Cloud Access MOU
This MOU covers the agreement between the department (department, college, center, organization, etc.), ITPALS, and CCS regarding cloud access for AWS, Microsoft Azure, and GCP. It defines the shared governance, rights, and responsibilities between the groups.
All requests will be submitted through this Service Catalog entry. Provisioning will not occur until approval is granted by the designated approver and CCS. Once the request has been processed, CCS will provide the designated account manager access to the service.
Be aware that the terms of this MOU are subject to change. Notifications of changes will be sent out to account managers and departments.
The responsibilities for all parties are:
- Monitor and manage monthly charges using recommended cost management tools
- Pay all invoices from ITPALS within 30 days of receipt of billing statement
- Determine if you are working with High-Risk data. If so, do the following
- Ensure compliance to https://security.vt.edu/resources/sensitiveinfo.html. Contact the Information Technology Security Office (ITSO) for more information.
- Contact the Privacy and Research Data Protection (PRDP) program to ensure protections if you are working with Health Insurance Portability and Accountability Act (HIPAA) guidelines. Please see KB0011991 for additional information
- Adhere to all Information Technology Policies & Standards in the cloud environment
- Contact the ITSO for suspected breaches or unusual behavior
DEW (data egress waiver) requirements
At universities, research and collaboration are fundamental, and it's important for cloud vendor tools to support this work seamlessly. When it comes to data egress, institutions often face challenges such as the difficulty in predicting costs, especially in areas like high performance computing, machine learning, and Internet of Things (IoT). Cloud vendors want to remove friction with egress. Therefore, they have special offers to waive data egress fees. These special offers require the department to attest to the requirements of the offer to attain the fee waiver. If you CANNOT attest to these requirements, please do not continue with this Service Catalog request. Instead contact CCS directly for clarification of needs.
Always verify DEW requirements FIRST before accepting:
- Azure: https://azure.microsoft.com/en-us/blog/azure-egress-fee-waiver-for-the-academic-community/
- AWS: https://aws.amazon.com/blogs/publicsector/aws-offers-data-egress-discount-to-researchers/
- GCP: https://cloud.google.com/billing/docs/how-to/egress-waiver
Cloud account managers are eligible for waiver of egress charges under this program if they:
- Are faculty or staff working in academic or research institutions.
- Run any research workloads or academic workloads.
- Research or academic workloads
- Hosting departmental websites
- NOT Allowed
- Massive online open courseware (MOOC)
- Live streaming/ Media streaming
- Hosting websites for commercial purposes outside of research & teaching.
- Route at least 80% of egress from cloud vendor through direct peering, through Internet2, or Internet2 connector networks.
- Use an institutional e-mail address for cloud accounts.
- Use approved region (see individual vendor links for details)
- Use qualifying SKUs for discount (see individual vendor links for details)
WARNING: If egress usage exceeds 15% of the total monthly cloud fee, vendor will follow up with the institution. Should the account be found to be in breach of the "Network" or "Workload Types" terms, vendor reserves the right to revoke the discount.
- Provide billing statement to the department billing contact
- Address invoice and contract questions
- Establish service access upon receipt of all required approvals
- Revoke service access when directed for issues such as non-payment, university policy violations, security issues, etc.
- Work with the account manager and the vendor or reseller (as applicable) to provide problem resolution for account access issues
- Inform account managers and departments of MOU changes