Last revised: 07/10/23
This Otava Managed Services – Product Terms of Use (“Product Terms”) are entered into by and between Otava and the undersigned Client on the effective date as set forth in the applicable Sales Order (“Effective Date”). These Product Terms contain additional terms and conditions specific to Otava Managed Services and are not intended to replace or supersede the Master Agreement between Parties, unless expressly agreed upon in writing by both Parties. Client understands that these Product Terms are legally binding upon Client where Client’s Sales Order includes Otava Managed Services as a line item, and Client agrees to be bound thereby. Otava and Client are referred to herein collectively, as the “Parties” and individually, each a “Party.” The following exhibits are attached hereto and are hereby made part of these Product Terms.
2.1. “Agreement” means the Master Agreement between Parties together with these Product Terms, Statements of Work, if any, and all product-specific terms linked to or referenced in the Agreement.
2.2. “Client Provided Networking Equipment” means those firewalls, gateways, hubs, routers, switches, and other networking devices that (a) Client furnishes or otherwise makes available in connection with the Services; and (b) are In Scope Assets. Client Provided Networking Equipment does not include Otava Provided Networking Equipment or Managed Endpoints.
2.3. “Force Majeure Event” means any occurrence beyond its commercially reasonable control or contingency beyond its commercially reasonable control, including but not limited to, acts of God, earthquake, labor disputes and strikes, riots, war, or governmental requirements.
2.4. “In-Scope Asset” means that certain endpoint device, hardware, server, or other asset that is listed on a Sales Order as an in-scope asset for the relevant Otava Managed Services.
2.5. “Managed Backup Assets” means those certain servers, virtual machines, workstations, and other assets that are In-Scope Assets for backup services.
2.6. “Managed DRaaS Assets” means those certain servers, virtual machines, workstations, and other assets that are In-Scope Assets for disaster recovery services.
2.7. “Managed Endpoints” means (a) that certain virtual desktop infrastructure (i) that Otava makes available to Client pursuant to a Sales Order; and (ii) that are In-Scope Assets; and (b) those certain wireless access points and workstations (i) that Client furnishes or otherwise makes available in connection with the Services; and (ii) that are In Scope Assets. Managed Endpoints does not include Client Provided Networking Equipment or Otava Provided Networking Equipment.
2.8. “Managed Servers” means (a) those certain Otava Cloud services (i) that Otava makes available to Client pursuant to a Sales Order; and (ii) that are In-Scope Assets; and (b) those certain servers (i) that Client furnishes or otherwise makes available in connection with the Services; and (ii) that are In Scope Assets. Managed Servers does not include Client Provided Networking Equipment, Otava Provided Networking Equipment, or Managed Endpoints.
2.9. “Master Agreement” means The General Terms of Sale, The Master Service Agreement, or the Master Terms, as applicable, between Parties.
2.10. “Minimum Asset Requirements” means, collectively and individually, (a) the relevant asset is not end of life; (b) the relevant asset is under a then-current support contract from the applicable Third-Party Vendor and, if applicable in light of the Otava Managed Services purchased by Client, Client has authorized Otava to use such support contract in connection with such Otava Managed Services; and (c) the relevant asset is on Otava’s then-current list of assets eligible for Otava Managed Services.
2.11. “Patch Services Assets” means those certain Otava Cloud, hardware, operating system, and virtual machines that are In-Scope Assets for patching services.
2.12. “Otava Cloud” means the infrastructure-as-a-service infrastructure that is controlled and maintained by Otava and which Otava uses to deliver the Otava Managed Services. Otava Cloud does not include any equipment, hardware, or software that operates outside of Otava’s premises.
2.13. “Otava Managed Services” means those of the following Services that are listed on a Sales Order as a line item: (a) Otava Managed Networking, (b) Otava Managed Endpoint, (c) Otava Managed Server, (d) Otava Managed DRaaS, and (e) Otava Managed Backups.
2.14. “Otava Provided Networking Equipment” means those firewalls, gateways, hubs, routers, switches, and other networking devices that (a) Otava makes available to Client pursuant to a Sales Order; and (b) are In-Scope Assets. Otava Provided Networking Equipment does not include Client Provided Networking Equipment or Managed Endpoints.
2.15. “RACI Matrix” means that certain matrix for the relevant Otava Managed Services that identifies the tasks and deliverables for which Client, Otava, or a third party is responsible, accountable, consulted, or informed, and which is attached hereto as Exhibit A.
2.16. “RMM System” means that certain remote monitoring software, that certain remote management software, and that certain hardware used by Otava to provide the Otava Managed Services.
2.17. “RMM” means remote monitoring and management.
2.18. “Sales Order” means a separately executed document that describes the Services to be performed by Otava.
2.19. “Services” means the services purchased by Client from Otava as set forth in one or more Sales Orders.
3.1. General Requirements. The terms in this Section 3.1 apply to all Otava Managed Services and are in addition to any services specific terms that may be set forth in these Product Terms for specific Otava Managed Services, provided that such additional terms will be limited to the specific Otava Managed Service referenced in the relevant section. Further, terms in this Section 3.1 are in addition to the Otava Managed Services exclusions and limitations set forth in Section 4.1 (Managed Services Exclusions and Limitations). Client agrees and understands that:
(a) Use of certain Otava Managed Services may require Client to purchase licenses to the RMM System, which licenses fees (“RMM Fee”) are in addition to the fees for the Otava Managed Services. Client understands that the software for the remote monitoring component of the RMM System may be the same or different from the software for the remote management component of the RMM System and each software component may have its own RMM Fee.
(b) Use of certain Otava Managed Services may require installation of the RMM System in Client’s environment. The RMM System may include both an RMM software agent and hardware. Subject to Client’s payment of the applicable fee, Otava will provide Client with access to the RMM software agent and, if needed, the accompanying hardware. Client will, at its sole cost and expense, provide the RMM System with a sufficient level of access rights to permit for the proper functioning of the RMM System. Further, Client will use the license keys issued by Otava for the relevant Otava Managed Service deployments, as applicable in light of the Otava Managed Services purchased.
(c) Client will, at its sole cost and expense, provide Otava with a sufficient level of access rights to permit Otava to perform the applicable Otava Managed Services, including to monitor and manage the RMM System. If Otava requires access credentials to Client’s environment or resources (“Otava Designated Credentials”) to perform the applicable Otava Managed Services, Client will, at its sole cost and expense, provide Otava with such access credentials and such access credentials will be unique to Otava. Client will either exempt the Otava Designated Credentials (including, without limitation, those assigned to the RMM System) from Client’s password reset policy or otherwise coordinate any such password reset with Otava as required by Otava to permit Otava to timely perform the Otava Managed Services.
(d) As between the Parties, Client is in the best position to know the assets in Client’s environment and the assets Client requires be in scope to receive the relevant Otava Managed Services. Accordingly, Client will provide Otava with prompt written notice via a service ticket of any changes to Client’s assets and Client will expressly identify which assets are in‑scope and out-of-scope for the Otava Managed Services. Client understands that the RMM System may automatically identify assets added to Client’s environment and (i) Client will be billed the RMM Fee for all assets in the RMM System as of the date the RMM System adds the assets, unless Client has provided and until Client provides Otava with written notice via a service ticket that such added assets are out-of-scope; and (ii) Otava will deem all such added assets as out-of-scope for purposes of the Otava Managed Services unless Client has provided Otava with written notice via a service ticket that such added assets are in‑scope for the Otava Managed Services and the Parties have executed a Sales Order for such added assets. Upon execution of such Sales Order, the relevant added assets will become In-Scope Assets. Client agrees that, for purposes of the asset count for calculating the RMM Fee, the RMM System will serve as the source of truth. Upon Client’s written request via a service ticket, Otava will promptly provide Client with a list of the assets captured by the RMM System.
(e) Otava Managed Services are only available for those assets that meet the Minimum Asset Requirements when such assets are added as In-Scope Assets. Nothing in the immediately preceding sentence will be interpreted to limit Otava’s right to charge the RMM Fee.
(f) Client must provide Otava with prompt written notice via a service ticket of any changes to Client’s infrastructure (whether on-premise or otherwise) that may impact Otava’s ability to perform the Otava Managed Services, including, without limitation, adversely impact the functionality of deployed software.
