Statement of Work:

Azure Cloud Foundation Framework Workshop &

Implementation Services

Company:
El Rancho Unified School District

SOW Date:
2/4/2020
SOW Number:
QUO-01583-X4Z4M3
Prepared By:
Lightstream Managed Services

Lightstream Managed Services, LLC

www.lightstream.tech Lightstream Confidential and Proprietary
Cloud Foundation Framework Workshop
 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

1. Introduction
This Statement of Work (“SOW”) sets forth the scope of work and conditions applicable to the Professional Services to
be provided to El Rancho Unified School District (“Customer”) by Lightstream Managed Services, LLC (“Lightstream”)
with an effective date of 2/4/2020 (the “Effective Date”).
The terms of this SOW include the Lightstream Master Service Agreement (previously signed, or signed in conjunction
herewith, by Customer) (the “MSA”). The MSA and any attachments thereto, are incorporated herein by this reference
and made a part hereof. In the event of any conflict between this SOW and the MSA, this SOW shall govern, but only
to the extent of a direct conflict.

2. Scope of Work, Personnel and Customer Responsibilities

2.1. Scope of Work Overview
The purpose of this statement of work is for Lightstream to provide Azure Cloud Engineering resources to provide
direction around a foundationally sound infrastructure implementation to support application deployment in
Azure. This includes advisement around best practices foundational configuration and an estimated run rate. It
also includes a guided foundation build and Azure Site Recovery (ASR) implementation. The engagement will be
done in two phases to take advantage of both funding buckets available from Microsoft to assist with the cost of
the engagement.

This SOW encompasses the following tasks and services as described below, which collectively shall henceforth be
defined as the “Scope of Work” or “Service”:

2.1.1. Scope Particulars

2.1.1.1. Phase 1 – Assessment, Education, Design and Cost Analysis
Kick-Off - Conduct a kick-off meeting with Customer’s executive sponsor that identifies and collects the
following:
• Project Stakeholders
• Timeline & Agenda Review
• Schedule design and advisement sessions

General Discovery – Perform a deep discovery that collects data around the following:
• Business & Culture
o Organization broad business goals and overall vision
o Existing business model, products and services
o Challenges, disruptors, significant deadlines and overall requirements
o Technology and innovation initiatives tied to business goals
o User experience journeys and performance indicators tied to user experience
o Overall digital capabilities and internal expertise
• Technology
o Physical Locations and Network Interconnectivity
o Infrastructure Components (Compute/Storage/Bare Metal, etc.)
o Data Services, Management & Analytics
o Security Landscape
o Business Continuity and Disaster Recovery

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 2 of 9

 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

o Application Portfolio, Development Platforms and Tools

o Operations Tools and Management
• Process
o Workflows and overall governance
o DevOps Maturity
o Project Management Methodology

Existing Azure Landscape Review and Best Practices Foundation Implementation Advisement –
Perform a complete review of existing Azure landscape, provide suggested improvements based on best
practices and provide knowledge transfer on Foundational Azure services.
• Core cloud configurations, standards and governance
o Review cloud platform governance services, their use and configuration best practices.
o Perform account planning and overall billing structure review.
o Provide advisement around a subscription creation strategy to support dev, test and operational
environments.
o Provide advisement on tagging & billing strategy.
o Provide advisement on resource group approach.
o Provide advisement on naming standards that are in line with current enterprise requirements.
o Provide advisement on governance framework utilizing Management Groups, Azure Policies and
Resource Locks and implement best practice privileged account access approach.
o Review cost containment best practices to develop strategy and identify cost containment tools.
• IAM
o Review identity and access management requirements and discuss overall integration approach.
o Examine possible approaches to achieve advanced services such as SSO and MFA.
o Identify any third-party tool integration requirements and provide integration guidance.
o Perform review of roles, groups, accounts and security policies required to support role-based
access control requirements and advise on implementation.
• Network and Interconnectivity
o Review cloud platform network and interconnectivity services, their use and configuration best
practices.
o Identify regions, network segmentation, traffic flow management and routing requirements.
o Identify the need for any network appliances and where they are integrated into design.
o Determine if there is a need for any common network services such as CDN, load balancing,
application gateways or web application firewall appliances and provide implementation
advisement.
o Determine interconnectivity technologies and provide guidance around best practices.
• Security
o Review cloud platform native security services, their use and configuration best practices.
o Determine compliance requirements and security services required.
o Identify and advise on third-party security services required to meet security requirements.
o Provide guidance around logging, auditing and alerting strategy.
• Operational Readiness
o Review operational best practices, capabilities and approaches to integrate the Azure
environment into current operational processes.
o Provide advisement on operational best practices regarding alerts and monitoring.
o Provide background on automated response and provisioning, operational analytics and
machine learning capabilities available within Azure.

