.

“uCPE” means Universal Customer Premise Equipment, a software appliance virtualized for Linux/KVM systems to run on Intel x86 hardware. “Aryaka Network” means Aryaka’s geographically distributed network of proprietary servers and software.

“vANAP” means Virtual ANAP, a virtualized software that runs on compute instances of public cloud providers such as Amazon Web Services (“AWS”).

“VPN” means Virtual Private Network.

Description of Aryaka SmartServices

The description for Aryaka’s Services is as set forth below:

Aryaka SmartServices: The Aryaka SmartServices portfolio provides a cloud-first SD-WAN service that combines a global optimized Layer 2 (“L2”) Private Core, Layer 3 (“L3”) Private Core, SD-WAN functionality, L3 VPN connectivity, Cloud Connectivity, WAN Optimization capabilities (including compression, Data Deduplication, Application Acceleration proxies) with cloud-based management, security and visibility using the MyAryaka portal.

The Aryaka SmartServices portfolio consists of the following services (“SmartServices”):

  1. Aryaka SmartManage (“SmartManage”)
  2. Aryaka SmartConnect (“SmartConnect”)
  3. Aryaka SmartOptimize (“SmartOptimize”)
  4. Aryaka SmartCloud (“SmartCloud”)
  5. Aryaka SmartSecure (“SmartSecure”)
  6. Aryaka SmartInsights (“SmartInsights”)

Aryaka SmartServices portfolio is available under two pricing models:

  • Standard pricing model, including all SmartServices and related subscription pricing plans for Global deployment scenarios only;
  • Enterprise Flex pricing model additionally includes, besides Global deployment scenarios, regional deployment scenarios, Elastic Subscription, and Bandwidth Pooling options, as described

Global deployment is used for enterprises operating in multiple regions, with traffic traversing the Aryaka core globally. Regional deployment is used for enterprises operating primarily in a single region, as defined by Aryaka, where traffic traversing the Aryaka core stays within the region.

  1. SmartManage provides the foundational capabilities required to power the SmartServices platform for deployments at enterprise sites, such as branch offices, stores, service centers, and data
    1. SmartManage-SiteLicense means the basic SmartManage service required to connect enterprise sites. SmartManage-SiteLicense comes in different tiers (Bring Your Own – “BYO”, Small (“S”), Medium (“M”), Large (“L”) and X-Large (“XL”)). The SmartManage-SiteLicense service includes activating, orchestration, always-on monitoring, and 24×7 support by Aryaka’s Global network operations centers (NOC). Optionally, ANAP hardware and shipment thereof are Aryaka’s ANAP is a hardware appliance that hosts Aryaka’s operating system and, of which some hardware models can host certified virtual machines (“VM”). The ANAP is included and is part of Aryaka SmartServices. The capacity and specification of the optional ANAP hardware included with the SmartManage-SiteLicense differs for each tier and are subject to change. The ANAP 1500 or equivalent is provided with the Small Tier; the ANAP 2600 or equivalent with the Medium Tier; the ANAP 3000 or equivalent with the Large Tier. Global  and Regional pricing plans are available for each of the above SmartManage- SiteLicense tiers. SmartManage site licenses such as S,M,L or XL can also be applied for uCPE where the hardware(x86 platform), OS (Linux) and hypervisor (KVM) are provided by the Customer and Aryaka provides the virtualized ANAP software.
    2. Virtual ANAP that runs on public cloud providers has its SmartManage S,M,L and XL SKUs. These come with specific hardware resource requirements such as number of CPU cores, memory and storage required to run the Aryaka-provided virtualized software.
    3. SmartManage-ElasticSubscription-Multiplier means allowing for the on-demand incremental consumption (also called Elastic Subscription) of Aryaka SmartServices already purchased at any time, including but not limited to incremental bandwidth, additional sites, or any other SmartService. The charges related to Elastic Subscription are billed monthly in arrears, with the option to cancel the Elastic Subscription at any

Terms of use of SmartManage Services:

  • Aryaka reserves the right to match the ANAP device type with the Customer subscription and capabilities
  • Aryaka reserves the right to determine the POP for connecting a site to its network based on providing optimal service
  • SmartManage can be purchased through Standard pricing model or Enterprise Flex pricing model.

2. SmartConnect Global/Regional Services provide the connectivity services, including first, middle, and last mile, to enterprise sites, such as branch offices, stores, service centers, and data SmartConnect Global/Regional Services leverage Aryaka’s global L2 Private Core to connect enterprise sites at high performance with a managed SLA. SmartConnect Global/Regional Services come with the option to directly connect enterprise sites securely over the internet using Site-2-Site InternetVPN and/or MPLS, including service management. All SmartConnect Global/Regional Services require a SmartManage-SiteLicense, as defined in section 1 above.

The Aryaka SmartConnect Global/Regional Services consists of the following features:

  • InternetVPN
  • MPLS
  • L2 Private Core Subscribed Bandwidth (“SBW”)
  • Inter-Region Multiplier
  • Bursting
  • High Availability (“HA”)
  • Last Mile Management
  • Last Mile Service
  1. SmartConnect-InternetVPN means the ability for two sites to communicate securely over the Internet using site-2-site VPN and Aryaka HybridWAN technology.
  2. SmartConnect-MPLS means the ability for a site-to-peer with a Customer Edge MPLS Router.
  3. SmartConnect-L2PrivateCore-SBW means the ability for enterprise sites to connect over Aryaka’s middle-mile L2 Private Core. Pricing of subscribing to Aryaka’s SmartConnect-L2PrivateCore-SBW differs per region, as defined by Aryaka in Table 1 below. Enterprise sites are assigned to one specific Region (as defined below) based on the nearest proximity to one of the Aryaka POPs.

Table 1: Aryaka SmartConnect-L2PrivateCore-SBW regions are defined as:

Aryaka Regions Different regions of the world
UCM USA, Canada, Mexico
EUR Europe (excluding Russia)
IND India
APJK Asia (excluding India, Mainland China)
MLCHN Mainland China
SAF South-Africa
SAM South America
ISR Israel
DUB Dubai
AUSNZ Australia and New Zealand

Customers can subscribe to bandwidth on the Aryaka middle-mile L2 Private Core on a per-site per-Region basis. Subscribed bandwidth is abbreviated as SBW. Aryaka provides “Global” and “Regional” pricing plans for SmartConnect-L2PrivateCore-SBW. With a Global bandwidth subscription, sites can connect from their respective Aryaka Region to any other Region. Regional bandwidth subscriptions allow sites to connect within their respective Aryaka Region only. Global and Regional pricing tiers are available for most Aryaka Regions.

  1. SmartConnect-InterRegion-Multiplier allows Regional Sites to communicate to sites in Regions other than the Region in which the site resides. Any traffic sent to or from a Regional Site to any site not located in the same Region is InterRegion All InterRegion traffic is metered and billed at the end of the month based on the Inter Region-Multiplier on the Sales Order Form. Without the InterRegion- Multiplier enabled it is not possible for a Regional Site to send to and receive traffic from any site located outside of its region.
  2. SmartConnect-HighAvailability (HA) provides additional levels of redundancy for enterprise sites consuming
    • SmartConnect-ANAP-HA Redundancy is enabled at the ANAP device level for a site. Should the active ANAP fail as described in the SLA, the redundant ANAP will automatically become active and start routing traffic to the designated Aryaka POP. The redundant ANAP is included in this service. SmartConnect- ANAP-HA is available in different tiers: Small, Medium, and
    • SmartConnect-POP-HA Redundancy enabled in case of POP failure and traffic is routed to a backup Aryaka POP. SmartConnect-POP-HA includes a redundant ANAP enabling the rerouting to another Aryaka POP in case of POP failure. SmartConnect-ANAP-HA is available in different tiers: Small, Medium,
  3. Bursting-Multiplier allows Customers to exceed the purchased SmartConnect-L2PrivateCore-SBW by up to 50% of the SBW per site with an upper limit of 100 Mbps per site. All Bursting usage, exceeding the SBW, is calculated and billed at the end of the month based on the multiplier on the valid Order Form. The calculation for Bursting usage is based on the 99th percentile of the consumed Customers will pay an additional usage fee, as set forth in the Order Form, for the extra bandwidth used.
  4. SmartConnect-LastMileManagement gives Customers 24×7 proactive Link Monitoring and management of Customer’s procured last mile links that connect an enterprise site to Aryaka Services.
    • Aryaka’s Support team proactively works with the Customer’s ISP, utilizing a Letter of Authorization (LOA) to raise and resolve any issues on the Customer’s behalf. Last Mile Management is a per Link service and utilizes Aryaka’s ANAP technology.
    • At Aryaka’s option, SmartConnect-LastMileManagement Links may be converted to SmartConnect-LastMileService at or around the Customer’s vendor expiration date.
  5. SmartConnect-LastMileService allows a Customer to purchase enhanced last mile connection services from Aryaka, which includes enhanced features compared to typical “ISP” service.
    • SmartConnect-LastMileService always comes with SmartConnect-LastMileManagement which provides Aryaka with enhanced visibility of each Link, utilizing the ANAP.
    • SmartConnect-LastMileService is an enhanced LastMileService which extends Performance Monitoring to “Strategic Network Optimization.”
    • Customer may also request “Smart Insight”, which includes Customer portal access and Customer visibility into each Link.
    • SmartConnect-LastMileService is always sold separately from all other SmartServices on a separately processed and signed Sales Order Form.

