General
 

Q: Why should I use the Internet2/TD SYNNEX Public Sector contract to access AWS?

A group of Internet2 Member universities have worked extensively to create an Internet2 NET+ AWS offering in partnership with TD SYNNEX Public Sector available to Internet2 members and other qualified organizations. This program and its associated Enterprise Customer Agreement have been crafted to meet the unique requirements of the Research and Education community. By leveraging the consolidated purchasing power of the Internet2 community as a whole, TD SYNNEX Public Sector offers subscribers discounted pricing off of AWS list price. Additionally, with NET+ AWS through TD SYNNEX Public Sector, members will receive additional services and support not generally available through individual direct agreements, such as:

  • Liability Cap
  • Data Egress Fee Waiver
  • Service Warranty
  • State Governing Law
  • Sovereign Immunity with respect to indemnification
  • FERPA Compliance
  • Security Representations
  • Local Venue
  • Enhanced Helpdesk and Support (ITAR Compliant)

Q: What AWS services can I access through my TD SYNNEX Public Sector account?

All AWS Services EXCEPT:

  • AWS Mechanical Turk
  • Billing Tools
  • Cost Explorer
  • Budgets
  • Reports
  • Cost Allocation Tags

Q: What AWS services are discounted? What is the discount?

All AWS services are eligible for community-scaled discounting. This discounting begins at 3% and 
scales to 5% as com- munity use of AWS grows. All services are eligible for this discount except:

  • AWS Marketplace purchases (NET+ offerings may be available for select services)
  • AWS Offerings in Beta

Q: What are my obligations under the Internet2 AWS account?

  • Each user is obligated to abide by the terms and conditions of the TD SYNNEX Public 
  • Sector/Internet2 NET+ Enterprise Customer Agreement for AWS
  • Each user must abide by the AWS Internet2 Terms of Use policy

Q: What is the TD SYNNEX Public Sector portal and how do I access it?

  • The TD SYNNEX Public Sector portal is a customer portal created for subscribers to permit authorized users to provision AWS accounts and request information leveraging the InCommon Federation and a subscriber’s existing identify infrastructure for single sign-on (SSO) and role authorization via attributes. TD SYNNEX Public Sector will continue to augment the functionality of the portal as additional requirements and capabilities are developed.
  • Access to the portal for AWS is located at https://i2portal.dlt.com/hc/en-us
  • Additional information on configuring the portal can be found here: https://spaces.at.internet2.edu/pages/viewpage.action?pageId=110333495

TD SYNNEX Public Sector Account Set Up
 

Q: Who at my institution can link existing or create new AWS accounts with TD SYNNEX Public Sector?

It is anticipated that each institution will designate one, or a very limited number of, Service Owners to manage who within the institution is authorized to access AWS through the agreement. Upon execution of the TD SYNNEX Public Sector NET+ AWS Enterprise Customer Agreement, TD SYNNEX Public Sector will work with each institution to set up the authorization policy for that institution.

Q: When I link my existing account, when do my AWS account charges begin with TD SYNNEX Public Sector?

Immediately upon linking your account to TD SYNNEX Public Sector Solutions Master Account, all charges from that point forward will be on your TD SYNNEX Public Sector account. All charges prior to that will remain on your previous method of payment and need to be paid by that method.

Q: How do I contact TD SYNNEX Public Sector to discuss my new AWS account?

You can contact your TD SYNNEX Public Sector cloud team by email: Internet2NetPlus@dlt.com, toll free phone: 1-855-cloud01, or through the TD SYNNEX Public Sector portal here: https://i2portal.dlt.com/hc/en-us.

Q: How long does it take for me to set up a new AWS account with TD SYNNEX Public Sector?

Once you provide TD SYNNEX Public Sector with a valid purchase order and required account setup information we will initiate the set up procedure. Within 5 business days will provide you with the access to your AWS account and is typically much quicker.

  • Linking existing accounts that are currently direct with AWS is a simple procedure and can be completed in 2 business days once the account owner provides the required information to TD SYNNEX Public Sector. The Terms and Conditions associated with the direct account will be replaced with the Terms incorporated into the TD SYNNEX Public Sector Internet2 NET+ Enterprise Customer Agreement.
  • Linking existing accounts that are currently through another AWS partner other than TD SYNNEX Public Sector can be more complicated. AWS has initiated a partner to partner account transfer process that TD SYNNEX Public Sector will coordinate with the customer and AWS. The AWS process document states that this can take up to 5 days in many cases, however this process can take longer dependent upon the previous AWS partner and/or outstanding invoices with said partner. The turnaround time in such situations will vary and is determined on a case-by-case basis.