(g) Unless otherwise expressly provided in a Sales Order, all Otava Managed Services are provided remotely and Otava will have no obligation to perform Otava Managed Services on-site at Client’s premises. Client agrees that Client Personnel assigned to work with Otava will be sufficiently knowledgeable and technically skilled to permit Otava to timely complete the Otava Managed Services related tasks that require assistance from the assigned Client Personnel.
3.2. Otava Managed Networking.
3.2.1. Generally. The terms of this Section 3.2 apply only if Client’s Sales Order includes Otava Managed Networking as a line item. Otava will provide Client with those certain deliverables with respect to and perform those certain tasks for the, as applicable, Otava Provided Networking Equipment or Client Provided Networking Equipment (collectively and individually, the “Networking Equipment”) (a) that are expressly enumerated in the Otava Managed Networking RACI Matrix attached hereto as Exhibit A-1, and (b) where Otava is designated as being either “Responsible” or “Accountable” (collectively, the “Otava Managed Networking”, which will be deemed a “Service”)). Otava Managed Networking services include the Patch Management services set forth in Section 3.7 (Patch Management). For the avoidance of doubt, while there may be certain service component task overlap, Otava Managed Networking services do not include Otava Managed Backups services and, notwithstanding any references to backups in the Otava Managed Networking RACI Matrix, Otava will provide the Otava Managed Backups Services only if such service component is listed as a line item on the Sales Order.
3.2.2. Managed Networking Limitations and Requirements. In performing the Otava Managed Networking services, (a) Otava will add, delete, and modify Client’s users and their roles in the Networking Equipment, provided that Client agrees and understands that, as between the Parties, Client is solely responsible for providing Otava with written notice via a service ticket that a user needs to be removed from, such user’s access rights must be suspended in, or such user’s role must be otherwise modified in the Networking Equipment; and (b) except as otherwise set forth in a Sales Order, the scope of Otava’s monitoring services is limited to monitoring alerts on infrastructure that is an In-Scope Asset for the Otava Managed Networking services. Further, Client acknowledges and understands that Client’s environment may impact the quality of networking (including, without limitation, causing latency, jitter, and network packet loss) and thereby the quality of the Otava Managed Networking services and that, as between the Parties, Client is solely responsible for ensuring that the Client-side environment (including, without limitation, the age and capacity of the cabling in Client’s building and offices, network closets, space for on-premise Networking Equipment, power, circuits, and the like) meets Client’s needs.
3.3. Otava Managed Endpoint.
3.3.1. Generally. The terms of this Section 3.3 apply only if Client’s Sales Order includes Otava Managed Endpoint as a line item. Otava will provide Client with those certain deliverables with respect to and perform those certain tasks for the Managed Endpoints (a) that are expressly enumerated in the Otava Managed Endpoint RACI Matrix attached hereto as Exhibit A-2, and (b) where Otava is designated as being either “Responsible” or “Accountable” (collectively, the “Otava Managed Endpoint”, which will be deemed a “Service.” Otava Managed Endpoint Services include the Patch Management Services set forth in Section 3.7 (Patch Management). For the avoidance of doubt, while there may be certain service component task overlap, Otava Managed Endpoint Services do not include Otava Managed Networking Services and, notwithstanding any references to networking in the Otava Managed Endpoint RACI Matrix, Otava will provide the Otava Managed Networking Services only if such service component is listed as a line item on the Sales Order.
3.3.2. Managed Endpoint Limitations. Client agrees and understands that Otava will have no obligation to provide services to and Otava Managed Endpoint Services do not extend to (a) hardware or any other devices that are personally owned by the individual; (b) cell phones or tablets, whether owned or leased by Client, the individual, or another third party; or (c) laptops owned or leased by Client, except for those laptops that Client expressly designates in writing via a service ticket as a workstation and an In-Scope Asset. Further, in performing the Otava Managed Endpoint Services, except as otherwise set forth in a Sales Order, the scope of Otava’s monitoring Services is limited to monitoring alerts generated by the RMM System on In-Scope Assets for the Otava Managed Endpoint Services. Without limiting the terms in Section 4.1 (Managed Services Exclusions and Limitations), Client agrees and understands that Otava Managed Endpoint Services do not include software application management or troubleshooting, and if Otava performs such services, then Otava will charge Client and Client will pay Otava on a time and materials basis at Otava’s then current service rates.
3.4. Otava Managed Server.
3.4.1 Generally. The terms of this Section 3.4 apply only if Client’s Sales Order includes Otava Managed Server as a line item. Otava will provide Client with those certain deliverables with respect to and perform those certain tasks for the Managed Servers (a) that are expressly enumerated in the Otava Managed Server RACI Matrix attached hereto as Exhibit A-3, and (b) where Otava is designated as being either “Responsible” or “Accountable” (collectively, the “Otava Managed Server”, which will be deemed a “Service”). Otava Managed Server services include the Patch Management services set forth in Section 3.7 (Patch Management). For the avoidance of doubt, while there may be certain service component task overlap, Otava Managed Server Services do not include Otava Managed Networking services and, notwithstanding any references to networking in the Otava Managed Server RACI Matrix, Otava will provide the Otava Managed Networking Services only if such service component is listed as a line item on the Sales Order.
3.4.2. Managed Server Auto Grow. Client understands that for Otava to perform the Otava Managed Server Services, Client must also maintain a sufficient amount of compute (including, but not limited to, CPU, memory, and RAM) resources to meet Client’s infrastructure needs. Otava will provide Client with auto grow services (“Auto Grow Services”) pursuant to which Otava will monitor and maintain compute resource availability for the Managed Servers and add compute resources (a) in such amount and at such time as deemed by Otava, in its reasonable discretion, to be necessary or reasonably appropriate to permit Otava to perform the Otava Managed Server Services, or (b) upon those certain functional demand parameters mutually agreed to by the Parties in writing. Notwithstanding the immediately preceding sentence, Client understands that Otava’s ability to perform Auto Grow Services may be limited to the extent Otava does not receive timely notice of a relevant capacity triggering event. Accordingly, the Parties will reasonably cooperate to implement a mutually agreeable process that will permit Otava to receive automated notice of the relevant capacity triggering event. Except as otherwise set forth in a relevant Sales Order, Client may opt-out of the Auto Grow Services at any time by providing Otava with written notice thereof via a service ticket. If Client opts-out of the Auto Grow Services, then Otava will not add any compute resources to Client’s environment until Client purchases such resources through Otava by entering into a Sales Order for such additional resources or Buyer authorizes such purchase via service ticket. If Client opts-out of the Auto Grow Services, Client may opt back into Auto Grow Services by Buyer submitting a service ticket authorizing the opt-in. Otava will not be liable for the Auto Grow Services or capacity limitations if (i) the RMM agent or other relevant monitoring tools are removed, disabled, or their proper functionality is otherwise restricted or compromised; (ii) Client otherwise fails to provide Otava with timely written notice of a relevant capacity triggering event or other material change in Client’s environment; or (iii) Client opts-out of the Auto Grow Services.
3.4.3. Managed Server Limitations. Without limiting Section 4.1 (Managed Services Exclusions and Limitations) of these Product Terms or as applicable, the Agreement, Client understands and agrees that the Otava Managed Server Services do not include and Otava will be under no obligation to provide Client with any management of or support for (a) anything below the guest operating system, including, without limitation, the applications or troubleshooting the applications; or (b) any data stored within the virtual machines stored within the Managed Servers. Further, Client understands that (i) certain alerts sent as part of the Otava Managed Server services are sent directly to Client via automated systems, without filtering by Otava, and Client is responsible for monitoring such alerts and escalating relevant issues to Otava by submitting a service ticket; and (ii) in performing the Otava Managed Server services, except as otherwise set forth in a Sales Order, the scope of Otava’s monitoring services is limited to monitoring alerts on infrastructure that is an In-Scope Asset for the Otava Managed Server services.