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 3 of 9

 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

Design Whiteboarding – Perform interactive session with Customer to whiteboard possible design
improvements.
• Using the information obtained from the Discovery session, work through possible best practices
improvements and designs.
• Discuss industry trends, other customer implementations and Lightstream experiences around cloud
designs and implementations.
• Review existing application and infrastructure landscape and discuss possible improvements around
resiliency and scalability.

Cost Analysis – Using the information collected during the discovery and design session, provide a rough
estimated run rate for the Azure landscape.

2.1.1.2 Phase 2 – Guided Foundation Build and Advisement Services

Guided Foundation Build – Provide a customized, focused knowledge transfer session which includes
Azure service overview, best practices & design patterns while building the landing pad for future Azure
application workloads. The guided foundation build includes the following tasks:
• Core Azure configurations, standards and governance
o Planning of account, subscription and overall billing structure.
o Develop a tagging & billing strategy.
o Develop naming standards that are in line with current enterprise requirements.
o Create governance guard rails that identify what teams have access to which services, who can
build what services and where.
o Review cost containment best practices, develop ongoing strategy, identify cost containment
tool.
o Develop resource group strategy.
o Configure Office 365 to send logs to Azure Sentinel
• Network and Interconnectivity
o Determine interconnectivity methods and develop high level design including resource groups,
VNETS, subnets, virtual machines and traffic flows.
o Configure VPN between existing datacenter and Azure.
o Identify regions, network segmentation, traffic flow management and routing requirements.
o Identify the need for any network devices are where they are integrated into design.
o Determine if there is a need for any common network services such as CDN, load balancing,
application gateways, etc.
o Build two (2) virtual networks and subnets per design.
o Create user defined routing to support secure subnet communication.
o Perform testing to validate basic communication.
• IAM
o Ensure Azure AD tied to core subscription(s) is configured, replicated and integrated properly.
o Review Azure AD configuration for any advanced services such as SSO and MFA.
o Perform configuration changes to support overall IAM implementation strategy.
o Identify any third-party tool integration requirements and provide integration guidance.
o Create up to six (6) groups for associated accounts in Azure AD to support role-based access
control to the landscape.

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 4 of 9

 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

o Aid with AD Connect setup for active directory user and group replication, if required.
• Security
o Review Azure native security services, their use and configuration best practices.
o Determine compliance requirements and determine security services required.
o Identify any third-party security services required to meet security design requirements.
o Create one (1) virtual network gateway (VNG) and up to two (2) VPN tunnels to support
connectivity.
o Create up to five (5) network security groups (NSGs) and one (1) user defined route table (UDR)
to support subnet isolation and secure traffic transmission.
• Operational Readiness
o Review operational best practices, capabilities and approaches to ensure the Azure
environment can be integrated into current operational processes.
o Determine log collection and proactive monitoring approaches.
o Identify any third-party tool integrations and advise on implementation approach.
o Provide background on automated response and provisioning, operational analytics and
machine learning capabilities for possible future enhancements.

Disaster Recovery and Backup Strategy – Review existing Disaster Recovery and backup landscape and processes
to provide best practices and capabilities for Azure hybrid cloud landscapes.
• Provide deep knowledge transfer around Azure disaster recovery and backup services, their
configurations and optimal usage techniques.
• Review Quantum storage usage and recovery practices to determine most effective backup
landscape components.
• Discuss backup policies, retention and archival processes for optimal cloud usage and configure
Veeam accordingly.
• Review current disaster recovery approach, processes, technology tools and physical landscape.
• Discuss data replication and availability approaches to support backup and disaster recovery
operations.
• Advise on possible approaches to achieving application and infrastructure resiliency that meets
overall RTO and RPO targets.
• Assist with setting up Azure Site Recovery (ASR) for on-premise VMWare or Hyper-V to Azure
protection for one (1) application workload. This includes the following:
o Guide Customer on prepping VMWare or Hyper-V infrastructure
o Creation of one (1) Azure Recovery Vault
o Assist Customer with one (1) Configuration Server using VMWare OVA if necessary
o Register the Configuration Server with the Recovery Vault
o Troubleshoot connectivity issues
o Create one (1) Replication Policy
o Enable Replication
o Run Disaster Recovery drill.