AWS Consolidated Billing through TD SYNNEX Public Sector
 

Q: How am I billed for my AWS account through TD SYNNEX Public Sector?

TD SYNNEX Public Sector will bill you monthly in arrears for the actual services you utilize in your AWS account. This bill will provide you with detailed utilization data for each service you have utilized and the associated cost for each.

Q: What will my bill look like from TD SYNNEX Public Sector?

TD SYNNEX Public Sector will provide monthly detailed billing. Each bill will detail services utilized and pricing per line items as well as total spend information. A copy of what a TD SYNNEX Public Sector detailed AWS bill looks like can be viewed here:

Q: Can I access my utilization information on the AWS console if my account is through TD SYNNEX Public Sector?

Yes. The billing amounts you see in the AWS console are not true MSRP. Because your account is under consolidated billing, the numbers you see in the AWS console are TD SYNNEX Public Sector’s 'blended' data. In addition, TD SYNNEX Public Sector is taking advantage of RI Arbitrage, which makes the totals in the AWS console look artificially lower at a linked account level, especially if the account is using a large quantity of on-demand instances. The billing management tool, CloudCheckr, shows you your true price as well as allow you the ability to run reports on your data, and we strongly encourage you to use this for auditing as it is what we use for billing as well.

Q: When does billing of my Amazon account begin and end?

Your TD SYNNEX Public Sector AWS account billing will begin the instant that you begin using services in your new account or link your existing account to the TD SYNNEX Public Sector master account. Your billing will continue as long as you continue to use AWS services and maintain an active AWS account.

Q: If I have questions about my bill from TD SYNNEX Public Sector, how do I get information?

Please reach out to Internet2NetPlus@dlt.com for assistance with billing information.

Q: Can I have multiple accounts bill against a single PO and on a single invoice?

Yes. Your designated University Service Owner(s) will need to provide a list of all accounts that are charged against the PO. The invoice will list each account separately to allow for proper charge backs.

Q: Can I add an account to my PO at any point during the year?

Yes. Your designated University Service Owner(s) will need to confirm that the account can be invoiced against the existing PO. Once that is done, TD SYNNEX Public Sector will work with you to either create a new account or move an existing account.

Support
 

Q: What level of support does TD SYNNEX Public Sector provide for my AWS account? TD SYNNEX Public Sector offers Partner Led Business Support Package to all of our Internet2 customers.

TD SYNNEX Public Sector offers Partner Led Business Support Package to all of our Internet2 customers.

Q: Do I have to have TD SYNNEX Public Sector support for my AWS account?

Under this agreement support can be waived. While the AWS platform greatly simplifies IT infrastructure management, it is a new way of doing things and therefore we highly recommend that the TD SYNNEX Public Sector Standard Support Package (AWS business level plus TD SYNNEX Public Sector added services) be utilized.

Q: Do I still have access to AWS support if my account is through TD SYNNEX Public Sector?

TD SYNNEX Public Sector provides 24x7x365 US person/US Soil, Tier 1 & 2, support desk for all of our AWS accounts. Should escalation to Tier 3 support be required, TD SYNNEX Public Sector has direct access to senior AWS helpdesk architects and will facilitate communications to the AWS senior support staff.

Q: When can I access support for my account?

Support is available through our TD SYNNEX Public Sector support center 24x7x365. The TD SYNNEX Public Sector support center can be reached at 888-DLTSOLVED (358-7658) or https://opscenter.dlt.com/hc/en-us.

Q: Can I get AWS training for my staff?

Yes, there are several ways by which you can receive training for AWS through DLT Solutions. Please contact your TD SYNNEX Public Sector representative at Internet2NetPlus@dlt.com.

Q: What type of issues are supported?

Your TD SYNNEX Public Sector AWS Support covers development and production issues for AWS products and services, along with other key stack components.

  • "How to" questions about AWS service and features
  • Best practices to help you successfully integrate, deploy, and manage applications in the cloud
  • Troubleshooting API and AWS SDK issues
  • Troubleshooting operational or systemic problems with AWS resources
  • Issues with our Management console or other AWS tools
  • Problems detected by Health Checks
  • Several 3rd Party Applications such as OS, web servers, email, databases, and storage configuration

AWS Support does not include:

  • Code development
  • Debugging custom software
  • Performing system administration tasks

Q: How quickly will you fix my issue?