3.5. Otava Managed DRaaS
3.5.1. Generally. The terms of this Section 3.5 apply only if Client’s Sales Order includes Otava Managed DRaaS as a line item. Otava will provide Client with those certain deliverables with respect to and perform those certain tasks for the Managed DRaaS Assets (a) that are expressly enumerated in the Otava Managed DRaaS RACI Matrix attached hereto as Exhibit A-4, and (b) where Otava is designated as being either “Responsible” or “Accountable” (collectively, the “Otava Managed DRaaS”, which will be deemed a “Service”). For the avoidance of doubt, while there may be certain service component task overlap, Otava Managed DRaaS Services do not include Otava Managed Networking Services and, notwithstanding any references to networking in the Otava Managed DRaaS RACI Matrix, Otava will provide the Otava Managed Networking Services only if such service component is listed as a line item on the Sales Order. Further, Client understands that (i) in the event a failover is intended to remedy a security related issue (e.g., malware, virus, ransomware, or other vulnerability), the failover will not be effective unless the previous checkpoint is clean and does not contain the vulnerability, and (ii) Otava has no control over whether the checkpoint is clean and the Otava Managed DRaaS services do not include scanning the Managed DRaaS Assets for vulnerabilities or other security issues.
3.5.2. Additional Client Obligations. In addition to the terms set forth in Section 3.1 (General Requirements) and those Client obligations set forth in the Otava Managed DRaaS RACI Matrix, Client will (a) promptly, within purchasing the Otava Managed DRaaS Services, coordinate with Otava to schedule a meeting to develop a disaster recovery as a service (“DRaaS”) plan, reasonably cooperate with Otava to develop such plan, and review and update the DRaaS plan on an as needed basis, but no less than once every 6 months during the term of the Otava Managed DRaaS Services; (b) if Otava Managed DRaaS Services include virtual machines, then ensure new virtual machines are placed into appropriate protection groups or request inclusion in writing via service ticket; (c) promptly notify Otava of any changes in Client’s on-premises infrastructure that may impact replication or otherwise impact Otava’s ability to perform the Otava Managed DRaaS Services and, as needed, purchase additional DRaaS related resources from Otava to accommodate Client’s infrastructure changes; (d) promptly notify Otava of any virtualization or network maintenance that may impact replication or otherwise impact Otava’s ability to perform the Otava Managed DRaaS Services; and (e) conduct a disaster recovery test no less than once every 6 months during the term of the Otava Managed DRaaS Services and coordinate with Otava to conduct such failover tests as reasonably necessary or otherwise requested by Otava (each of (a) – (e), a “Client DRaaS Obligation”).
3.5.3. DRaaS Auto Grow. Client understands that for Otava to perform the Otava Managed DRaaS Services, Client must also maintain a sufficient amount of compute (including, but not limited to, CPU, memory, and RAM) resources to meet Client’s infrastructure needs. Otava will provide Client with Auto Grow Services pursuant to which Otava will monitor and maintain compute resource availability for the Otava Managed DRaaS and add compute resources in such amount and at such time as deemed by Otava, in its reasonable discretion, to be necessary or reasonably appropriate to permit Otava to meet the recovery time objective and recovery point objective specified in the Sales Order for the Otava Managed DRaaS Services. Notwithstanding the immediately preceding sentence, Client understands that Otava’s ability to perform Auto Grow Services may be limited to the extent Otava does not receive timely notice of a relevant capacity triggering event. Accordingly, the Parties will reasonably cooperate to implement a mutually agreeable process that will permit Otava to receive automated notice of the relevant capacity triggering event. Except as otherwise set forth in a relevant Sales Order, Client may opt-out of the Auto Grow Services at any time by providing Otava with written notice thereof via a service ticket. If Client opts-out of the Auto Grow Services, then Otava will not add any compute resources to Client’s environment until Client purchases such resources through Otava by entering into a Sales Order for such additional resources or Buyer authorizes such purchase via service ticket. If Client opts-out of the Auto Grow Services, Client may opt back into Auto Grow Services by Buyer submitting a service ticket authorizing the opt-in. Otava will not be liable for the Auto Grow Services or capacity limitations if (a) the RMM agent or other relevant monitoring tools are removed, disabled, or their proper functionality is otherwise restricted or compromised; (b) Client otherwise fails to provide Otava with timely written notice of a relevant capacity triggering event or other material change in Client’s environment; or (c) Client opts-out of the Auto Grow Services.
3.5.4. Managed DRaaS Limitations. In addition to the other exclusions and limitations set forth in these Product Terms, Client agrees and understands that Otava’s ability to perform the Otava Managed DRaaS services may be limited or adversely impacted by and Otava will have no responsibility for any or all of the following: (a) Client’s bandwidth provider experiencing throughput or latency issues; (b) Client’s bandwidth levels not supporting the change rate of replicated virtual machines; (c) Client making (i) changes to its network or core routing infrastructure (e.g., IP changes or adding new equipment) that cause a break in the replication chain or are otherwise not compatible with the replication technology used; or (ii) other environment changes including, without limitation, power off, high availability event, or improper vMotions; (d) Client upgrading host to outside of the compatibility of the replication technology used; (e) Client adding or rebuilding a host and not installing the agent or submitting a service ticket, at least 24 hours in advance of the required installation, for Otava to install the agent; (f) any (i) external access to applications including, without limitation, those responsible for DNS failover or global-load balancing; (ii) the failure to use compatible private IP schemes; (iii) third-party software or services not purchased through and delivered by Otava; or (iv) in-guest shares in a virtual machine (iSCSI, CIFS, and NFS); or (g) Client’s failure to meet a Client DRaaS Obligation.
3.6. Otava Managed Backups. The terms of this Section 3.6 apply only if Client’s Sales Order includes Otava Managed Backups as a line item. Otava will provide Client with those certain deliverables with respect to and perform those certain tasks for the Managed Backup Assets (a) that are expressly enumerated in the Otava Managed Backups RACI Matrix attached hereto as Exhibit A-5; and (b) where Otava is designated as being either “Responsible” or “Accountable” (collectively, the “Otava Managed Backups”, which will be deemed a “Service”). Client agrees and understands that the Otava Managed Backups Service is also subject to the Otava Cloud Backup Product Terms located at https://www.otava.com/legal/product-terms-of-use/, which are incorporated herein by reference, and Client hereby agrees to comply with the applicable terms of the Otava Cloud Backup Terms. Client understands that (i) in the event a restore is intended to remedy a security related issue (e.g., malware, virus, ransomware, or other vulnerability), the restore will not be effective unless the previous checkpoint is clean and does not contain the vulnerability; (ii) Otava has no control over whether the checkpoint is clean and the Otava Managed Backups Services do not include scanning the Managed Backup Assets for vulnerabilities or other security issues; and (iii) except as otherwise set forth in a Sales Order or the Otava Cloud Backup Terms of Use, the scope of Otava’s monitoring services is limited to monitoring alerts on infrastructure that is an In-Scope Asset for the Otava Managed Backups Services.
3.7. Patch Management. The terms of this Section 3.7 apply only if the RACI Matrix for the relevant Otava Managed Services expressly enumerates patching as a deliverable or task and designates Otava as being either “Responsible” or “Accountable” for such patching. Otava will provide Client with those patching services described in this Section 3.7 to the Patch Services Assets (“Patch Management”). Unless otherwise expressly stated in the Sales Order for the relevant Otava Managed Services, the Patch Management services are limited to the types of patches expressly identified in the relevant RACI Matrix (i.e., operating system security patches or firmware patches) (“Patches”). Otava will perform Patch Management in accordance with Otava’s standard patching policies and procedures. Client understands that Otava’s responsibly is limited to pushing out the Patches, and Client is responsible for applying the Patches. Client understands that, from time to time, the Patches require the virtual machines to be rebooted, and, unless otherwise expressly stated in the Sales Order for the relevant Otava Managed Services, Otava will provide reboot services subject to the Additional Terms for WSUS Reboot Services, attached and incorporated by reference as Exhibit C. As applicable, Client acknowledges and agrees to be bound by such Additional Terms for WSUS Reboot Services. Otava will not push out Patches that are in beta testing. Upon Client providing Otava with written notice via service ticket that Client is experiencing an issue with the deployed Patches, Otava will roll back such Patches, and, as between the Parties, Client will be solely responsible for rolling back any virtual machines and applications if needed. Any Patches troubleshooting beyond rolling back the Patches are out of scope and if Otava performs such services then Otava will charge Client and Client will pay Otava on a time and materials basis at Otava’s then current service rates.