Terms of use for SmartConnect Global/Regional Enterprise Services:

  • Customer’s purchase of the Optimized Capacity will be on a per Region basis and can be allocated only among the sites in a particular  Region as defined in Table 1 Site moves (excluding Last Mile Services), bandwidth reallocation and add-on relocations are limited to no more than one (1) change per site in any given month.
  • If Elastic-Multiplier is not included in the Order Form, Customers shall  not exceed the purchased aggregate bandwidth, number of site licenses and/or service limits (“Increase”) as set forth in the Order Form. If such Increase does occur, Customer will be notified, in writing, and the Parties shall execute an amended Order
  • Any billing schedule based on the deployment dates shall be set forth in the Order Form.
  • SmartConnect Global can be purchased through Standard pricing model or Enterprise Flex pricing model.
  • SmartConnect Regional can be purchased through Enterprise Flex pricing model only.

3. SmartCloud enable multi-cloud networking delivered as-a-service. SmartCloud leverages Aryaka’s global L2 Private Core to connect enterprise sites to SaaS and IaaS.

  1. SmartCloud-Azure-VWAN This service allows Customers to connect to the Azure VWAN Hub from Aryaka’s endpoint (ANAP) over the Aryaka manages connectivity to Azure VWAN Hub. SmartCloud-Azure- VWAN requires a SmartManage-SiteLicense.
  2. SmartCloud-SaaS-APP-License is a site license required to connect a SaaS application to Aryaka’s global L2 Private Core.
  3. SmartCloud-IaaS-License is a site license required to connect an IaaS site (e., AWS, Azure) to Aryaka’s global L2 Private Core.
  4. SmartCloud-L2PrivateCore-SBW provides the ability for IaaS and SaaS sites to connect over Aryaka’s middle-mile L2 Private Core. SmartCloud-L2PrivateCore-SBW always requires at least one or more of SmartCloud-SaaS-App-License and/or SmartCloud-IaaS-License. Pricing of subscribing to Aryaka’s core for these services differs per Region, as defined below by Aryaka. Hosted locations for IaaS and SaaS are assigned to one specific Region, as defined in the Table 2 below.
  5. SmartCloud-CSX-RemoteConnection is used when Aryaka leverages the POP provider’s fabric to connect to Service Providers (or Customer data centers that are also connected to the provider’s fabric) in a remote metro location.

Table 2: Aryaka’s SmartCloud Regions are as defined below:

Aryaka Regions Included POPs
Mainland China Beijing, Shanghai
Rest of World Every other region excluding Mainland China

Terms of use for SmartCloud:

  • Pricing for subscription to Aryaka’s core for these SmartCloud Services differs per region, as defined by
  • Hosted locations for IaaS and SaaS are assigned to one specific region.
  • SmartCloud-CSX-RemoteConnection charge is based on the bandwidth and distance between the two ends of the connection. The CSX connection is considered remote when they connect different metro regions.

4. SmartSecure includes all security capabilities offered on the Aryaka platform, including native security capabilities on the ANAP and certain management functions with respect to select third-party firewall services.

SmartSecure-EdgeEssentials service includes native security capabilities offered on the ANAP, including a stateful firewall (L3/L4), zones, and micro-segmentation. The stateful firewall delivers north-south access protection. Zones provide site-segmentation to secure east-west branch traffic. Micro-segmentation enforces end-to-end network isolation between different network segments. SmartSecure- EdgeEssentials is available in different tiers: Small, Medium, and Large.

Terms of use for SmartSecure-EdgeEssentials:

Tiering of SmartSecure-EdgeEssentials (Small, Medium, Large) is mapped to the SmartConnect Global/Regional Site license sizing.

SmartSecure-CloudSecurity-ANAP-Connector service allows Customers to connect to select third-party Cloud Secure Internet Gateway solutions licensed by the Customer from its third-party provided (not by or through Aryaka) (such as Zscaler, Palo Alto Prisma, Check Point CloudGuard connect, Symantec) from an ANAP over the Internet. Aryaka monitors and manages connectivity to the respective Cloud Security providers.

Terms of use for SmartSecure-CloudSecurity-Connector:

Procurement of Secure Internet Gateway licensing is not included as  part of the offering.

  1. SmartSecure-Hosted-VM-Firewall-Service provides the ability to host select third party virtual firewalls licensed by Customer from its third- party provider (not by or through Aryaka) (a “Customer-Owned Firewall”) on an ANAP. In addition to hosting capability, Aryaka provides VM life cycle management consisting of initial Activation, start, stop and deletion of the Firewall virtual machine as part of this Security policy and configuration management of Firewalls, monitoring of threat events, and procurement of the third-party firewall license are outside the scope of the SmartSecure Hosted-VM-Firewall- Service and are the sole responsibility of the Customer. The SmartSecure-Hosted-VM-Firewall- Service is available in different tiers:  Compact and Standard.

Terms of use for SmartSecure-Hosted-VM-Firewall-Service:

  1. Hosting capabilities of the SmartSecure Hosted VM Firewall Service and the Activation of the SmartSecure Hosted VM Firewall Service are limited to third-party next-generation Firewall vendor solutions and form factors that are approved and qualified by Aryaka (“Approved Hosted Firewalls”).
  2. Currently, Approved Hosted Firewalls are the following:

    Approved Hosted Firewalls – Compact: Palo Alto Networks VM-50 and Check Point CloudGuard Edge/Quantum Edge (2 vCPU form factors).

    Approved Hosted Firewalls – Standard: Palo Alto Networks VM-100 and Check Point CloudGuard Edge/Quantum Edge (4 vCPU form factors).

  3. In order to receive the SmartSecure-Hosted VM Firewall Service, Customer must first acquire appropriate license rights with respect to the Customer-Owned Firewall sufficient to allow Aryaka to host the Customer- Owned Firewall and to access the Customer-Owned Firewall as necessary in connection with its Activation of the SmartSecure-Hosted VM Firewall Service (for example, during set-up to ensure traffic flows are acceptable and interface settings are correct) and provide proof to Aryaka of such license rights. Customer must always thereafter maintain such license rights in effect while receiving the SmartSecure-Hosted VM Firewall Service. Customer represents and warrants to Aryaka that Customer has obtained and will maintain such license rights, and Customer agrees to indemnify and hold harmless (without application of any exclusions of damages or exclusions or limitations of liability in the Agreement), and at Aryaka’s request defend, Aryaka and its affiliates, successors and assigns (and its and their officers, directors and employees) from and against any and all claims, losses, liabilities, damages, settlements, expenses and costs (including, without limitation, attorneys’ fees and court costs) which arise out of or relate to Customer’s failure to have obtained and maintained such license rights. Customer hereby grants to Aryaka and its affiliates the right and license to host the Customer-Owned Firewall and to access the Customer-Owned Firewall in connection with Aryaka’s Activation of the SmartSecure-Hosted VM Firewall Service to Customer.
  4. CUSTOMER ACKNOWLEDGES AND AGREES THAT CUSTOMER-OWNED FIREWALLS ARE NOT AN ARYAKA SERVICE OR PRODUCT AND THAT ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO CUSTOMER-OWNED FIREWALLS.
  5. b. SmartSecure-Managed-Firewall-Service is comprised of the operations management described below by Aryaka of select third- party firewalls licensed by Customer from its third-party provider (not by or through Aryaka) (a “Customer-Owned Firewall”) hosted on an ANAP or physical firewall appliances. This service is compromised of the following functions with respect to the Customer-Owned Firewall:

    (i)    configuration and change management,

    (ii)   firewall and network access policy rules as determined and approved by the Customer,

    (iii)  software patching,

    (iv)  24×7 support, and

    (v)   firewall device health monitoring.