That depends on your issue. The problems that application or service developers encounter vary widely, making it difficult to predict issue resolution times. We can say, however, that we will work closely with you to resolve your issue as quickly as possible.

Q: How will I be charged and billed for my use of AWS Support?

TD SYNNEX Public Sector Standard support will be billed as a percentage of your total monthly AWS spend. End of the month bills, being dated on the first of the following month, will thus reflect the current month’s usage-based charges per the NET+ Enterprise Customer Agreement. Reserved resource customers (EC2 and RDS Reserved Instances and ElastiCache Reserved Cache Nodes) should expect their prepaid amounts to be included in the usage-based component during the month they are purchased.

Q: Can I cancel my TD SYNNEX Public Sector AWS Support subscription?

Under this agreement support can be waived.

Q: How long is case history retained?

Case history information is available for 36 months after creation.

Security
 

Q: What type of security do I get for my AWS environment?

With the AWS cloud, not only are infrastructure headaches removed, but so are many of the security issues that come with them. AWS’s world-class, highly secure data centers utilize state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis. Environmental systems are designed to minimize the impact of disruptions to operations. Multiple geographic regions and Availability Zones allow you to remain resilient in the face of most failure modes, including natural disasters or system failures.

The AWS virtual infrastructure has been designed to provide optimum availability while ensuring complete customer privacy and segregation. For a complete list of all the security measures built into the core AWS cloud infrastructure, platforms, and services, please read our Overview of Security Processes whitepaper.

Q: How do I verify the security of AWS offerings?

We know that it’s important for you to understand the protection measures that are used to guard the AWS cloud infrastructure. Since you can’t physically touch the servers or walk through the data centers, how can you be sure that the right security controls are in place?

The answer lies in the third-party certifications and evaluations that AWS has undergone. AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). We undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2-5 for DoD systems in GovCloud.

Each certification means that an auditor has verified that specific security controls are in place and operating as intended. You can view the applicable compliance reports by contacting your TD SYNNEX Public Sector AWS account representative. For more information about the security regulations and standards with which AWS complies, see the AWS Compliance webpage or the AWS Risk and Compliance whitepaper.

Q: Where can I find more information about security on AWS?

TD SYNNEX Public Sector is here to assist you in understanding the security of your AWS implementation and can be contacted at Internet2NetPlus@dlt.com.

AWS provides extensive documentation of security related topics accessible at: www.aws.amazon.com/security/.

Q: Can I see the security controls that AWS has in place?

Yes. AWS will provide customers access to the security documentation for its infrastructure. This information will be provided under NDA through TD SYNNEX Public Sector. Please contact your TD SYNNEX Public Sector representative at Internet2NetPlus@dlt.com to assist you with the process.

Q: Does the TD SYNNEX Public Sector agree to comply with FERPA and its implementing regulations?

Yes. TD SYNNEX Public Sector agrees to comply with FERPA and accepts the designation of a "school official."

Q: Will TD SYNNEX Public Sector sign my Business Associate Agreement (BAA) for HIPAA accounts?

Yes. In order to be eligible for this unique program, TD SYNNEX Public Sector offers its own BAA for AWS for all eligible customer accounts. Many BAA’s are designed for managed services and software implementations. AWS represents a different paradigm, Infrastructure as a Service (IaaS), which operates under a shared responsibility model. Essentially, you may command the functionality of scalable data centers that are only available remotely. You are responsible for what you control (hint: AWS is a very powerful tool and gives you a lot of control). TD SYNNEX Public Sector takes responsibility for what TD SYNNEX Public Sector controls and you take responsibility for what you control. Rights and responsibilities in the TD SYNNEX Public Sector BAA for AWS reflect this.

Data Egress
 

Q: What is the TD SYNNEX Public Sector Data Egress Waiver Program?

The TD SYNNEX Public Sector Data Egress Waiver Program is a custom offering only available to TD SYNNEX Public Sector NET+ AWS user accounts for qualified workloads. The full data egress waiver details can be found in the Enterprise Customer Agreement available by request from Internet2NetPlus@dlt.com.

Q: Why Is the TD SYNNEX Public Sector Data Egress Waiver Program being offered?

The AWS low cost and pay-as-you-go pricing model ensures that costs are closely aligned to usage, minimizing total cost of infrastructure for our customers. However, we learned from the scientific research community and academic researchers at universities that it’s challenging for them at times to estimate variable expenses related to data transfer out charges on grant-funded projects. Therefore, in the true spirit of being customer obsessed and innovating on behalf of our customers, TD SYNNEX Public Sector is offering this program to NET+ AWS subscribers.