4.1. Managed Services Exclusions and Limitations. THE DISCLAIMERS AND LIMITATIONS IN THIS SECTION 4.1 ARE IN ADDITION TO AND NOT IN LIEU OF ANY DISCLAIMERS AND LIMITATIONS SET FORTH IN ANY OTHER TERMS OF THE MASTER AGREEMENT OR OTHER PARTS OF THESE PRODUCT TERMS. Without limiting the generality of the immediately preceding sentence, Client agrees and understands that:
(a) The services that are in-scope for Otava Managed Services are limited to those that are (i) expressly enumerated (1) in these Product Terms for the relevant Otava Managed Services, and, if the Otava Managed Services include Otava Managed Backups, the Otava Cloud Backup Terms, or (2) in a relevant Sales Order as included within the relevant Otava Managed Services; and (ii)purchased by Client as indicated by the relevant Otava Managed Services being listed as a line item in the Sales Order. All other services are out‑of‑scope for purposes of Otava Managed Services, including, without limitation, the following: (A) professional services, including those that would be required to perform proof of concept testing, staging, or migration into production; (B) training of Client Personnel; and (C) maintenance, support, and troubleshooting of Client’s applications (including, without limitation, application configuration and network problems caused by the application). For the avoidance of doubt, as used herein, Client’s applications do not include the RMM System. Further, Client understands that Otava’s monitoring services are limited to alert management of automated alerts and, except as otherwise set forth in the relevant Sales Order, only extend to, as applicable in light of the nature of the Otava Managed Services purchased by Client, ping, memory, CPU, storage, traffic on the NICs, and backup jobs.
(b) Subject to Client paying the applicable fees as further set forth in Section 5 (Fees), Otava may provide Client with certain out‑of‑scope services, provided that (i) Otava performing such services do not bring such services in‑scope for Otava Managed Services; and (ii) Otava may decline to perform such out‑of‑scope services at any time at Otava’s sole discretion.
(c) Otava’s obligation to perform the Otava Managed Services or a component thereof will be limited to the extent that Otava’s ability to perform is limited or adversely impacted by:
(d) As between Client and Otava, (i) Client will be responsible for all acts and omissions of the Client Personnel; and (ii)Client will cause the Client Personnel to comply with the applicable provisions of the Agreement and applicable Third‑Party EULA terms. Further, Client agrees and understands that a breach of the Third‑Party EULA by Client or the Client Personnel will be a material breach of the Agreement.
(e) Otava is not responsible or liable for the quality of and does not independently test the Patches. Further, (i) Patches may, from time to time, interfere with the functions and functionality of applications (including those they are intended to patch) and other services running or installed in the Client Systems or other infrastructure; and (ii) Patches are pushed out by automated tools and while Otava will use commercially reasonable efforts to monitor such tools, such tools may periodically fail, and Otava will have no liability with respect to any such failures.
(f) Otava reserves the right to reject an Otava Managed Services-related change requested by Client. A requested change may be rejected because, without limitation, an asset is out‑of‑scope, the change may cause incompatibility issues, the change may cause compliance issues, or the change is not supported by the vendor device. In the event Otava rejects a change requested by Client, Otava will promptly provide Client with a written explanation, and the Parties will reasonably cooperate to determine an appropriate accommodation, as needed.
(g) Client may not disable or otherwise interfere with the operations of the RMM System, including, without limitation, by blocking updates thereto. Client understands that disabling the RMM System or the Otava Designated Credentials does not terminate the Otava Managed Services and does not serve as notice of termination to Otava.. Further, Client agrees and understands that Client may not access or use the RMM System or any other Third-Party Products for purposes of monitoring their availability, performance, or functionality, or for any other benchmarking or competitive purposes, unless permitted to do so in the Third-Party EULA or another contract between Client and the relevant Third-Party Vendor.
4.2. Interoperability. Client understands and acknowledges that Otava uses Third-Party Products to perform and deliver the Otava Managed Services. Otava did not create or design such Third-Party Products and, accordingly, Client agrees that Otava will not be liable for any defects, flaws, inefficiencies, malfunctions, or programming errors in any such Third Party Products, including, without limitation, any bugs in the RMM System. The Third-Party Vendor may change and remove features and functions of the Third Party Products and (a) Client will not be entitled to any refund, credit, or other compensation as a result thereof; (b) Otava may cease providing Otava Managed Services features or functions as a result of such Third-Party Vendor changes and Client will not be entitled to any refund, credit, or other compensation as a result thereof; and (c) Otava will not be liable for any such changes or removals or any issues arising therefrom or as a result thereof.
In addition to fees set forth in the Sales Order, and fees described in these Product Terms, including the RMM Fee, Client understands and agrees that fees paid for Otava Managed Services do not cover any of and Otava may charge Client additional fees for: (a) technical support services for out of scope services, including, without limitation, support for applications (including, without limitation, software packages, add-ons, and APIs, whether they are installed on premise or an Otava Cloud environment), training, and troubleshooting Client Systems (but only to the extent the impacted asset is not an In Scope Asset for the relevant Otava Managed Services), as well as those assets and services that are determined to be out of scope while performing in scope Otava Managed Services; (b) technical support services to the extent the relevant issue was caused by Client, Client Personnel, Client Data, or Client Systems (but only to the extent the impacted asset is not an In Scope Asset for the relevant Otava Managed Services) including, without limitation, for assisting Client to restore data from the Services environment in the event Client suffers a ransomware event, and break/fix for a networking or group policy change made by Client or Client Personnel; (c) technical support services to the extent the relevant issue was caused by a deliverable or task (or the related software, hardware, or other assets or services) where a RACI Matrix designates Client as being either “Responsible” or “Accountable”, except to the extent Otava is also designated as being either “Responsible” or “Accountable”; (d) professional services, including those that would be required to perform proof of concept testing; staging; migration into production; re-configuring resources in accordance with Client’s written request; integration of newly acquired or introduced hardware, software, or networks, or with other formerly non-existent third party resources; (e) any other services that Otava provides (including, without limitation, additional bandwidth, services at other Otava data centers, third-party software licenses, and so forth) and that are not expressly identified as a line item in the Otava Managed Services Sales Order or as a line item in another Sales Order in effect between the Parties; (f) equipment, hardware, and parts, except for those purchased by Otava for the Otava Cloud; (g) licensing, software, and software assurance, including renewals and upgrades; (h) courier services, shipping and handling, packaging, and postage; (i) support and services provided by Third Party Vendors, original equipment manufacturer, and other manufacturers; (j) services performed on Client’s premises, including on-premise wiring of any kind; and (k) travel, travel time, gas or gas mileage, food, per diem, and accommodations, when applicable, when visiting Client’s premises or any other third party site on Client’s behalf. Unless otherwise set forth in a Sales Order for the relevant Otava Managed Services, (1) all such additional fees will be charged to Client at Otava’s then current rates for the relevant services and in the manner generally charged (e.g., per license, based on consumption, direct pass through, and so forth); and (2) any technical support services provided by Otava for out of scope services will be provided on a time and materials basis at Otava’s then current service rates.
In the event these Product Terms expire or are terminated for any reason, Client (a) agrees and understands that unless otherwise expressly provided by the relevant Third-Party Vendor or on a Third Party EULA, Client’s right, if any, to use the Third Party Products will automatically expire and Client will, accordingly, cease all use of the applicable Third Party Products, including the RMM agent; and (b) Client will promptly return to Otava the RMM hardware, if any, and if Otava does not receive such hardware within 15 days (or such longer period as mutually agreed by the Parties via a service ticket) of the termination of the relevant Otava Managed Services, then Otava may invoice Client and Client will pay the replacement cost for such hardware.
The provisions of Sections 5 (Other Fees), 6 (Termination), and 7 (General Terms) will survive the termination or expiration of these Product Terms.
The terms in this Additional Terms for Older MSAs Exhibit (“Exhibit”) supplement are made part of the Otava Managed Services -Product Terms of Use to which this Exhibit is attached only if the Parties entered into an MSA on or before July 1, 2022 or the version of the MSA in effect between the Parties as of the Product Terms’ Effective Date is an MSA prior to version 2022-2.0. Capitalized terms used in but not otherwise defined in this Exhibit will have the meaning attributed to such terms in the Product Terms or other parts of the MSA,.
2.1. “Addenda” means collectively all executed Sales Orders and all applicable addenda or service specific terms linked to or refenced in the Agreement, a Sales Order, or subsequently agreed to by the Parties (each an “Addendum”).