    This service excludes (x) security policy design, formulation, Firewall configuration migration services, managed Security Operation Center (“SOC”) services, and (y) procurement of the Customer Owned Firewall, each of which is the sole responsibility of the Customer.

    Terms of use for SmartSecure-Managed-Firewall Service:

    1. The Activation of the SmartSecure Managed Firewall Service is limited to third party next-generation Firewall vendor solutions and form factors that are approved and qualified by Aryaka (“Approved Managed Firewalls”). Currently, Approved Managed Firewalls are listed on the following page:
    2. Palo Alto Networks

      • Compact Firewall: Palo Alto 200 series, 500 series, VM-50
      • Standard Firewall: Palo Alto 800 series, VM-100
      • Full Size Firewall: Palo Alto 3000 series

      Check Point

      • Compact Firewall: CloudGuard Edge/Quantum Edge 2 vCPU
      • Standard Firewall: CloudGuard Edge/Quantum Edge 4 vCPU, SMB/Quantum Spark 1530, 1550
      • Full Size Firewall: SMB/Quantum Spark 1570, 1590, 1600, 1800
      1. Full Size Managed Firewall is restricted to physical Firewall appliances
      2. Security policy design and formulation and managed SOC (Security Operation Center) are not part of the scope of the SmartSecure Managed Firewall Service offering, and Customer is solely responsible for these functions.
      3. Security posture is determined solely by Customer, and Aryaka will only be acting as the implementor of Customer’s security policies under direction and authorization by Customer is solely responsible for its security policies.
      4. Day 0 Firewall policy formulation or configuration migration from a third- party Firewall is not part of the scope of SmartSecure Managed Firewall Service.
      5. In order to receive SmartSecure-Managed-Firewall Services, Customer must first acquire appropriate license rights with respect to the Customer- Owned Firewall sufficient to allow Aryaka to access, manage and otherwise perform SmartSecure-Managed-Firewall-Services with respect to the Customer-Owned Firewall on behalf of the Customer and provide proof to Aryaka of such license rights. Customer must always thereafter maintain such license rights in effect while receiving the SmartSecure-Managed-Firewall Services. Customer represents and warrants to Aryaka that Customer has obtained and will maintain such license rights, and Customer agrees to indemnify and hold harmless (without application of any exclusions of damages or exclusions or limitations of liability in the Agreement), and at Aryaka’s request defend, Aryaka and its affiliates, successors and assigns (and its and their officers, directors and employees) from and against any and all claims, losses, liabilities, damages, settlements, expenses and costs (including, without limitation, attorneys’ fees and court costs) which arise out of or relate to Customer’s failure to have obtained and maintained such license rights. Customer hereby grants to Aryaka and its affiliates the right and license to access, manage and otherwise perform SmartSecure- Managed-Firewall-Services with respect to the Customer-Owned Firewall on behalf of the Customer in connection with the Activation of SmartSecure- Managed-Firewall Services.
      6. CUSTOMER ACKNOWLEDGES AND AGREES THAT CUSTOMER-OWNED FIREWALLS ARE NOT AN ARYAKA SERVICE OR PRODUCT AND THAT ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO CUSTOMER-OWNED FIREWALLS.
        1. SmartSecure-Check Point-Managed-Firewall-Service is comprised of the same scope of service as provided for the SmartSecure- Managed- Firewall Service (Section 4.d., above) and further includes a subscription license to Customer for the firewall product(s) offered by Check Point Software Technologies (“Check Point”) and set forth on the applicable Order Form (“Check Point Products”).

        Terms of use for SmartSecure-Check Point Managed Firewall Service:

        Check Point Products are Activated through Aryaka solely for use in connection with the SmartSecure-Check Point Managed Firewall Services and are licensed by Check Point to the Customer pursuant to the Check Point End-User License Agreement located at: https://www.checkpoint.com/support-services/software-license- agreement-limited-hardware-warranty/ and https://www.checkpoint.com/about-us/cloud-terms/ (as may be updated from time to time), as provided by Check Point or which accompany the Check Point Products (“Check Point EULA”). By ordering the Check Point Products pursuant to an order, Customer acknowledges that its use of the Check Point Products is subject to the Check Point EULA. Customer further authorizes Aryaka, acting as agent for Customer, to accept the Check Point EULA on behalf of Customer as part of the installation process of the Check Point Products. Customer’s license and use of Check Point Products and Check Point’s use of personal information that it collects or generates both in relation to the Check Point website (www.checkpoint.com) and Check Point Products are subject to the terms of Check Point’s Privacy Policy located at https://www.checkpoint.com/privacy/ (as may be updated from time to time). Customer consents to the use of such personal information in accordance with Check Point Privacy Policy.

        Customer further acknowledges and agrees:

        1. Any software contained in the Check Point Products is licensed in object code form only. Customer agrees: (a) not to reverse engineer, decompile or disassemble Check Point Products; (b) not to remove any identification or proprietary notices from Check Point Products; (c) except for back-up copies, not to copy Check Point Products or develop any derivative works thereof; (d) not to develop any other products based on Check Point’s intellectual property contained in any Check Point Products; and (e) not to develop methods to enable unauthorized parties to use Check Point
        2. Check Point, and its licensors, own and shall retain all right (except those expressly and unambiguously licensed in the Check Point EULA), title and interest in and to the Check Point Products, including all hardware and software incorporated therein, as well as any accompanying documentation, including but not limited to, all intellectual property rights embodied
        3. EXCEPT FOR ANY PRODUCT WARRANTY MADE BY CHECK POINT DIRECTLY TO CUSTOMER PURSUANT TO THE CHECK POINT EULA, CHECK POINT MAKES NO WARRANTIES WITH RESPECT TO ANY PRODUCT, LICENSE OR SERVICE AND DISCLAIMS ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTIES OF CHECK POINT DOES NOT WARRANT THAT THE CHECK POINT PRODUCT(S) WILL MEET ANY REQUIREMENTS OR THAT THE OPERATION OF CHECK POINT PRODUCTS WILL BE UNINTERRUPTED OR ERROR FREE. ARYAKA MAKES NO WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE CHECK POINT PRODUCTS AND EXPRESSLY DISCLAIMS ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING AS SET FORTH ABOVE.
        4. EXCEPT TO THE EXTENT EXPRESSLY SET FORTH IN THE CHECK POINT EULA, CHECK POINT WILL HAVE NO LIABILITY ASSOCIATED WITH THE CHECK POINT PRODUCTS. CHECK POINT PRODUCTS ARE NOT AN ARYAKA SERVICE OR PRODUCT AND ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO CHECK POINT
        5. By subscribing to the SmartSecure Check Point Managed Firewall service, Customer is agreeing to a ‘non-cancellable’ Check Point subscription for the applicable Check Point Products valid for the duration specified in the Order
        6. Security posture is determined solely by Customer, and Aryaka will be only acting as the implementor of Customer’s security policies under direction and authorization by Customer. Customer is solely responsible for its security
        7. Check Point Products available in connection with the SmartSecure Check Point Managed Firewall belong to (1) NGTP – Next Gen Threat prevention or (2) NGTX – Next Gen Threat Prevention and Sandboxing subscription categories, based on user selection, as such products are described by Check Point in its Product
        8. Customer will have access rights to the Check Point Products Activated in connection with the SmartSecure Check Point Managed Firewall service only when the Aryaka Managed Firewall Service on Check Point is active. Customer’s subscription and license to the Check Point Products will not be valid after discontinuation of SmartSecure-Check Point-Managed-Firewall- Services from Aryaka.

        d. SmartSecure-Managed-CloudGuard Connect-Service (cloud service) is comprised of a similar scope of service as provided for the SmartSecure-Check Point-Managed-Firewall-Service (Section 4.c., above), this Service is however provided as a cloud solution, delivered on the CloudGuard Connect Product (CGC) offered by Check Point Software Technologies Ltd. (“Check Point”) and set forth on the applicable Order Form. This Service includes a subscription license (NGTP/NGTX) to Customer for CheckPoint CloudGuard

        Terms of use for SmartSecure-Managed-CloudGuard-Connect-Service:

        • SmartSecure-Check Point-Managed-CloudGuard-Connect-Service is subject to the same terms and conditions and Terms of Use, as in Section 4.e. for SmartSecure-Check Point-Managed-Firewall-Services.
        • SmartSecure-Check Point-Managed-CloudGuard-Connect-Service is licensed based on ‘Per user’ licensing. A user is identified by a unique identity/userid as captured in the Customer’s authentication server or identity provider (such as Microsoft Active Directory, LDAP server, etc.) connecting to the Private Access Service during each month.
        • SmartSecure-Check Point-Managed-CloudGuard-Connect-Service covers only for users connecting into CloudGuard Connect using (a) ANAP at a Smart Connect Site and (b) Remote user coming in through Aryaka Private Access Client.
        • Upon Activation of the SmartSecure-Check Point-Managed- CloudGuard-Connect-Service, all user licenses purchased by the Customer in the Order Form will be billed from date of Activation of the Service, or Service commencement date, whichever is earlier.
        • At the end of the month, if the number of unique users connected to the SmartSecure-Check Point-Managed-CloudGuard-Connect-Service has exceeded the committed user count, then the additional usage will be invoiced in arrears. Excess users will be billed based on the Burst multiplier as agreed upon in the Order Form.
        • Each Remote user using the SmartSecure Private Access client to connect into SmartSecure-Check Point-Managed-CloudGuard-Connect shall have no more than three (3) end point devices connecting to such Service.
        • SmartSecure-Check Point-Managed-CloudGuard-Connect-Service is not available in MainLand China.

          e. SmartSecure-Managed-CloudFirewall-CheckPoint-Harmony- Internet-Access-Service is comprised of a similar scope of service as provided for the SmartSecure-Managed-CloudGuard Connect-Service (Section 4.f., above), delivered on the Harmony Connect Internet Access offering from Check Point, which is the rebranded naming for Check Point CloudGuard Connect and set forth on the applicable Order Form. This Service includes a subscription license (Internet Access) to Customer for Check Point Harmony Connect offering. Same Terms & Conditions apply as in Section 4.f.,

          f. SmartSecure-HighAvailability provides additional levels of redundancy for Enterprise Sites with a hosted and, optionally, a Managed Firewall SmartSecure-HighAvailability, in all cases, requires SmartConnect-ANAP-HA and/or a SmartConnect-POP-HA.

          • SmartSecure-HostedVM-FW-HA: provides the ability to enable firewall redundancy at the virtual machine (“VM”) level by hosting a redundant firewall on a redundant Should the active hosted firewall fail, the redundant firewall on the redundant ANAP will automatically become the active firewall. The SmartSecure- HostedVM-FW is available in different tiers: Compact and Standard.
          • SmartSecure-FirewallManage-HA: provides SmartSecure FirewallManage for a redundant firewall (hosted on an ANAP or a firewall appliance). SmartSecure-FirewallManage is available in different tiers: Compact, Standard, and
          • SmartSecure-Check Point-Managed-Firewall-Services-HA: this service is the same as the SmartSecure-FirewallManage-HA , while including the subscription to a Check Point Product on and subject to the same Terms of Use set forth above with respect to the Check Point Managed Firewall

          Terms of use for SmartSecure-HighAvailability offerings for Managed Firewall Service and Check Point Managed Firewall Service:

          • Definition of Compact, Standard and Full-Size Firewall is based on the definitions under SmartSecure Hosted VM Firewall Service and Managed Firewall
          • SmartSecure-HighAvailability offerings will be an optional add-on on top of SmartSecure services defined in Sections 4.c., 4.d. and 4.e., above, and subject to the terms and conditions and Terms of Use of the above respective
          • SmartSecure-Check Point-Managed-Firewall-Services-HA is subject to the same terms and conditions and Terms of Use, as in section 4.e. for SmartSecure-Check Point-Managed-Firewall-Services.
          • SmartSecure-HighAvailability requires SmartConnect-ANAP-HA service.
            g. SmartSecure-VPN Accelerate provides accelerated connectivity to virtual private networks (“VPN”) for remote and mobile users across Aryaka’s private
          • SmartSecure-VPN Accelerate VPN-License privately connects a specific VPN concentrator procured by Customer from its third-party provider (not by or through Aryaka) on the Customer site to Aryaka’s global L2 Private Core (the origin POP). Per VPN concentrator license, a maximum of eight (8) entry-points (the edge POP) are enabled on the Aryaka L2 Private
          • SmartSecure-VPN Accelerate SBW Worldwide provides a single worldwide bandwidth pool to connect remote and mobile users to the Customer’s VPN concentrator using Aryaka’s middle L2 Private Core.

          Terms of Use for SmartSecure-VPN Accelerate:

          For legal compliance purposes, in the case of Mainland China users of SmartSecure-VPN Accelerate, Aryaka requires that the Customer only tunnel corporate internal traffic over SmartSecure-VPN Accelerate, and not use SmartSecure-VPN Accelerate to tunnel Internet traffic to a VPN concentrator located outside of Mainland China.
          h. SmartSecure Private Access is a managed VPN as a Service offering from Aryaka that provides the Customers with VPN Gateway infrastructure for enabling remote user access to Customer’s Private network over Aryaka L2 Private Core. SmartSecure Private Access is delivered as a Managed Service from Aryaka where Aryaka will provide Customers subscribing to the Service with:

          • Access to Globally distributed and redundant VPN Gateways (referred to as Private Access Instances) deployed on Aryaka POPs as a Cloud
          • Private Access VPN client application (referred to as Private Access Client) provided to the Customer by Aryaka (which will be deployed by the Customer’s end users on their devices such as PCs, laptops, and mobile phone).
          • 24 X 7 health Monitoring of Private Access Instances and technical support for the Private Access Service.
          • Configuration and policy management for Private Access Instances.
          • Incident management of Private Access Instances.
          • Integration into Aryaka SmartConnect Global/Regional Services and SmartCloud services (subject to SmartConnect / SmartCloud licensing as required to be purchased by the Customer).

          The responsibilities below are retained by the Customer:

          1. Distribution and installation of Private Access
          2. Ensuring no conflicting VPN Apps/Agents are running on the end-user device that is running the Aryaka Private Access Client, as that may result in interoperability issues and connectivity troubles which will be outside the scope of Aryaka
          3. Level 1 troubleshooting and support for corporate users of Customer based on the documentation and guidance provided by Aryaka to Customer’s IT Department.

          Terms of Use for SmartSecure Private Access:

          • SmartSecure Private Access is licensed based on a ‘Per user’ A user is identified by a unique identity/userid as captured in the Customer’s authentication server or identity provider (such as Microsoft Active Directory, LDAP server, etc.) connecting to the Private Access Service during each month.
          • SmartSecure Private Access has two offerings: One offering for Mainland China and one offering for ROW which excludes Mainland China. Customer can have access to Mainland China POPs of Private Access only with a Mainland China Private Access subscription.
          • SmartSecure Private Access ROW license packaging is available as different tiers based on the size of the user block Customer has opted to commit in for. Per user pricing of SmartSecure Private Access ROW depends on the committed user count as opted in by the Customer as mentioned in the SOF.
          • Subject to subsection (v) below, Customer will be billed based on the committed user count in the Order Form.
          • All user licenses purchased by the Customer in the Order Form will be billed from date of Activation of the Service or Service commencement date, whichever is earlier.
          • At the end of the month, if the number of unique users connected to the SmartSecure Private Access Service has exceeded the committed user count, then the additional usage will be invoiced in arrears. Excess users will be billed based on the Burst multiplier as agreed upon in the Order Form.
          • Each Customer subscribing to Private Access ROW can be provisioned with up to 10 ROW POPs based on the geographical location of the users. Aryaka reserves the right to provision additional POPs to support larger global deployments at no additional cost to Customer.
          • Each Customer subscribed to Mainland China SmartSecure Private Access can be provisioned with up to 3 Mainland China POPs.
          • Each end user using the SmartSecure Private Access Service shall have no more than three (3) end point devices connecting to the Service.
          • Aryaka does not provide Internet Breakout (using a VO, Cloud Security Solution or any other such mechanism) from any of the POPs located outside Mainland China for traffic originating in Mainland China.
          • Aryaka reserves the right to choose the location and number of SmartSecure Private Access POPs that will be reserved for the Customer users to connect to the Service, while every effort will be undertaken by Aryaka to provide the optimal connectivity and experience to end users subject to resource availability on infrastructure side and compliance needs.
          • Aryaka reserves the right to throttle the bandwidth usage for any remote user if an abusive pattern of consumption is observed on a consistent basis.
          • Aryaka reserves the right to decide what capabilities will be added/ modified/removed from the list of supported capabilities and that will be reflected on the product documentation made available to Customers. Notwithstanding the foregoing, Aryaka shall ensure that the Services procured by Customer under the Agreement will not materially adversely deviate from what is agreed by the Parties thereon.
          • The SmartSecure Private Access offering is powered by the remote access technology offering from NCP-engineering, Inc. (“NCP”). By installing the SmartSecure Private Access client (powered by NCP), end users are agreeing to the license agreement with NCP (or affiliate) as specified below:

          https://www.ncp-e.com/fileadmin/_NCP/pdf/info/NCP_License_Terms_Client_EN.pdf

          CUSTOMER ACKNOWLEDGES AND AGREES THAT NCP TECHNOLOGY AND PRODUCT OFFERINGS ARE THIRD-PARTY COMPONENTS AND THAT ARYAKA AND ITS AFFILIATES DISCLAIM AND ARE NOT RESPONSIBLE FOR DAMAGES OR LIABILITIES ARISING FROM OR RELATED TO NCP FROM PRODUCT OR OPERATIONS PERSPECTIVE.