3. Responsibility of Parties

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 5 of 9

 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

3.1. Personnel
Each party will assign a primary contact for the SOW (“Primary Contact”), who will be empowered to allocate resources,
act as a liaison for such party’s staff, articulate priorities, escalate issues internally and make decisions for such party in
a timely fashion. The Primary Contacts will attend regularly scheduled status meetings to discuss progress and any other
issues that arise during the term of the SOW.

3.2. Customer Responsibilities

The following conditions must be met throughout the activities outlined in this SOW:
• Customer will specifically identify and provide Lightstream with access to all relevant Customer-controlled
information, resources and locations required to complete the Scope of Work set forth above.
• Customer will provide Lightstream contact information (name, work & cell phone) for all Customer team
members with whom Lightstream will interface.
• Customer is responsible for removal of unnecessary traffic flows that are originated from out of scope devices.
• Lightstream is not responsible for the hardware, software licenses, and vendor maintenance support for any
Customer devices
• While performing the Services, if Lightstream encounters (i) any concealed or unknown condition, (ii) a
Customer responsibility contained in this SOW is not met, or (iii) a delay caused by Customer, then the scope,
schedule and/or fees for this SOW may be equitably adjusted as necessary via execution of a Change Order.
If the parties cannot agree to the Change Order, Lightstream shall not be obligated to deliver the affected
Services.

3.3. Assumptions
In preparing this SOW, Lightstream made certain assumptions for items not expressly discussed with Customer.
Changes to these assumptions may affect scope and cost.
• Lightstream will not be responsible for any project delays or costs caused by failure to deliver or by tardy
provision of information, systems, or feedback from Customer or third-party vendors.
• Customer will provide Lightstream office space and provisioning, including phone and Internet connection
(LAN or phone line), and access to building areas needed to complete project when on site.
• Lightstream will assign all staff resources as to best-fit total requirements and no individual employee is being
specifically promised or quoted for this project.
• Any development tasks will be performed in a development environment. Lightstream will not be responsible
for production-impacting events when development tasks are performed in non-development environments.

4. Pricing and Payment

4.1. Project Costs – Fixed Fee
Client will pay Lightstream a fixed fee according to the schedule immediately below (the "Fees") for completing the
Deliverables. The Fees include professional services only (e.g., systems architecture, project management and
engineering resources) and do not include any costs for hardware or software, if required. The Fees are based on the
terms of this Agreement and the scope of the Deliverables being provided under this Agreement. Any change to the
terms of this Agreement, the Project or the scope of the Deliverables, whether by the failure to meet a responsibility, a
Change Order or otherwise, may result in a modification of the Fees.

The rate listed below is for work performed during normal working hours of 8:00 am to 5:00 pm, Local Time for
Resource, Monday through Friday. The rate for work performed outside of normal working hours is charged at a 25%
Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 6 of 9
 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

higher rate than listed, unless such time is related to maintenance windows, as scheduled and agreed-upon between
Customer and Lightstream, performed outside of normal working hours.

Pricing Table

Description Total

Existing Landscape Review $1,250

Discovery, Design & Cost Analysis $7,000

Guided Foundation Build $7,000

Project Management $1,750

Travel $1,500
SOW Subtotal $18,500
Microsoft Funding Offset** ($16,500)
Phase One Total $2000

**Lightstream will request funds from Microsoft to support the cost of this phase of the engagement either partially or
entirely. Customer agrees to pay for any Service Fees incurred in excess of funding received from Microsoft. Customer
agrees to assist Lightstream in providing Microsoft with information necessary to process payment to Lightstream for
performing Services herein.

For Phase 1, Lightstream will request Azure Adoption funding. This funding will be used to offset Phase 1 activities only.
After Phase 1 SOW tasks are compete, Lightstream will work with the Customer to close the Azure Everywhere funding
out with Microsoft. This will require the completion of a Proof of Execution (POE) process between Microsoft and the
Customer directly.