2.2. “Administrator Data” means the information provided to Otava or otherwise received by Otava during sign up, purchase, or administration of the Services for Client. Administrator Data does not include Client Data, Feedback, or Usage Data.
2.3. “Authorized Contact” has the meaning attributed to such term in the MSA, and if not defined, then has the meaning set forth in Section 3.1 (Contacts).
2.4. “Billing Start Date” has the meaning attributed to such term in the MSA, and if not defined, then means the earlier of (a) the date Otava makes the applicable Service(s) available to Client for Client’s use, or (b) 30 days after executing a Sales Order.
2.5. “Client Data” means the data, information, and materials that Client stores, transmits through, or uploads into the application layer of the Services.
2.6. “Client Personnel” has the meaning attributed to such term in the MSA, and if not defined, then means, collectively and individually, employees, agents, contractors, subcontractors, service providers, and Authorized Contacts. Client Personnel does not include Otava.
2.7. “Limitations” means the number of hosts, license types, memory, number of licenses, number of users, purpose, storage, or other usage limits, if any, set forth in an applicable Sales Order.
2.8. “Minimum Commitment” has the meaning attributed to such term in the MSA, and if not defined, then means Client’s commitment to pay a minimum charge for the Services, regardless of actual usage or other factors.
2.9. “Portal” means the certain web based portal that Otava may make available to Client to access and manage the Services, including adding user roles, purchasing additional Services, and submitting service tickets.
2.10. “Support Portal” means https://support.otava.com, or such other url for support issues as Otava may provide.
2.11. “Third Party EULA” has the meaning attributed to such term in the MSA, and if not defined, then has the meaning set forth in Section 4.3 (Third Party Products). Third Party EULA includes the Trend Micro EULA.
2.12. “Third Party Product” has the meaning attributed to such term in the MSA, and if not defined, then means any infrastructure, hardware, or software, where such infrastructure, hardware, or software is owned or licensed by a Third‑Party Vendor, such as Microsoft Corporation or Trend Micro Incorporated.
2.13. “Third-Party Vendor” means a third-party product or service provider that is not identified as a Party to the MSA.
3.1. Contacts. Client will use the Portal to designate, change, and otherwise manage various access roles for Client and the Client Personnel (each an “Authorized Contact”) in connection with the Services. Client agrees that Otava will be permitted to act and rely on the direction and instructions of the Authorized Contact, unless and until Client revokes the relevant individual’s access role. If Client wishes to add or remove an Authorized Contact, or modify an Authorized Contact’s information or authority, Client must do so through the Portal.
3.2. Cooperation. Client understands and acknowledges that Otava cannot perform the Services without the assistance and cooperation of Client Personnel. Accordingly, Client will: (a) cooperate, in good faith, with Otava with respect to activities necessary or reasonably appropriate for Otava to provide Services including, without limitation, cooperating with Otava to schedule maintenance required for major system upgrades as applicable; (b) devote such time as needed to timely review any information provided and timely respond to and advise Otava with respect to activities as they relate to the Agreement, including, without limitation, as applicable in light of the actual Services, timely authorizing operating system upgrades; (c) provide to Otava, at no charge, reasonable access to the Client Personnel to reasonably assist Otava with respect to the activities as they relate to the Services; and (d) reasonably facilitate and hereby authorize the communication between Otava and Client Personnel, as necessary or reasonably appropriate for Otava to deliver the Services. Client understands that for Otava to meet certain audit obligations, maintain compliance certifications, or address software and systems obsolescence, Otava must perform certain patching, updates, and upgrades to systems and technologies managed by Otava, some of which may be included in or otherwise impact Client’s Services. Accordingly, notwithstanding anything to the contrary in this Section 3.2 or any other term in the Agreement, Otava reserves the right to perform any and all patching, updates, and upgrades to the systems and technologies managed by Otava, as determined by Otava in its sole discretion and without further approval from or liability to Client, provided that Otava will provide Client with prompt (as reasonable under the circumstances) written notice (which notice may be provided by email, a service ticket, or by posting in the Portal) of such patches, updates, and upgrades.
3.3. Access to Client Systems. Client agrees and understands that to perform the Services, Client may need to make available to Otava access to Client’s information technology resources, data systems, virtual machines, third-party software and hardware, and related resources from the Client-side environment (collectively, the “Client Systems”). As between Client and Otava, Client will, at its expense, take the necessary steps (including, without limitation, obtaining all authorizations, consents, licenses, and sublicenses) to make available to Otava the Client Systems that Otava may require or reasonably request to provide the Services. As between Client and Otava, Client is solely responsible for the Client Systems’ costs and for obtaining, installing, configuring, and maintaining appropriate equipment and ancillary services needed to connect to, access, and otherwise use the Services, including, without limitation, communication lines, network connectivity, hardware, software licenses, web browsers, and power.
3.4. Configuration, Management, and Monitoring. Otava may provide Client with certain deployment, management, and support Services as described in one or more Sales Orders, provided, however, Client agrees and understands that Client remains solely responsible for (a) understanding Client’s legal and contractual obligations and ensuring that the Services meet Client’s needs; (b) evaluating and understanding the limitations of the Services; (c) determining the scope and type of Services Client must purchase from Otava to meet Client’s operational and compliance requirements, including, without limitation, need for high availability, auditing obligations under applicable privacy and security laws, and retention duration; (d) properly configuring, managing, and monitoring the Client-side components of the Services, including, for example, periodically testing backups if Client’s Services include backup services; € properly configuring, managing, updating, and upgrading the applications and related services hosted by Client in the Services environment (including, without limitation, as applicable, using the then-current or supported versions of the programming languages for applications, patching, using genuine and licensed software, and upgrading as needed before end of life is reached for the relevant Client-side system component), and properly administering the Client-side environment to ensure that Client’s compliance objectives are achieved and legal obligations are met; (f) timely reviewing and assessing any alerts, logs files, and reports in accordance with Client’s policies and otherwise properly monitoring the Services and the activities of the Client Personnel and other end users on the Services; and (g) training the Client Personnel on the scope of Otava’s Services and Client’s obligations. Client understands that Client is solely responsible for all actions and activities taken or not taken, as the case may be, under access credentials assigned to Client and the Client Personnel in connection with the Services. Further, Client agrees and understands that Client, and not Otava, is responsible for managing whether the Client Personnel are authorized to access or use the Services and Otava will have no obligations relating thereto.
3.5. Consents and Authorizations. As between the Parties, Client is solely responsible for and will, at Client’s own expense: (a) to the extent required by applicable law, notify applicable end users that their personally identifiable information is accessed, collected, stored, transmitted through, or otherwise used by Otava; (b) respond to and otherwise manage consumer requests, if any, related to the Client Data as required by applicable law; and (c) obtain all third party consents and authorizations with respect to the Client Data as may be necessary or reasonably appropriate for Otava to perform the Services in accordance with the Agreement and to ensure that Otava can comply with all applicable laws in providing the Services. Otava will, at Client’s expense, (i) reasonably assist Client, as needed, to cooperate with and respond to requests from auditors, insurance carriers, regulators, consumers, customers, and others to provide information related to Otava’s processing of the Client Data and use of the Services; and (ii) assist with, respond to, or otherwise support legal holds (such as those that Otava receives from a third party because Otava stores the Client Data), discovery requests, ediscovery, affidavits, subpoenas, and other litigation or legal proceeding support services related to the Administrator Data, Client Data, or the Services (this Section 3.5(i) and (ii), collectively as the “Compliance Support Services”); provided that the Parties agree that, Otava may, in its reasonable discretion and to the extent legally permissible, decline to provide the Compliance Support Services or otherwise limit the scope of such Compliance Support Services. Otava will charge and Client will pay for the Compliance Support Services at Otava’s and, if applicable, Otava’s vendors’ (including, without limitation, attorneys and digital forensics vendors), then current time and materials rates, provided that Otava will provide Client with written notice in advance of charging such fees. Otava may, at its sole discretion, require a deposit or other advance payment before providing the Compliance Support Services.