           

          Terms of Use for Secure Web Gateway Service:

          1. Aryaka’s Secure Web Gateway Service provides cloud-based Internet gateway as a middle-protection for a Site-to-Internet, User-to-Internet for web and Internet-based threats.
          2. Aryaka Secure Web Gateway licensing methods:
            • Per user licensing, in addition to Private Access per user license. A user is identified by a unique identity/userid as captured in the Customer’s authentication server or identity provider (such as Microsoft Active Directory, LDAP server, etc.) connecting to the Private Access Service during each month.
            • Per site licensing, in addition to SmartConnect services, SmartConnect EZ or SmartConnect Pro license.
          • Aryaka Secure Web Gateway has two regional offerings:
          • Mainland China.
          • ROW which excludes Mainland China.

          Customer can have access to Mainland China POPs of Private Access only with a Mainland China Private Access subscription for remote users or Mainland China SmartConnect subscription for site.

          1. SmartInsights Service is delivered via the MyAryaka portal providing visibility into the WAN health, performance, utilization, and The MyAryaka portal provides self-servicing options for Service changes and configuration requests and tracking of support tickets.

          Description of Aryaka SmartConnect EZ

          Aryaka SmartConnect EZ is Aryaka’s SD-WAN managed service offering built on Aryaka’s Flexcore (as described below) L3 Private Core and supported by Aryaka’s SILVER lifecycle support and services (as described in Service Policy Document). Customers can purchase GOLD lifecycle support and services for Aryaka SmartConnect EZ sites (as described in Service Policy Document).

          Aryaka’s Flexcore consists of a Layer 2 mesh network for application performance and a Layer 3 mesh network or enhanced Internet for Customers that predominantly use productivity or web/cloud applications.

          Aryaka’s Layer 2 core provides high levels of application performance with WAN optimization. Aryaka’s L3 Private Core is for Customers that want the high-quality Aryaka managed service with predictable performance at a lower cost. This L3 Private Core is provided with advanced loss detection and correction technology without WAN optimization. In the L3 Private Core, all Aryaka POPs in a given Region are interconnected with one another over the Internet, thereby providing increased fault tolerance to outages on any given Link.

          Aryaka SmartConnect EZ is offered in four regions (as defined in Table 3 below) and five different sizes (as defined by Aryaka in Table 4 below) per site. Aryaka SmartConnect EZ provides easy-to-consume managed SD-WAN connectivity services to enterprise sites, such as branch offices, stores, service centers, and data centers.

          Table 3: Aryaka SmartConnect EZ Regions are defined as:

          Aryaka SmartConnect EZ Regions Different regions of the world
          A USA, Canada, Mexico, European Union
          B Asia-Pacific, Japan, Korea, India, Australia/New Zealand
          C Mainland China
          D South Africa, South America, Dubai, Russia

          Customers can subscribe to one of the five bandwidth capacity sizes on the Aryaka middle-mile L3 Private Core on a per-site per-Region basis, as defined by Aryaka in Table 4 below.

          Table 4: Aryaka SmartConnect EZ bandwidth capacity sizes are defined as:

          Aryaka SmartConnect EZ Bandwidth Capacity Sizes Subscribed Bandwidth
          X-Small Up to 10 Mbps
          Small Up to 20 Mbps
          Medium Up to 50 Mbps
          Medium-Plus Up to 100 Mbps
          Large Up to 300 Mbps
          X-Large Up to 1 Gbps

          The Aryaka SmartConnect EZ services consist of the following features:

          • SmartConnect EZ Sites
          • High Availability (“HA”)
          • Last Mile Management
          • Last Mile Service
          • Security Services
            1. Aryaka SmartConnect EZ Sites includes transport over L3 Private Core, five different sizes, in four regions, Cloud IaaS Dedicated Connectivity, Cloud Security Connector, L3/L4 Firewall, Micro-segmentation/Edge Essentials and SILVER lifecycle service and support (as described in Service Policy Document). Subscription price to Aryaka SmartConnect EZ’s size differs per region. Enterprise sites are assigned to one specific Region based on the nearest proximity to one of the Aryaka
            2. Aryaka SmartConnect-EZ-HighAvailability (HA) provides additional levels of redundancy for enterprise sites consuming Aryaka SmartConnect EZ. High Availability is optional.
              • Aryaka SmartConnect-EZ-ANAP-HA Redundancy is enabled at the ANAP device level for a site. Should the active ANAP fail as described  in the SLA, the redundant ANAP will automatically become active and start routing traffic to the designated Aryaka POP. The redundant ANAP is included in this service. Aryaka SmartConnect-EZ-ANAP-HA is available in all five different Aryaka SmartConnect EZ sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
              • Aryaka SmartConnect-EZ-POP-HA Redundancy enabled in case of POP failure and traffic is routed to a backup Aryaka POP. Aryaka SmartConnect-EZ-POP-HA includes a redundant ANAP enabling the rerouting to another Aryaka POP in case of POP failure. Aryaka SmartConnect-EZ-POP-HA is available in all five different SmartConnect EZ sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
            3. Aryaka SmartConnect-LastMileManagement gives Customers 24×7 proactive Link Monitoring and management of Customer’s Links that connect an enterprise site to Aryaka Services. Aryaka’s Support team proactively works with the Internet Service Providers of Customers to raise and resolve any issues on the Customer’s behalf. Last Mile Management is per last-mile SmartConnect-LastMileManagement is optional.
            4. SmartConnect-LastMileService allows a Customer to purchase first-mile and last-mile Internet circuits from SmartConnect-LastMileService always comes with SmartConnect- LastMileManagement. SmartConnect-LastMileService is always sold separately from all other SmartServices on a separately processed and signed sales order form. SmartConnect-LastMileService is optional.
            5. Security Services with SmartSecure includes all security capabilities offered on the Aryaka platform, including native security capabilities on the ANAP and certain management functions with respect to select third-party firewall services. SmartSecure service is optional.

          Terms of use for Aryaka SmartConnect EZ Services:

          • Bandwidth usage shall not exceed subscribed Aryaka SmartConnect EZ size limit per site. Bursting or bandwidth pooling is not available with Aryaka SmartConnect EZ service. Inter-Region Multiplier does not apply to Aryaka SmartConnect EZ services.
          • S2S InternetVPN or MPLS are not applicable to Aryaka SmartConnect EZ service.
          • Site moves (excluding Last Mile Services), bandwidth size reallocation and add-on relocations are limited to no more than one (1) change per site in any given month.
          • If Elastic-Multiplier is not included in the Order Form, Customers shall not exceed the purchased aggregate bandwidth limit for the specific Aryaka SmartConnect EZ service as set forth in the Order Form.
          • Any billing schedule based on the deployment dates shall be set forth in the Order Form.
          • Aryaka SmartConnect EZ can only be purchased under the Enterprise Flex Pricing model.

          Description of Aryaka SmartConnect Pro

          Aryaka SmartConnect Pro is Aryaka’s SD-WAN managed service offering built on Aryaka’s Flexcore (as described above) Layer 2 Private Core and supported by Aryaka’s GOLD lifecycle support and services (as described in Service Policy Document).

          Aryaka’s Layer 2 Private Core provides high levels of application performance with WAN optimization. In the Layer 2 Private Core, all Aryaka POPs in a given Region are interconnected with one another over a Layer 2 Private Core, thereby providing optimized performance.