Q: What are the Data Transfer Out charges related to?

Data transfer out consists of all data transferred from EC2, S3, and database services to outside AWS. On AWS pricing pages, this is referred to as 'To Internet' data transfer. Data Transfer Out does not cover data transfer within AWS services (e.g., data transfer from one region to another).

Q: What is the criteria for being able to leverage the benefits of this program?

The program is available to institutions and individual researchers who want to offer to the research and scientific community. The primary requirements include the ability for customers to route data over the Internet2 Network to AWS and excludes data streaming services (i.e., excludes video hosting services, or Massively Open Online Courses, MOOCs).

Q: I am a researcher affiliated with an Internet2 institution, but I am not physically located at the institution. Am I still eligible for this program?

Yes, as long as the amount and routing of data on approved network conditions under the Terms and Conditions of the program can be met.

Q: Would the special Terms and Conditions related to amount of discount and routing of data apply at individual Account ID level or at an aggregate level?

The data egress offering is applied at the individual AWS account level and each account owner must stipulate that the utilization of their AWS account meets the guidelines of the program.

Q: If an individual researcher’s account is in violation of the program’s Terms and Conditions, would other accounts within that institution be impacted in anyway?

Although it is not anticipated or desired, TD SYNNEX Public Sector does reserve the right to terminate the agreement at any time for actions that are in violation of the Terms of the agreement. The Enterprise Customer Agreement provides a resolution framework for these rare cases.

Q: My institution is a member of Internet2. Who do I contact to participate in this program?

Please reach out to TD SYNNEX Public Sector at Internet2NetPlus@dlt.com for further details on the program or visit https://www.internet2.edu/aws.

Q: I am a researcher who has received AWS Research Grant credits. Do I derive any benefits from this program?

Yes. TD SYNNEX Public Sector has developed a program with AWS to assign research credits to the proper AWS account. The account will then fall back to an alternate payment method such as a PO or campus purchasing card when all credits have been used or expired.

Q: I am a researcher writing a multi-year grant proposal. How does this program help me estimate costs for my projects that extend beyond 12 months?

TD SYNNEX Public Sector can help PIs design a solution that meets the needs of a multi-year grant. The NET+ AWS program helps to create predictable costs and can work to budget usage month over month.

TD SYNNEX Public Sector Account Set Up
 

Q: How do I request our AWS Organization and/or a sandbox Organization?

Data Egress
 

Q: How do I confirm I have AWS's Data Egress Fee Waiver (DEFW) set up for all eligible accounts?

Customers can reach out to Internet2NetPlus@dlt.com to confirm if their accounts are set up under DEFW.

Q: Where are DEFW credits reflected in my bill?

DLT Process For AWS Customer Credits

Support
 

Q: What support options are available to Customers?

  • Basic Support — Customers can get billing support and service limit increases. These requests would still go through DLT. Technical support is not available if you do have a support plan attached to the account.
  • Developer Support — Currently Developer Support is not built into agreements between DLT/AWS which makes this option unavailable on any DLT support plans.
  • Business Support — Partner-led support by DLT.
  • Enterprise Support — Partner-led Enterprise Support can be enabled at the organization level and adds additional SLA options, access to AWS TAMs, VIP treatment, etc.

Q: What support options are available without paid support?

Without paid support, customers will be limited to Basic support only.

Q: What options are available for Third party application and service support?

DLT will perform the same work on a third-party tool (e.g., Palo Alto) as AWS would. They work to the AWS demark time and will engage with a third-party support contract as needed.

Q: How do you change support options for an account or organization?

Support Options can be changed by following the procedure outline in this Knowledge Base Article.

Q: What is the best practice to escalate an existing support issue?

Phone 888-358-7658 (SOLV).

Q: My institution was surprised by the Support Service Control Policy (SCP) rollout. Are there options for testing future SCPs in my test Organization?

Under AWS' Partner Led Support program, support access is limited to the support provider (DLT). DLT complies with this requirement using an organization SCP, which limits access to DLT Support staff. DLT is currently developing a next-generation SCP which will provide more customer visibility into the AWS Support Console, while remaining in compliance. If you have your own organization through DLT, and you would like to enroll in the DLT Support Access Beta, please open a ticket with DLT with the subject line "CloudOps: DLT Support Access Beta Enrollment."