4.1. Administrator Data. As between Client and Otava, Client owns the right, title, and interest in and to the Administrator Data, except for the limited rights granted in the MSA and subject to applicable third party licensor rights in the Administrator Data. Client hereby grants Otava a fully paid, limited, nonexclusive, royalty-free right and license (a) during the Services Term and for the duration of any transition period, to access, adapt, aggregate, copy, disclose, display, distribute, modify, process, publish, reformat, store, and use the Administrator Data for the purpose of administering and performing the Services and to otherwise fulfill Otava’s obligations under the MSA; and (b) on a perpetual basis, to access, adapt, aggregate, copy, display, modify, process, reformat, store, use, and create derivative works of Administrator Data, metrics, statistics, and other analytics and to aggregate, copy, disclose, distribute, publish, and use such information for Otava’s internal business purposes, legal compliance, and record keeping, including, without limitation, developing anonymized benchmarks and metrics, provided that Otava will use commercially reasonable efforts to ensure that use of Administrator Data does not individually identify Client or any Client employees.
4.2. Client Data. As between Client and Otava, Client owns the right, title, and interest in and to the Client Data, except for the limited rights granted in the Agreement. Client hereby grants Otava a fully paid, limited, nonexclusive, royalty-free right and license during the term of the Agreement and for the duration of any transition period, to copy, display, host, process, store, and transmit the Client Data for the purpose of delivering the Services, including, without limitation, Client’s and Client Personnel’s access and use of the Third Party Products, and to fulfill Otava’s obligations under the Agreement.
4.3. Third-Party Products. Otava may make certain Third-Party Products available to Client in connection with or to use directly with the Services (e.g., Microsoft Server licenses) or use of the Services may require a license to and use of Third-Party Products (e.g., Veeam backup software). Client agrees and understands that Client’s access to use of the Third Party Products is subject to the terms and conditions of an end user license agreement, cloud services agreement, or such other document issued by the applicable Third-Party Vendor (“Third-Party EULA”). Otava does not (a) endorse the Third-Party Products; or (b) control or accept responsibility for the Third Party Products, except to the extent Otava is designated as being either “Responsible” or “Accountable” in an applicable RACI Matrix for the Otava Security Services. Any and all agreements, services, and transactions between Client and such Third-Party Vendor in connection with the Third-Party Products, including but not limited to such Third-Party Vendor’s privacy policies, service level terms, data use terms, and any other terms, conditions, representations, and warranties associated with such agreements, services, or transactions, are solely between Client and such Third-Party Vendor. Client understands that Otava did not design the Third Party Products and, accordingly, Client agrees that Otava will not be liable for any defects, flaws, inefficiencies, malfunctions, or programming errors in any of the Third Party Products. To the extent available to Otava and within Otava’s control, Client will have the right to review the Third-Party EULA for any Third-Party Products upon Client’s request and prior to executing the applicable Sales Order. If the Agreement or an applicable Sales Order is terminated for any reason, Otava will have no responsibility or liability to Client for the cost of any such Third-Party Products. Unless otherwise provided in the Third-Party EULA, the rights granted to Client in the Third Party EULA are solely for Client’s use in connection with the Services and will terminate on the earlier of expiration or termination of (i) the Agreement; (ii) an applicable agreement between Otava and the licensor of the Third Party Products, as applicable; or (iii) the Third-Party EULA. Without limiting the generality of the immediately preceding sentence, Otava may, in its sole discretion and with 30 days’ advance written notice to Client (which notice may be provided by email, a service ticket, or by posting in the Portal), modify or discontinue the availability of any Third-Party Products provided with the Services if the licensor or Third-Party Vendor changes its terms with Otava. By using the Third Party Products, Client grants Otava permission to allow the licensors of such Third-Party Products to access and use the Administrator Data and Client Data as required or reasonably appropriate for the purpose of delivering the Third Party Products to or for Client and the Client Personnel, as applicable, in connection with the Services, and to otherwise enable use of the features and functions of such Third-Party Products. Without limiting Section 3.5 (Consents and Authorizations), Client will, at its own expense, obtain all consents and permissions from its employees and other relevant end users as necessary and appropriate to grant the rights granted in this Section 4.3.
4.4. Otava Proprietary Rights. Client acknowledges and agrees that Client is engaging Otava due to Otava’s expertise, know how, knowledge, materials, special skills, and each of its component parts (including, without limitation, algorithms, analytics, audio visual works, charts, compilations, coherence and methods of operation of systems, conceptions, configurations, data, data center, data center architecture, database structuring techniques, databases, designs, developments, diagrams, formatting, forms, general skills, graphs, ideas, inventions, know how, libraries (code or otherwise), lists, logic, ‘look and feel’, materials, methodologies, metrics, models, network architecture, policies, Portal, procedures, records, reports, schematics, software and its object and source code, system designs, technical documentation, techniques, templates, text, tools, user interfaces, and utilities, and other works of authorship, or any part thereof and any arrangement, coordination, combination, and selection thereof, and any improvement thereto and modifications thereof), and proprietary information, and all intellectual property rights therein (collectively, the “Otava Materials”) that Otava developed or acquired prior to the Agreement or during the Agreement but in connection with performing services for another client. As between Client and Otava, Otava will retain and Client acknowledges that Otava hereby retains all interest, right, and title in and to the Otava Materials and nothing contained in the Agreement will be construed as the relinquishment on the part of Otava of any of Otava’s ownership interest in the Otava Materials. Further, for the avoidance of doubt, Otava may develop certain improvements and modifications to the Otava Materials and other general skills as a result of working with Client. Otava will retain all interest, right, and title of every nature in and to such improvements, modifications, and general skills throughout the universe, whether such rights are now known or hereafter devised, with the right to use the improvements, modifications, and any applicable general skills in perpetuity in any manner Otava desires, in its sole discretion, without any payment to Client or any obligation of accounting.
4.5. Trademarks and Copyrights. Client acknowledges and agrees that all content on the Third-Party Products and the Otava Materials as well as certain content on the Administrator Data (including with respect to each of the Third Party Products, Otava Materials, and Administrator Data, as applicable and without limitation, audio, graphics, graphs, images, sounds, text, user interfaces, and visual interfaces as well as, without limitation, the arrangement, coordination, design, expression, ‘look and feel’, structure, and selection thereof) is the exclusive property of and owned by Otava, the Third Party Products vendors, the Administrator Data vendors, or its and their licensors and are protected by copyright, trademark, and other intellectual property rights and unfair competition laws. Client will not and will not permit any of the Client Personnel to modify, obscure, or delete (including through selectively copying or printing material) any copyright, trademark, trade secret, government restricted rights, or other proprietary or confidentiality notices or legends that are placed or embedded in the Third Party Products, Otava Materials, or Administrator Data. Nothing on or in the Third Party Products, Otava Materials, or Administrator Data will be construed as granting, by implication, estoppel, or otherwise, any license or right to use any logo, service mark, or trademark displayed thereon or therein, without the owner’s prior written permission, except as otherwise described in these Product Terms or, with respect to the Third-Party Products, in a license between Client and such Third-Party Products vendor (including any Third Party EULA).
4.6. Usage Data and Operational Information. Client agrees and understands that certain of the systems and software used to deliver the Services or the Third-Party Products or otherwise used in connection with the Services or the Third-Party Products may, from time to time, collect and automatically report back information related to usage of the Services, the Third Party Products, and related information technology systems (“Usage Data”). Usage Data may include IP addresses, but does not include Client Data. Such Usage Data may be reported to Otava as well as the relevant information technology or software system Third-Party Vendor. Usage Data may be used by Otava and the relevant information technology and software system vendors for any legally permitted purposes, including, without limitation, helping diagnose and resolve technical and performance issues with Otava’s and such vendor’s systems, improving the Services, validating license keys, monitoring for compliance with Limitations (e.g., amount of RAM on server, number of virtual machines, and the like), and developing metrics and analytic algorithms. Client agrees and understands that Otava uses all data collected in connection with its business and operations for the operation and management of its business including, without limitation, (a) creation of operational statistics; (b) creation and inclusion in financial reporting of aggregate statistics regarding services performed; (c) creation and inclusion in marketing materials of aggregate statistics highlighting the Services; and (d) advancing and improving existing products and services, creating new and enhanced products and services, and development and publication of market and industry intelligence and expertise; all of which and any improvements thereto and whether in tangible or intangible form, will be and remain the intellectual property of Otava and Otava will own all intellectual property rights therein.