          Aryaka’s Flexcore architecture allows for mixing of sites with different levels of managed SD-WAN or SASE services. SmartConnect Pro sites can connect to sites with other services like SmartConnect EZ. Flexcore path selection is as follows:

          • When a SmartConnect Pro site communicates with another SmartConnect Pro site, L2 Private Core will be used.
          • When a SmartConnect Pro site communicates with a SmartConnect EZ site, or vice versa, L3 Private Core will be used.
          • When a SmartConnect EZ site communicates with another SmartConnect EZ site, L3 Private Core will be used.

          Aryaka SmartConnect Pro is offered in four regions (as defined in Table 5 below) and five different sizes (as defined by Aryaka in Table 6 below) per site. Aryaka SmartConnect Pro provides easy-to-consume managed SD-WAN connectivity services to enterprise sites, such as branch offices, stores, service centers, and data centers.

          Table 5: Aryaka SmartConnect Pro Regions are defined as:

          Aryaka SmartConnect Pro Regions Different regions of the world
          A USA, Canada, Mexico, European Union
          B Asia-Pacific, Japan, Korea, India, Australia/New Zealand
          C Mainland China
          D South Africa, South America, Dubai, Russia

          Customers can subscribe to one of the five bandwidth capacity sizes on the Aryaka middle-mile L2 Private Core on a per-site per-Region basis, as defined by Aryaka in Table 6 below.

          Table 6: Aryaka SmartConnect Pro bandwidth capacity sizes are defined as:

          Aryaka SmartConnect Pro Bandwidth Capacity Sizes Subscribed Bandwidth
          X-Small Up to 10 Mbps
          Small Up to 20 Mbps
          Medium Up to 50 Mbps
          Medium-Plus Up to 100 Mbps
          Large Up to 300 Mbps
          X-Large Up to 1 Gbps

          The Aryaka SmartConnect Pro services consist of the following features:

          • SmartConnect Pro Sites
          • High Availability (“HA”)
          • Last Mile Management
          • Last Mile Service
          • Security Services
          • InternetVPN
          • MPLS
            1. Aryaka SmartConnect Pro Sites includes transport over L2 Private Core, five different sizes, in four regions, Cloud IaaS Dedicated Connectivity, Cloud Security Connector, L3/L4/Application Deep Packet Inspection Firewall, Micro-segmentation/Edge Essentials and GOLD lifecycle service and support (as described in Service Policy Document). Subscription price to Aryaka SmartConnect Pro’s size differs per region. Enterprise sites are assigned to one specific Region based on the nearest proximity to one of the Aryaka
            2. Aryaka SmartConnect-Pro-HighAvailability (HA) provides additional levels of redundancy for enterprise sites consuming Aryaka SmartConnect Pro. High Availability is optional.
              • Aryaka SmartConnect-Pro-ANAP-HA Redundancy is enabled at the ANAP device level for a site. Should the active ANAP fail as described  in the SLA, the redundant ANAP will automatically become active and start routing traffic to the designated Aryaka POP. The redundant ANAP is included in this service. Aryaka SmartConnect-Pro-ANAP-HA is available in all five different Aryaka SmartConnect Pro sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
              • Aryaka SmartConnect-Pro-POP-HA Redundancy enabled in case of POP failure and traffic is routed to a backup Aryaka POP. Aryaka SmartConnect-Pro-POP-HA includes a redundant ANAP enabling the rerouting to another Aryaka POP in case of POP failure. Aryaka SmartConnect-Pro-POP-HA is available in all five different SmartConnect Pro sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
            3. Aryaka SmartConnect-LastMileManagement gives Customers 24×7 proactive Link Monitoring and management of Customer’s Links that connect an enterprise site to Aryaka Services. Aryaka’s Support team proactively works with the Internet Service Providers of Customers to raise and resolve any issues on the Customer’s behalf. Last Mile Management is per SmartConnect-LastMileManagement is optional.
            4. SmartConnect-LastMileService allows a Customer to purchase first- mile and last-mile Internet circuits from SmartConnect-LastMileService always comes with SmartConnect- LastMileManagement. SmartConnect-LastMileService is always sold separately from all other SmartServices on a separately processed and signed sales order form. SmartConnect-LastMileService is optional.
            5. Security Services with SmartSecure includes all security capabilities offered on the Aryaka platform, including native security capabilities on the ANAP and certain management functions with respect to select third-party firewall services. SmartSecure service is optional.
            6. SmartConnect-InternetVPN means the ability for two sites to communicate securely over the Internet using site-2-site VPN and Aryaka HybridWAN
            7. SmartConnect-MPLS means the ability for a site-to-peer with a Customer Edge MPLS

          Terms of use for Aryaka SmartConnect Pro Services:

          • Site moves (excluding Last Mile Services), bandwidth size reallocation and add-on relocations are limited to no more than one (1) change per site in any given
          • If Elastic-Multiplier is not included in the Order Form, Customers shall not exceed the purchased bandwidth size limit for the specific Aryaka SmartConnect Pro service as set forth in the Order Form.
          • Any billing schedule based on the deployment dates shall be set forth in the Order Form.
          • Aryaka SmartConnect Pro can only be purchased under the Enterprise Flex Pricing model.

          Description of Aryaka Prime EZ

          Aryaka Prime EZ is Aryaka’s SASE (Secure Access Service Edge) managed service offering built on Aryaka’s Flexcore (as described below) L3 Private Core, Secucloud Threat Protect cloud security, supported by Aryaka’s SILVER lifecycle support and services (as described in Service Policy Document). Customers can purchase GOLD lifecycle support and services for Aryaka SmartConnect EZ sites (as described in Service Policy Document).

          Aryaka’s Flexcore consists of a Layer 2 mesh network for application performance and a Layer 3 mesh network or enhanced Internet for Customers that predominantly use productivity or web/cloud applications.

          Aryaka’s Layer 2 core provides high levels of application performance with WAN optimization. Aryaka’s L3 Private Core is for Customers that want the high-quality Aryaka managed service with predictable performance at a lower cost. This L3 Private Core is provided with advanced loss detection and correction technology without WAN optimization. In the L3 Private Core, all Aryaka POPs in a given region are interconnected with one another over the Internet, thereby providing increased fault tolerance to outages on any given link.

          Aryaka’s Secucloud Threat Protect cloud security is Aryaka’s Network Security-as-a-Service establishing a secure perimeter for a distributed enterprise. Secucloud Threat Protect provides global, cloud-based secure web gateway with advanced threat protection capabilities for Site-to-Internet and User-to-Internet against web and Internet-based threats.

          Aryaka Prime EZ is offered in 4 regions (as defined in Table 7 below) and 6 different sizes (as defined by Aryaka in Table 8 below) per site. Aryaka Prime EZ provides easy-to-consume managed SASE services to enterprise sites, such as branch offices, stores, service centers, and data centers.

          Table 7: Aryaka Prime EZ Regions are defined as:

          Aryaka Prime EZ Regions Different regions of the world
          A USA, Canada, Mexico, European Union
          B Asia-Pacific, Japan, Korea, India, Australia/New Zealand
          C Mainland China
          D South Africa, South America, Dubai, Russia

          Customers can subscribe to one of the 6 bandwidth capacity sizes on the Aryaka middle-mile L3 Private Core on a per-site per-Region basis, as defined by Aryaka in Table 8 below.

          Table 8: Aryaka Prime EZ bandwidth capacity sizes are defined as:

          Aryaka Prime EZ Bandwidth Capacity Sizes Subscribed Bandwidth Cloud Security Bandwidth
          X-Small Up to 10 Mbps Up to 10 Mbps
          Small Up to 20 Mbps Up to 20 Mbps
          Medium Up to 50 Mbps Up to 50 Mbps
          Medium-Plus Up to 100 Mbps Up to 100 Mbps
          Large Up to 300 Mbps Up to 300 Mbps
          X-Large Up to 1 Gbps Up to 1 Gbps

          The Aryaka Prime EZ services consist of the following features:

          • Prime EZ Sites
          • High Availability (“HA”)
          • Last Mile Management
          • Last Mile Service
          • Security Services
          1. Aryaka Prime EZ Sites includes transport over L3 Private Core, 6 different sizes, in 4 regions, Secucloud Threat Protect cloud security, Cloud IaaS Dedicated Connectivity, Cloud Security Connector, L3/L4 Firewall, Micro-segmentation/Edge Essentials and SILVER lifecycle service and support (as described in Service Policy Document). Subscription price to Aryaka Prime EZ’s size differs per region. Enterprise sites are assigned to one specific region based on the nearest proximity to one of the Aryaka
          2. Aryaka Prime-EZ-HighAvailability (HA) provides additional levels of redundancy for enterprise sites consuming Aryaka Prime EZ. High Availability is optional.
            • Aryaka Prime-EZ-ANAP-HA Redundancy is enabled at the ANAP device level for a site. Should the active ANAP fail as described  in the SLA, the redundant ANAP will automatically become active and start routing traffic to the designated Aryaka POP. The redundant ANAP is included in this service. Aryaka Prime-EZ-ANAP-HA is available in all 6 different Aryaka Prime EZ sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
            • Aryaka Prime-EZ-POP-HA Redundancy enabled in case of POP failure and traffic is routed to a backup Aryaka POP. Aryaka Prime-EZ-POP-HA includes a redundant ANAP enabling the rerouting to another Aryaka POP in case of POP failure. Aryaka Prime-EZ-POP-HA is available in all 6 different Prime EZ sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
          3. Aryaka SmartConnect-LastMileManagement gives Customers 24×7 proactive Link Monitoring and management of Customer’s Last Mile Links that connect an Enterprise Site to Aryaka Services. Aryaka’s Support team proactively works with the Internet Service Providers of Customers to raise and resolve any issues on the Customer’s behalf. Last Mile Management is per Last Mile SmartConnect-LastMileManagement is optional.
          4. SmartConnect-LastMileService allows a Customer to purchase first-mile and last-mile Internet circuits from SmartConnect-LastMileService always comes with SmartConnect- LastMileManagement. SmartConnect-LastMileService is always sold separately from all other SmartServices on a separately processed and signed sales order form. SmartConnect-LastMileService is optional.
          5. Security Services with SmartSecure includes all security capabilities offered on the Aryaka platform, including native security capabilities on the ANAP and certain management functions with respect to select third-party firewall services. SmartSecure service is optional.

          Terms of use for Aryaka Prime EZ Services:

          1. Bandwidth usage for Subscribed Bandwidth or Cloud Security Bandwidth shall not exceed subscribed Aryaka Prime EZ size limit per site. Bursting or bandwidth pooling is not available with Aryaka Prime EZ service. Inter-Region Multiplier does not apply to Aryaka Prime EZ services.
          2. S2S InternetVPN and MPLS are included in Aryaka Prime EZ service.
          3. Site moves (not including Last Mile Services), bandwidth size reallocation and add-on relocations are limited to no more than one (1) change per site in any given
          4. If Elastic-Multiplier is not included in the Order Form, Customers shall not exceed the purchased aggregate bandwidth limit for the specific Aryaka Prime EZ service as set forth in the Order Form.
          5. Any billing schedule based on the deployment dates shall be set forth in the Order Form.
          6. Aryaka Prime EZ can only be purchased under the Enterprise Flex Pricing model.

        Description of Aryaka Prime Pro

        Aryaka Prime Pro is Aryaka’s SASE (Secure Access Service Edge) managed service offering built on Aryaka’s Flexcore (as described below) L2 Private Core, Secucloud Threat Protect cloud security,and supported by Aryaka’s GOLD lifecycle support and services (as described in Service Policy Document).

        Aryaka’s Flexcore consists of a Layer 2 mesh network for application performance and a Layer 3 mesh network or enhanced Internet for Customers that predominantly use productivity or web/cloud applications.

        Aryaka’s Layer 2 Private Core provides high levels of application performance with WAN optimization. In the Layer 2 Private Core, all Aryaka POPs in a given region are interconnected with one another over a Layer 2 Private Core, thereby providing optimized performance.

        Aryaka’s Flexcore architecture allows for mixing of sites with different levels of managed SD-WAN or SASE services. Prime Pro sites can connect to sites with other services like Prime EZ. Flexcore path selection is as follows:

        • When a Prime Pro site communicates with another Prime Pro site, L2 Private Core will be used.
        • When a Prime Pro site communicates with a Prime EZ site, or vice versa, L3 Private Core will be used.
        • When a Prime EZ site communicates with another Prime EZ site, L3 Private Core will be used.

        Aryaka’s Secucloud Threat Protect cloud security is Aryaka’s Network Security-as-a-Service establishing a secure perimeter for a distributed enterprise. Securing hybrid workers anywhere is fast and easy with our ready-to-go managed service. Secucloud Threat Protect provides global, cloud-based secure web gateway with advanced threat protection capabilities for Site-to-Internet and User-to-Internet against web and Internet-based threats.

        Aryaka Prime Pro is offered in 4 regions (as defined in Table 9 below) and 6 different sizes (as defined by Aryaka in Table 10 below) per site. Aryaka Prime Pro provides easy-to-consume managed SASE services to enterprise sites, such as branch offices, stores, service centers, and data centers.

        Table 9: Aryaka Prime Pro Regions are defined as:

        Aryaka Prime Pro Regions Different regions of the world
        A USA, Canada, Mexico, European Union
        B Asia-Pacific, Japan, Korea, India, Australia/New Zealand
        C Mainland China
        D South Africa, South America, Dubai, Russia

        Customers can subscribe to one of the 6 bandwidth capacity sizes on the Aryaka middle-mile L2/L3 Private Core on a per-site per-Region basis, as defined by Aryaka in Table 10 below.

        Table B: Aryaka Prime Pro bandwidth capacity sizes are defined as:

        Aryaka Prime Pro Bandwidth Capacity Sizes Subscribed Bandwidth Cloud Security Bandwidth
        X-Small Up to 10 Mbps Up to 10 Mbps
        Small Up to 20 Mbps Up to 20 Mbps
        Medium Up to 50 Mbps Up to 50 Mbps
        Medium-Plus Up to 100 Mbps Up to 100 Mbps
        Large Up to 300 Mbps Up to 300 Mbps
        X-Large Up to 1 Gbps Up to 1 Gbps

        The Aryaka Prime Pro services consist of the following features:

        • Prime EZ Sites
        • High Availability (“HA”)
        • Last Mile Management
        • Last Mile Service
        • Security Services
        1. Aryaka Prime Pro Sites includes transport over L2/L3 Private Core, 6 different sizes, in 4 regions, Secucloud Threat Protect cloud security, Cloud IaaS Dedicated Connectivity, Cloud Security Connector, L3/L4 Firewall, Micro-segmentation/Edge Essentials and GOLD lifecycle service and support (as described in Service Policy Document). Subscription price to Aryaka Prime Pro’s size differs per region. Enterprise sites are assigned to one specific region based on the nearest proximity to one of the Aryaka
        2. Aryaka Prime-Pro-HighAvailability (HA) provides additional levels of redundancy for enterprise sites consuming Aryaka Prime Pro. High Availability is optional.
          • Aryaka Prime-Pro-ANAP-HA Redundancy is enabled at the ANAP device level for a site. Should the active ANAP fail as described  in the SLA, the redundant ANAP will automatically become active and start routing traffic to the designated Aryaka POP. The redundant ANAP is included in this service. Aryaka Prime-Pro-ANAP-HA is available in all 6 different Aryaka Prime Pro sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
          • Aryaka Prime-Pro-POP-HA Redundancy enabled in case of POP failure and traffic is routed to a backup Aryaka POP. Aryaka Prime-Pro-POP-HA includes a redundant ANAP enabling the rerouting to another Aryaka POP in case of POP failure. Aryaka Prime-Pro-POP-HA is available in all 6 different Prime Pro sizes: X-Small, Small, Medium, Medium-Plus, Large and X-Large.
        3. Aryaka SmartConnect-LastMileManagement gives Customers 24×7 proactive Link Monitoring and management of Customer’s Last Mile links that connect an Enterprise Site to Aryaka Services. Aryaka’s Support team proactively works with the Internet Service Providers of Customers to raise and resolve any issues on the Customer’s behalf. Last Mile Management is per Last Mile SmartConnect-LastMileManagement is optional.
        4. SmartConnect-LastMileService allows a Customer to purchase first-mile and last-mile Internet circuits from SmartConnect-LastMileService always comes with SmartConnect- LastMileManagement. SmartConnect-LastMileService is always sold separately from all other SmartServices on a separately processed and signed sales order form. SmartConnect-LastMileService is optional.
        5. Security Services with SmartSecure includes all security capabilities offered on the Aryaka platform, including native security capabilities on the ANAP and certain management functions with respect to select third-party firewall services. SmartSecure service is optional.