For Phase 2, Lightstream will request Azure Everywhere funding. This funding will be used to offset Phase 2 activities
only. This will also require the completion of the Proof of Execution (POE) process between Microsoft and Customer
directly.

Pricing Table

Description Total

Discovery Validation $1,000

Disaster Recovery & Backup Strategy / ASR Setup and Test $4,500

Project Management $500

Travel $1,500

SOW Subtotal $7,500

Microsoft Funding Offset** ($7,500)

Phase Two Total $0

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 7 of 9

 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

4.2. Expenses and Travel

Included in the services fees defined above are estimated out-of-pocket expenses incurred in providing the Services to
Customer.

5. Controls
5.1. Project Management
Lightstream will be responsible for day to day direction of the Lightstream resource assigned to this project for the
duration. The Lightstream Primary Contact will maintain a project schedule for this SOW. Primary Contacts from
Lightstream and Customer will make reasonable efforts to meet or speak regularly to review the progress of this SOW
and adherence to schedule. Prior to the performance of this SOW, each party will designate the appropriate personnel
to be assigned to review status reports periodically.

5.2. Change Control

Customer may, at any time, request changes to this SOW by submitting a written change request which identifies in
reasonable detail each of the following:
• Summary of the requested change;
• Why the change is needed; and
• When the change is needed
Proposed changes to this SOW may impact the project schedule, or scope. Lightstream will evaluate Customer’s change
request, considering the feasibility of the change and impact on other project components. Lightstream will prepare a
Change Order documenting the revisions to the SOW. Changes to the SOW become effective when the Change Order is
accepted in writing by Customer and Lightstream. In the event of any conflicts or inconsistency, the terms of an executed
Change Order prevail over those of this SOW.

6. Terms & Conditions

Prior to commencement of any work under this SOW, Customer agrees to record Lightstream as the Digital Partner of
Record (“DPOR”) to each of the Customer’s Microsoft Azure subscriptions. Customer further agrees that if Lightstream
completes the Services herein, Customer will list Lightstream as DPOR on all the Customer’s Azure subscription for a
minimum of one (1) year from the Effective Date of this SOW. Customer will use Lightstream’s Microsoft Partner ID of
4414968 when recording Lightstream as the DPOR. Customer shall pay any invoice within thirty (30) days of the invoice
date.
The SOW may be terminated by either party upon 60 days’ written notice; provided, however, that in the event of
termination of this SOW or any portion thereof prior to completion of any amount of work, all up-front or other costs
or fees which had been incurred, up to the termination date, shall become immediately due and owing. Customer shall
remit payment for such amounts within thirty (30) days of such termination. In addition, this SOW may be terminated
pursuant to the MSA.
Unless otherwise agreed to by Lightstream, this SOW shall expire thirty (30) days from the date on the cover page and
is subject to Lightstream’s credit approval of Customer. In addition, until Lightstream’s authorized agent countersigns
this SOW, this SOW is a quote only and is not binding upon Lightstream. Before Lightstream signs this SOW, it may
withdraw the offer of Services herein for any reason in Lightstream’s sole and absolute direction. Unless otherwise
agreed to by Lightstream, this SOW shall expire thirty (30) days from the Effective Date and is subject to Lightstream’s
credit approval of Customer. In addition, until Lightstream’s authorized agent countersigns this SOW, this SOW is a

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 8 of 9

 Customer: El Rancho Unified School District
Proposal #: QUO-01583-X4Z4M3

quote only and is not binding upon Lightstream. Before Lightstream signs this SOW, it may withdraw the offer of
Services herein for any reason in Lightstream’s sole and absolute direction. If work has not started within 45 days
following the execution of this SOW, the SOW is subject to review and may change.

7. Signatures
Lightstream and Customer agree to this SOW and Customer hereby authorizes commencement of the Services.

Accepted for: Accepted for:

El Rancho Unified School District

El Rancho Unified School District Lightstream Managed Services, LLC

Signature Signature

Frances Esparza, Ed.D.

Name Name

Superintendent
Title Title

Date Date

Lightstream Confidential and Proprietary -– www.lightstream.tech Page | 9 of 9