4.7. Feedback. Client agrees that submission of any corrections to content or documents, ideas, product or service improvements or modifications, or suggestions (collectively, the “Feedback”) to Otava through its feedback form, meetings, suggestion form, or similar means, is at Client’s own risk and that Otava has no obligations (including, without limitation, obligations of use) with respect to such Feedback. Client hereby grants to Otava a fully paid, irrevocable, royalty-free, perpetual, sub licensable, transferable, worldwide, and nonexclusive right and license to adapt, copy, disclose, display, distribute, modify, perform, reformat, use, create derivative works of, and otherwise exploit any and all Feedback for any legally permitted purposes.
4.8. Restrictions. Otava and its suppliers retain all interest, rights, and title in and to the Portal and Otava Materials (collectively, the “Licensed Materials”) and all rights to the Licensed Materials not expressly granted to Client in the Agreement are reserved. The Third Party Vendors retain all interest, right, and title in and to their respective Third Party Products. Any unauthorized use of the Licensed Materials, the Third Party Products, or any component thereof is a material breach of the Agreement. Client will not: (a) copy or reproduce the Licensed Materials or the Third Party Products in whole or in part, access or use the Licensed Materials in any way other than as expressly permitted in the Agreement, or, if applicable, access or use the Third Party Products in any way other than as expressly permitted in the Agreement or the Third Party EULA; (b) modify, translate, or create derivative works of the Licensed Materials or Third Party Products or any portion thereof; (c) decompile, decrypt, disassemble, reverse engineer, or otherwise attempt to obtain or perceive the source code from which any component of any software made available to Client hereunder (including, without limitation, the Portal and the Third Party Products) is compiled or interpreted, and Client hereby acknowledges that nothing in the Agreement will be construed to grant Client any right to obtain or use such source code; (d) assign (except together with Client’s business if so permitted by the assignment clause in the MSA), distribute, grant a security interest in, lease, loan, rent, sell, share, sublicense, timeshare, use for service bureau purposes, or otherwise transfer (except together with Client’s business if so permitted by the assignment clause in the MSA) the Licensed Materials or Third Party Products; (e) divert, export, re-export, or transfer any part of the Licensed Materials, Services, or Third Party Products to any country, individual, company, or other entity that is embargoed by the U.S., in violation of any U.S. export law or governmental regulation, or otherwise identified on a list of debarred, prohibited, sanctioned, or denied parties; (f) unless expressly authorized by Otava or an applicable Third Party Vendor in writing, authorize or undertake a penetration test, vulnerability scan, social engineering test, or any other similar activity against the Services, Otava, any of Otava’s Third-Party Vendors, or any of Otava’s employees, agents, or subcontractors; (g) interfere with or attempt to interfere with the proper functioning of the Services, Third-Party Products, Otava, any of Otava’s Third-Party Vendors, or any Otava agent, contractor, or subcontractor, including subverting or attempting to subvert embedded security controls, the reporting mechanisms for reporting and monitoring Limitations, or the mechanisms to validate license keys; or (h) authorize, assist, or cause any third party, including any of the Client Personnel, to do any of the foregoing. Client agrees and understands that the restrictions in this Section 4.8 apply to (i) any component of the Licensed Materials that is relevant to the restriction; and (ii) to the Third Party Products to the extent such restriction is relevant, unless expressly permitted by the Third-Party EULA or some other arrangement between Client and the owner of such Third Party Product.
4.9. Audits. Otava may audit Client’s use of the Services and may permit relevant Third Party Vendors to audit Client’s use of the Third Party Products and the related Services in connection with Client’s use of such Third Party Products. Client will and, as applicable, will ensure that the Client Personnel, reasonably cooperate with all such auditing activities, including, without limitation, permitting access to and copying of relevant records. Such audit will be conducted during Client’s regular business hours, will not unreasonably interfere with Client’s business activities, and may be conducted at Client’s offices or electronically. Otava reserves the right to require the installation of auditing software to enable automated billing and consumption verification on the Services or any part thereof.
4.10. Suspension for Security. Otava will have the right, in addition to its other rights or remedies, to suspend Client’s and the Client Personnel’s access to the Licensed Materials, Services, and the Third Party Products, without liability to Client, if (a) Otava determines, in its reasonable discretion, that such suspension is necessary or reasonably appropriate to protect the security or integrity of the Licensed Materials, Services, or the Third Party Products or the security of other Otava clients; or (b) Otava does not receive the Usage Data as required, or Client otherwise interferes with the reporting mechanisms for reporting and monitoring Limitations or the mechanisms to validate license keys for the Third Party Products and other software. Such access may remain suspended until Otava reasonably determines that the threat has passed or that Client has taken the appropriate steps, as reasonably determined by Otava, to remedy the identified threat or interference, as applicable. Further, Otava may, without liability to Client, suspend the access credentials of the Client Personnel who violate the Agreement and may terminate the access credentials of Client Personnel who repeatedly violate the Agreement, provided that Otava will provide Client with prompt written notice (which notice may be provided by email, a service ticket, or by posting in the Portal) if Otava suspends or terminates the access credentials.
Notwithstanding anything to the contrary in the MSA, Otava may amend or modify these Product Terms by providing at least 45 days advance written notice to Client of such amendments or modifications. Notice of any such amendments or modifications to these Product Terms will be provided by email to the Authorized Contact, Otava’s primary business contact for Client, service ticket, mail, or by posting in the Portal. If Client determines, in Client’s reasonable discretion, that the proposed change to these Product Terms materially impacts Client in an adverse manner, Client will provide written notice (which notice to be provided by service ticket through the Portal) to Otava (with attention to Contract Manager) with a brief explanation of the adverse impact within 15 days (“Amendment Objection Notice”). If no Amendment Objection Notice is received from Client within such 15-day period, then changes to these Product Terms will become effective without further action by either Party upon expiration of such 45-day period. Upon Otava’s receipt of an Amendment Objection Notice, the Parties will negotiate, in good faith, an appropriate Product Terms accommodation and will document any agreed upon accommodation in a writing that will be signed by an authorized representative of each Party. If the Parties cannot agree upon a mutually acceptable accommodation within 30 days of Otava’s receipt of the Amendment Objection Notice and Otava does not withdraw the Product Terms amendment or modification as against Client, then a Party may, upon 30 days advance written notice to the other Party, terminate the Otava Security Services component impacted by the amendment or modification and Otava will waive any recurring monthly fees remaining under the then current Addendum Services Term for the terminated Otava Security Services component. For the avoidance of doubt, the modified Product Terms will not go into effect for Client during the notice and discussion periods contemplated in this Section 6. The provisions of 3.5 (Consents and Authorizations, limited to Compliance Support Services), 4.3 (Third Party Products), 4.4 (Otava Proprietary Rights), 4.6 (Usage Data and Operational Information), 4.7 (Feedback), and 6 (General Terms) will survive the termination of these Product Terms until any obligations arising prior to such termination have been satisfied in accordance with the applicable terms.
These Additional Terms for WSUS Reboot Services (“Additional Terms”) supplement and are made part of the Otava Managed Services – Product Terms of Use (“Product Terms”) to which this Exhibit is attached only if the Patches require the VMs to be rebooted pursuant to Section 3.7 of the Product Terms. Capitalized terms used in but not otherwise defined in this Exhibit will have the meaning attributed to such terms in the Product Terms.
2.1. “Excluded Devices” has the meaning set forth in Table 3.1.
2.2. “Included Devices” has the meaning set forth in Table 3.1.
2.3. “Otava Virtual Private Cloud” means the infrastructure-as-a-service infrastructure that is controlled and maintained by Otava, and made available to Client pursuant to one or more Sales Orders. Otava Virtual Private Cloud does not include any equipment, hardware, or software that operates outside of Otava’s premises.
2.4. “WSUS” means the Windows Server Update Services that are managed and operated by Microsoft®.
3.1. Background and Description. Client applies Windows® server security patches (“Patches”) as they are periodically released by Microsoft to those certain virtual machines that Client operates and stores in the Otava Virtual Private Cloud (“VMs”). From time to time, the Patches require the VMs to be rebooted. Otava will reboot the Included Devices, verify that the Included Devices respond to a Ping request, and display the Windows server login prompt (collectively, the “Reboot Services”, which will be deemed “Services” as defined in the Master Agreement). Otava will perform the Reboot Services during the Maintenance Window as defined in Table 3.1.