        Terms of use for Aryaka Prime Pro Services:

        1. Bandwidth usage for Subscribed Bandwidth or Cloud Security Bandwidth shall not exceed subscribed Aryaka Prime Pro size limit per site. Bursting or bandwidth pooling is not available with Aryaka Prime Pro service. Inter-Region Multiplier does not apply to Aryaka Prime Pro services.
        2. S2S InternetVPN and MPLS are included in Aryaka Prime Pro service.
        3. Site moves (not including Last Mile Services), bandwidth size reallocation and add-on relocations are limited to no more than one (1) change per site in any given
        4. If Elastic-Multiplier is not included in the Order Form, Customers shall not exceed the purchased aggregate bandwidth limit for the specific Aryaka Prime Pro service as set forth in the Order Form.
        5. Any billing schedule based on the deployment dates shall be set forth in the Order Form.
        6. Aryaka Prime Pro can only be purchased under the Enterprise Flex Pricing model.
        7. Description of Aryaka SmartCDN (IADS)

          Aryaka SmartCDN provides IP Application Delivery-as-a-Service (“IADS”) as a usage-based service. IADS is used for accelerating any web or IP-based public applications, such as web servers and VDI farms, over Aryaka’s global network using capabilities, such as TCP optimization, caching, and compression with cloud- based management and visibility, when using the MyAryaka portal.

          Terms of use of Aryaka SmartCDN Services (IADS)

          • Aryaka reserves the right to choose the edge POPs and Origin POPs to deliver the Services on its global network.
          • Aryaka reserves the right to limit the maximum data transfer rates achieved over the Aryaka Network based on the aggregate commits purchased.

          6. Description of Aryaka SmartHands Service

          Aryaka SmartHands Service is a professional service offered to a Customer pertaining to the installation and activation of an ANAP to connect a Customer site to Aryaka services. Aryaka SmartHands Service is offered at a Customer’s request for sites which need installation and activation professional services.

          Terms of use for Aryaka SmartHands Service:  Unless otherwise stated in the applicable Order Form or statement of work between Aryaka and the Customer, the terms are as follows:

          • Aryaka SmartHands Service is charged at an hourly rate, billed monthly in arrears.
          • Customer will be charged a minimum of two (2) hours for each site that requires Aryaka SmartHands Service.
          • Aryaka will inform Customer when the Aryaka SmartHands Service will exceed two (2) hours for a particular site, due to delays caused by Customer. Additional hours will be billed to Customer.
          • Customer will reimburse Aryaka for all reasonable and necessary travel-related expenses.

          Description of Last Mile Circuits

          Last Mile Circuit is the physical Link (wired or wireless) that is used to connect Customer’s site to the closest Aryaka POP. The physical Link may be a direct Layer-2 connection or an Internet Circuit. The type of the Last Mile Circuit will be specified in the Order Form.

          Terms of use for Last Mile Circuits:

          • All charges for each Last Mile Circuit Service will commence when each particular circuit is Activated and ready for service, and the ready for service date (“RFS Date”) is communicated to Customer. Such charges shall commence as set forth in the preceding sentence regardless of whether or when other Aryaka Services are Activated. Upon completion of the site survey of Customer’s sites, the particular third-party service provider will advise Aryaka if there will be: (a) additional charges for providing service above the charges previously quoted to In any such case, Aryaka will propose the associated cost changes to Customer; (b) “no service available” or equivalent, or if a redesign is required. Aryaka will then undertake to locate an alternate provider for the Last Mile Circuit. Aryaka will propose the alternate Last Mile Circuit together with the        associated cost changes to Customer.
          • Customer has the right to reject the proposed charges within five (5) days of receipt of the proposal. If Customer rejects the proposal, then the original order for the Last Mile Circuit will be automatically cancelled with no early termination fees. The proposal will be considered accepted if not so rejected by Customer within the 5-day period.
          • All start or completion dates provided at the time of signing the Last Mile Circuit order are advisory and non-binding. The final service activation date will be provided after the third-party service provider has completed the site survey of Customer’s sites.
          • Aryaka will not be responsible for delays in (a) completion of internal wiring, (b) Customer responding to requests for additional information, or (c) gaining access to Customer’s sites to have the service
          • All Last Mile Circuit quotes are based on providing connectivity to the
          • Minimum Point Of Entrance (MPOE). All wiring from the MPOE to Customer’s
          • facilities or equipment is the responsibility of Customer. Upon written request from Customer, Aryaka will advise whether it has the capability to provide the internal wiring, together with an estimate of the associated extra
          • For all Last Mile Circuits, the Mean Time to Repair and the Service Availability Service Level Agreement will, as provided by (or limited by, as the case may be), the particular third-party service provider, depend upon the type of circuit that is

          Description of Link Monitoring

          Link Monitoring means the monitoring by Aryaka of Customer’s Last Mile Circuit Link to be conducted on a 24x7x365 basis, including reports and support as specified herein. Link Monitoring shall be included with the Last Mile Circuit if and as specified in the Order Form together with a letter of authorization from Customer.

          Terms of use for Link Monitoring

          Link Monitoring. If Aryaka receives an executed Letter of Authorization (LOA) from Customer, Aryaka will proceed with the following Link Monitoring services as part of the Last Mile Circuit Management:

          • Monitor the Link 24x7x365 by pinging between Aryaka’s POP and the end-user
          • Pings occur once per second and Aryaka reports average packet loss and latency by the minute.
          • Aryaka monitoring team to be alerted when the rolling average for either latency or packet loss exceeds the applicable thresholds set forth in the SLA
          • As specified in the Last Mile Management SLA terms, in the event of an incident where latency or packet loss exceed the applicable thresholds, or the last mile tunnel becomes unavailable, Aryaka will follow up with Customer, Customer’s Internet Service Provider (ISP), or both
          • In working with each ISP, Aryaka will comply with any incident resolution priority or escalation matrix provided by the ISP.

          Aryaka is not responsible for any ISP failing to restore service in accordance with the ISP’s SLA. Further, Aryaka is not responsible for procuring ISP Links or other non-Aryaka Links for Customer. Service Usage Calculations

          With a few exceptions, for most of the above Services, the service usage calculation   for billing purposes is based on the committed subscribed quantity, as stated on the Order Form. This section details the service usage calculation methods for usage- based Services where billing is based on actual usage, and not solely on the committed subscribed quantity.

          Service usage calculation for Elastic Subscriptions

          Elastic Subscriptions for all Aryaka Services are allowed when the SmartManage- ElasticSubscription-Multiplier option is present on the Order Form and has been elected by the Customer. Any actual Activated quantity of a Service exceeding the subscribed quantity for the Service is defined as Oversubscription usage.

          The unit price for each unit of oversubscription usage is calculated as the product of the SmartManage-ElasticSubscription-Multiplier and the unit price for the Service, each as set forth in the Order Form.

          Service usage calculation for InterRegion Traffic

          InterRegion traffic for SmartConnect-L2PrivateCore-SBW with regional pricing is allowed when the SmartConnect-InterRegion-Multiplier option is present on the Order Form and has been elected by the Customer. InterRegion traffic for a Regional Site is the max of the 99th percentile of the traffic sent to or received from the Regional Site to all other sites that are not in the same Region. InterRegion traffic for a Region is the sum of the InterRegion traffic for all the Regional Sites in that Region. The unit price for InterRegion traffic is calculated as the product of the SmartConnect-InterRegion-Multiplier and the unit price, per the Regional pricing tier, for the Aryaka SmartConnect-PrivateCore-SBW Service, each as set forth in the Order Form.

          Service usage calculation for Bursting

          Bursting for SmartConnect-L2PrivateCore-SBW is allowed when the SmartConnect- Bursting-Multiplier option is present on the Order Form and has been elected by the Customer. Bursting is the actual bandwidth usage above the subscribed bandwidth for SmartConnect-L2PrivateCore-SBW as set forth in the Order Form. Bandwidth Usage for a site is the max of the 99th percentile for the traffic sent or received over Aryaka’s L2 private core. For Regional sites, InterRegion traffic is not accounted for in the Bandwidth Usage. For the Enterprise Flex pricing model, Bursting is calculated for each Region by subtracting the aggregate subscribed bandwidth from the aggregate bandwidth usage for all the sites in that Region. For the Standard pricing model, Bursting is calculated for each site by subtracting the subscribed bandwidth from the bandwidth Usage. The unit price for Bursting is calculated as the product of the SmartConnect-Bursting-Multiplier and the unit price for the Aryaka SmartConnect-L2PrivateCore-SBW service, each as set forth in the Order Form.

          Note: For all the above usage-based services, in the case of multiple Order Forms, the unit price and multiplier are determined by the latest Order Form.

x
tips-for-it-management

10 Tips for IT Management

How to Thrive During an Economic Downturn

Download Report >>