Q: Currently the first response to tickets submitted always seems to be to add the DLT-Support role to the member account. Because of this, should we deploy the support role in all DLT accounts prior to ticket creation?

Yes, DLT recommends deploying to all accounts.

Q: What are the current supported methods for ticket submission for DLT?

Q: CloudCheckr?

NIH STRIDES
 

Q: Can we access the NIH STRIDES program through the NET+ AWS program?

Yes! For details about the NIH STRIDES program and how and when to prepare your application, visit our dedicated NIH STRIDES FAQ page. If you know the hows and whens, go straight to the step-by-step instructions on requesting an NIH STRIDES account.

Q: Given the SCP applied to our NET+ AWS Organization that prevents us from accessing the support console, how can we leverage enterprise support (that is, open tickets directly with AWS) for STRIDES accounts?

  • DLT Support Access Service Control Policies (SCPs) will be modified to exclude STRIDES accounts from the Partner-led Support requirements. The DLT Cloud Operations team has tested and confirmed this modification, ensuring that the SCP will not interfere with STRIDES accounts seeking enterprise support.
  • Support tickets for STRIDES accounts will be submitted directly to AWS Support.

Q: How do I request a STRIDES account through the NET+ AWS program?

There are two portions to your request, the DLT portal and the NIH STRIDES form. For step-by-step instructions, visit Requesting an AWS STRIDES Account through DLT.

Q: What steps are required to set up a STRIDES account, and how quickly can accounts be set up?

  1. Researcher fills out DLT’s STRIDES request form
  2. Researcher and cloud team fill out the request form on the portal, attaching the completed STRIDES request form. If the campus team is creating a new account in their AWS Org, it should be submitted as
    • NOTE: It’s important to provide the information necessary for the account naming convention..
  3. DLT fills out webform with the information provided and sends it to Four Points (FPT).
  4. FPT reviews and validates the information.
  5. FPT submits request to NIH.
  6. NIH approves the account, notifies FPT.
  7. FPT sends request to DLT to create or authorize account.
  8. DLT creates an account (or gets info for existing account) and shares account info with NIH (through FPT) and with AWS.
  9. AWS amends the designated account to have the STRIDES pricing and premium support plan. This work must be done by the 15th of the month in order for the benefits to be in place at the start of the following month.
  10. AWS notifies DLT and FPT when the account changes have been made.
  11. DLT notifies the institution.
    • There are several steps involved in setting up a STRIDES account (see Requesting an AWS STRIDES Account through DLT). It is most efficiently accomplished through collaboration between the researcher and the campus cloud team. Each brings important answers to the questions you will be asked.

      </li>
	</ul>
	</li>
	<li>This entire process may take 30-45 days. The application needs to complete by 15th of the month will get credits starting the 1st of the subsequent month. It is recommended you start no later than the first of the month in order to have a chance at the proper discounts, support and settings being in place by the start of the following month.</li>Flow chart showing STRIDES account creation
  12. This entire process may take 30-45 days. The application needs to complete by 15th of the month will get credits starting the 1st of the subsequent month. It is recommended you start no later than the first of the month in order to have a chance at the proper discounts, support and settings being in place by the start of the following month.

Q: What “pre-work” can a school do to increase the turn-around time?

Yes, information can be gathered and the NIH STRIDES form can be completed before beginning to fill out the DLT request portal. See Requesting an AWS STRIDES Account for full details

Q: If we have both STRIDES and non-STRIDES accounts in a single org, how can we verify we are getting STRIDES pricing for an account?

DLT provides discounted unit cost details for all cloud accounts. Since STRIDES utilization must be separate from non-STRIDES consumption at the linked account level, unit prices displayed under STRIDES cloud accounts will contain all STRIDES-specific discounts. Organizations can reconcile discounts they are receiving on any account by comparing DLT unit costs to AWS list prices, which are public. AWS also offers two APIs that organizations can use to query prices: the AWS Price List Bulk API, and the AWS Price List Query API.

Q: For those who create accounts via Control Tower Account Factory, what should the process be for enrolling a new account in STRIDES?

When indicating what type of account request you are making in the technical section of the request form on the DLT portal, indicate that it will be a transfer.

Q: How does enterprise support work?

Q: Are individual researchers reaching out for STRIDES support or are the institution's cloud team making arrangements?

STRIDES supports both individual researchers and IT staff, we generally find that having IT teams involved throughout helps facilitate the process.