Table 3.1 – Reboot Services Specifications
| (A) “Maintenance Window”
|
Otava’s standard maintenance window as Otava may periodically communicate to Client via Portal or a service ticket. |
| (B) “Included Devices” | Those VMs that (i) are managed by OTManage; (ii) are listed on the Microsoft WSUS report as VMs that are pending reboot; and (iii) are not Excluded Devices. |
| (C) “Excluded Devices” | Client shall provide Otava the list of servers that must be excluded. |
3.2. Service Requirements and Limitations. Client agrees and understands that:
(a) The Reboot Services are conditioned on Client purchasing the OTManage Services from Otava.
(b) Client will, at its sole cost and expense, provide Otava with access credentials to the Included Devices (“Otava Designated Credentials”), with such access credentials to be unique to Otava and with all necessary rights to permit Otava to perform the Reboot Services. Client will either exempt the Otava Designated Credentials from Client’s password reset policy or otherwise coordinate any such password reset with Otava as required by Otava to permit Otava to timely perform the Reboot Services.
(c) Otava will document which Included Devices were rebooted as part of the Reboot Services in Otava’s support ticketing system and Client will retrieve such information from such support ticketing system as needed by Client.
(d) Client will not disable Ping and will not take any action to inhibit or otherwise compromise Otava’s ability to monitor the Included Devices from PRTG, and Client will promptly remedy any such issues upon discovery.
(e) (i) Otava is not responsible for the quality of and does not independently test the Patches; (ii) Patches and the Reboot Services may, from time to time, interfere with the functions and functionality of applications and other services running or installed on the VMs; and (iii) the scope of the Reboot Services is limited and does not extend to the applications and other services installed or running on the VMs. Accordingly, Client is solely responsible for (1) monitoring for and ensuring that the applications and other services (including, without limitation, any disaster recovery systems and services) on the Included Devices properly restart upon the Reboot Services and that such applications and services continue to function as expected; and (2) creating, maintaining, scheduling, and testing backups and, if needed, rolling back the Patches or otherwise restoring the impacted VMs.
(f) Windows server version must be a version that is supported by Microsoft. Client may purchase such licenses from Otava or from another vendor. Otava will provide Client with such licenses only if a Sales Order expressly includes such licenses as a line item.
(g) Client is responsible for ensuring that the information required in Table 3.1 is current. Any such changes to the information provided in Table 3.1 will be made only upon the express written agreement of both Parties.
(h) The Reboot Services do not include and Otava will be under no obligation to provide Client with (a) any management of or support for Client’s environment or infrastructure, including, without limitation, Client’s on-premise environment and infrastructure; and (b) any management of or support for the VMs themselves, whether such VMs are within the Otava Virtual Private Cloud or on Client’s premises and Client will remain solely responsible for managing such VMs, including ensuring that such VMs are properly deployed and otherwise configured to permit Otava to provide the Reboot Services. Further, Client understands that Client is responsible for providing and maintaining Client’s own information technology infrastructure (including, without limitation, data systems, backup systems, VMs, network connectivity, power, software licenses, and hardware) necessary to use the Reboot Services. Nothing in this Section 3.2(h) will be interpreted to limit the scope of the other Services purchased by Client or Otava’s obligations in connection therewith.
4.1. Licenses and Restrictions. The Patches, the Windows server software, the WSUS, and other Microsoft software is subject to Microsoft licenses. As between the Parties, Client is solely responsible for understanding, reviewing, accepting, and complying with the terms of the relevant Microsoft licenses. Without limiting the generality of the immediately preceding sentence, Client agrees that Client will not (a) exceed the scope of the uses permitted by the applicable Microsoft licenses; (b) decompile, decrypt, disassemble, reverse engineer, or otherwise attempt to obtain or perceive the source code from which any component of the Microsoft software, including the Patches; (c) modify, translate, or create derivative works of the Microsoft software, except as permitted by Microsoft, or otherwise obstruct any copyright, trademark, trade secret, government restricted rights, or other proprietary or confidentiality notices or legends that are placed or embedded in the Microsoft software or the Reboot Services; (d) interfere with or attempt to interfere with the proper functioning of the Microsoft software or the Otava Virtual Private Cloud, including subverting or attempting to subvert embedded security controls; (e) use the Microsoft software in violation of any applicable laws or regulations; or (f) authorize, assist, or cause any third party, including any of Client’s affiliates or Client’s employees’, agents’, contractors’, subcontractors’, or other users to do any of the foregoing. Client agrees and understands that the restrictions in this Section 4.1 apply to any component of the Microsoft software, the Otava Virtual Private Cloud, and the Reboot Services that is relevant to the restriction.
4.2. Client Users. Client acknowledges and agrees that, as between Client and Otava, (a) Client will be responsible for all acts and omissions of Client’s users; and (b) Client will obtain and maintain any required user consents and send any required notices, each as necessary to permit Otava to provide the Reboot Services, including any technical support. Client will cause its users to comply with the applicable provisions of the Master Agreement and the Microsoft licenses. Client agrees and understands that Client, and not Otava, is responsible for managing whether Client’s users are authorized to access or use the Otava Virtual Private Cloud and the Microsoft software and Otava will have no obligations relating thereto.
4.3. Disclaimer. Client understands that Otava did not create or design the Patches or any of the other Microsoft software. Accordingly, Client agrees that Otava will not be liable for any defects, flaws, inefficiencies, malfunctions, or programming errors in any such software. Client agrees and acknowledges that Microsoft may change or amend its guidelines for the Patches or WSUS at any time, and Otava will not be liable for any such changes or any issues arising therefrom or as a result thereof. Further, Client understands that the Reboot Services are dependent on the availability and performance of the WSUS, that the Reboot Services could be adversely impacted during a period in which the Microsoft environment or the components thereof are down or otherwise affected, and that Otava will not be liable for any such occurrence or adverse impact. The Reboot Services may be subject to limitations, delays, and other problems inherent in the use of the Internet and electronic communications and Otava is not responsible for (a) any delays, delivery failures, or other damages resulting from such problems or that result from or are caused by third-party products or from equipment, software, or other infrastructure that is outside the direct control of Otava; or (b) any other interruption or unavailability caused by factors outside of the commercially reasonable control of Otava.
Client understands that Otava may charge Client additional fees for: (a) technical support to the extent the relevant issue was caused by Client, Client’s information technology environment, or Microsoft software (including the Patches); (b) technical support for Client’s information technology environment, including for troubleshooting the functionality of Client’s network connectivity or PRTG monitoring; (c) managed VM recovery; and (d) any other services that Otava provides (including, without limitation, additional bandwidth, services at other Otava data centers, third-party software licenses, and so forth) and that are not expressly identified as a line item in the Sales Order or as a line item in another Addendum in effect between the Parties. Unless otherwise set forth in the Sales Order or another purchase Addendum, (i) all such additional fees will be charged to Client at Otava’s then current rates for the relevant services and in the subscription manner generally charged (e.g., per license, based on consumption, and so forth); and (ii) any technical support services provided by Otava will be provided on a time and materials basis at Otava’s then current technical support rates, provided that Otava will provide Client with written notice prior to undertaking work that will result in any such fees.
Either Party may terminate these Additional terms in accordance with and as permitted by the termination clause set forth in the main body of the Master Agreement. Termination of these Additional Terms will not result in the termination of any other Services (including, without limitation, the OTManage Services), which will remain in effect in accordance with the terms governing such other Services. If the Master Agreement expires or is terminated for any reason, these Additional Terms will also automatically terminate without any further action by either Party. In the event these Additional Terms expires or is terminated for any reason, in addition to each Party’s obligations under other parts of the Master Agreement that may apply, Client will promptly disable the Otava Designated Credentials, except to the extent such Otava Designated Credentials are needed for Otava to perform other Services that remain in effect.
Microsoft® is a trademark of the Microsoft Corporation (“Microsoft”). Otava is not affiliated with or sponsored by Microsoft. Nothing in these Additional Terms grants Client the right to use any of Microsoft’s marks. All other trademarks are the property of their respective owners. The provisions of Sections 1 (General), 4.1 (Licenses and Restrictions), 4.2 (Client Users), 5 (Other Fees), 6 (Termination), and 7 (General Terms) will survive the termination or expiration of the Product Terms until any obligations arising prior to such termination have been satisfied in accordance with the applicable terms.
