Welcome to the Ex Libris Cloud

Introduction

Congratulations! You have joined hundreds of Ex Libris customers enjoying the benefits of using the Ex Libris Cloud. This document presents the technical details you need know in order to get started and join the Ex Libris cloud

Purpose of This Document

This document lists the benefits of using the Ex Libris Cloud services together with general instructions for new customers joining the Ex Libris Cloud.

The Cloud Deployment Model

Ex Libris operates a private cloud offering that is available for the sole use of the Ex Libris customer community. This deployment model differs from a public cloud, which is available to the general public, or a hybrid cloud, which is a combination of two or more clouds.

Private cloud implementation provides Ex Libris with the opportunity to benefit from cloud computing without compromising on the architectural control required to ensure integrity of its customers’ data, systems, and processes.

Security

Ex Libris is committed to providing its customers with a highly secure and reliable environment for hosted and cloud-based applications. Ex Libris has therefore developed a multi-tiered security model that covers all aspects of hosted and cloud-based Ex Libris systems. The security model and controls are based on international protocol and standards and industry best practices (ISO/IEC 27001).

Ex Libris has received ISO 27001:2005 certification. This standard provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS). As part of the company’s focus on security issues, Ex Libris employs a Security Officer and a dedicated Cloud Services Team with responsibility for the following:

• Applying the security model to all system tiers
• Monitoring and analyzing the infrastructure to detect suspicious activities and potential threats
• Issuing periodic security reports to Ex Libris management and customers
• Dynamically updating the security model and addressing new security threats
• Systematically examining the organization’s information security risks, taking into account threats and vulnerabilities
• Designing and implementing a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
• Adopting an overarching management process to ensure that the information security controls continue to meet the organization’s evolving information security needs

Ex Libris is committed to securing the information that the customer community stores in our systems. Each one of the controls that form part of our multi-tiered security model is upheld throughout the organization. The security model is constantly monitored and tested to maintain a high level of security, thus granting Ex Libris users—libraries and their patrons—peace of mind with respect to the privacy, confidentiality, integrity, and availability of their data.

For any security related questions or issues, open a support CRM case or contact the  Ex Libris Chief Infomation Security Officer (CISO) at SecurityOfficer@exlibrisgroup.com.

Services You Will Receive

The application is hosted on hardware owned by Ex Libris at a central secured data center. Ex Libris periodically updates and upgrades the system. The following are some key points:

• Hardware maintenance
• 24 x 7 Hub professional operators
• System Status page
• Monitoring services
• Redundant infrastructure systems – no single point of failure (power, climate control, fire control)
• Redundant infrastructure devices – no single point of failure (routers, , firewalls, load-balancer, switches, storage)
• Robust UPS facilities
• Diesel power generators (independent power plants)
• No fewer than 3 ISPs providing OC3-level bandwidth to the facility with load balancing
• Backups are stored at the data center and are also saved in a separate offsite secured location
• Hardware and operating system upgrades and patches
• Application upgrades, patches and maintenance
• Security framework based on ISO 27001 certification
• Security control and continuous monitoring
• Application availability based on SLA

Processes and Procedures

Ex Libris follows best practices processes and procedures to safeguard your system availability, integrity, and confidentiality. Some points to take note of:

• Root Cause Analysis ( RCA) – Ex Libris performs internal root cause analyses for each service interruption and takes the necessary steps to avoid them in the future. For SaaS environments, Ex Libris publishes RCAs in the Customer Center.
• Change Management – Ex Libris has detailed change management systems including approval cycles for each change in the cloud. Each change must be approved, recorded, and documented. The system avoids change conflicts and manages activities in the system.
• Availability – (Uptime Quarterly Reports) – For SaaS environments, Ex Libris has a quarterly availability report that measures and records system uptime services. This report is published and available for customers in the Customer Center
• Operating Center – Ex Libris has a dedicated 24x7 operation center, All monitoring alerts in the cloud are received and analyzed by a professional operator. For more information, see the 24X7 Hub contact details.
• On-Call rotations Engineers – Ex Libris has 24x7 on call expert infrastructure engineers such as, Security, Network, DBA, Storage, System, and dedicated On Call professional
  Application Developers that are notified by the operating center in the event of a service interruption.

Ex Libris Monitoring System

Monitoring cloud operation is at the heart of guaranteeing a high level of service. Ex Libris monitoring is built on a multi-layered concept.

Monitoring multi-layered conceptual architecture systems include multi-systems that monitor the services inside and outside the Data Center to validate that services are running with the best performance indicators.

Ex Libris Backup System

Ex Libris has adopted a rigid backup procedure to safeguard the customers' data. On a regular basis, Ex Libris performs system backups using best practice industry standards and centralized backup systems, including backups of the infrastructure network, operating systems, application files, database files, and storage files. This includes several backup snapshots a day of all the data. All backup files are subject to the privacy controls in use at Ex Libris. Ex Libris has a 10 week retention policy. The restore procedures are tested on an ongoing monthly basis to ensure rapid restoration in case of data loss. In addition, a full copy of the data is maintained at a remote secured site, thus making sure that we always hold a full copy of the data for recovery purposes.

Ex Libris Data Center Network Diagram

Ex Libris System Status Page

The Ex Libris System Status page displays the latest information on the availability of all multitenant Ex Libris instances. You can check this page at any time to see current status information or subscribe to be notified via email of interruptions to any individual service. If you are experiencing a real-time operational issue that is not indicated on this page, inform Ex Libris by opening a customer support request.

The system status page holds instances for hosted customers on SaaS environments. This site displays live data along with historical data for the previous five days. Customers with singletenant hosted environments can continue to view the status of their services via email notifications or, in case of cross-affecting issues, on the   Status page located on the Customer Center

Software Updates and Releases for SaaS

Ex Libris Cloud Teams manage and maintain software updates in the cloud applications.

• Alma and Leganto – Release updates are installed on a monthly basis during a maintenance window and release notes are published to customers.
• Primo – Service packs are released on a quarterly basis and installed during a maintenance window, first on a sandbox environment and then on a production environment.
• SFX – KB updates are installed on a weekly basis; revision updates are installed on a monthly basis.

Documentation and References

• Product Features – For additional information regarding product features, refer to thedocumentation for the product in the Documentation Center for the most up to date version.
• Security and Privacy – For additional information regarding security and privacy, refer to the Cloud Security and Privacy statement. For security announcements, refer to the news in the Customer Center.
• Issues or Questions – For any issues or questions regarding cloud services, security or any other issues, use Salesforce to create cases and receive updates regarding their handling by Ex Libris staff.

Customer Responsibilities

In order to make sure you benefit from Ex Libris cloud services, there is also a need to make sure that your local environment is setup correctly to allow for a smooth start with our cloud based solutions:

• Maintain the connectivity (with acceptable bandwidth) of the workstations and end users to the internet, including network connectivity to the programs and connectivity between the programs and your local applications.
• Work according to the Customer Appropriate Usage Statement (Appendix 1: Customer Appropriate Usage Statement)
• Create and maintain firewall settings and open required ports that permit access to the programs.
• In some cases (such as after a MetaLib KB update), technical involvement from the customer may be required. 
• In the event of a service interruption, open a system down support CRM case, or contact the Ex Libris 24x7 Hub. For any other issues, open a support CRM case. For more information, see the Salesforce CRM Customer Portal Documentation.

Appendix 1: Customer Appropriate Usage Statement