Cloud // Infrastructure as a Service
News
6/19/2014
10:49 AM
Charles Babcock
Charles Babcock
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cloud Contracts: 8 Questions To Ask

What should you look for in a cloud contract? What's hiding in cloud providers' service-level agreements and terms? Read our expert guide.
Previous
1 of 9
Next

What's a cloud service-level agreement (SLA) worth? Sometimes, not much.

SLA language is often vague, reflecting a young industry where no one is certain just how porous provider guarantees may be. There are loopholes, like if you're notified of pending downtime due to regular maintenance that makes your service unavailable, that won't count toward the guaranteed amount of uptime promised each year.

Google Compute Engine, Amazon Web Services, Microsoft Azure, and the HP Cloud cluster around a stated guarantee of 99.95% uptime, with penalties to follow if they fall under that mark in any given month or quarter and cause their customers a loss of service.

That would seem to be a high standard. After all, it only allows four hours and 38 minutes of downtime for a given year. But that's not the highest standard active among service providers. Dimension Data guarantees 99.99% uptime, and if they can do it, why not the bigger-name providers? That standard allows only 53 minutes of downtime a year.

Or possibly your contract goes in the opposite direction. NetSuite's most recent SLA document, from May 2013, guarantees 99.5% uptime, which could allow over 43 hours of downtime a year.

Salesforce.com's contract states that Salesforce will "use commercially reasonable efforts to make the online Purchased Services available 24 hours a day, 7 days a week," whatever "commercially reasonable" means. The exceptions are planned downtime such as maintenance intervals and "events beyond our control" such as earthquakes, civil unrest, acts of terrorism, or war.

Salesforce's exceptions to its pledge of constant availability include "denial of service attack." Most service providers on the Web have built in protections against denial of service attacks and don't consider them an event that justifies a service outage.

Amazon Web Services was once termed by Gartner cloud analyst Lydia Leong as "the poster child for cloud IaaS, but the AWS SLA also has the dubious status of 'worst SLA of any major cloud IaaS provider.'''

AWS's current SLA (dated June 1, 2013), also uses "commercially reasonable efforts" as the standard by which it will achieve 99.95% uptime. Its definition of when it's down, or "unavailable," leans in favor of the provider. For example, a customer using only one availability zone within an Amazon regional data center isn't acting on Amazon's recommended best practice of having backup in a second availability zone. Each region has multiple availability zones that function autonomously from each other. To violate Amazon's SLA, more than one availability zone must be unavailable to the customer. So if a whole availability zone goes down and you're in it, you collect nothing in the way of Amazon SLA credits unless your workloads also occupied another zone, and it was also unavailable.

In addition, all workloads need to be down, not just some of them, for the SLA's credit repayment to kick in. And Amazon has all year to achieve that 99.95% uptime, even if it's down for four-and-a-half hours in a given month.

Even the definition of "available" leans in favor of AWS. For EC2 to be considered "unavailable," all of a customer's instances must be unavailable in EC2 in a given region, such as the US East data center complex in Ashburn, Va. In addition, for the storage attached to running instances to be unavailable, they must be performing "zero read/write I/O, with pending I/O in the queue." In other words, if Elastic Block Store has slowed to a snail's pace, and your business is clearing three or four transactions an hour, that doesn't necessarily qualify as an outage meriting a service credit.

While HP's SLA for its public cloud is also set at 99.95% availability, that's for each month, not across a whole year. And its terms consider the loss of availability of one instance, not all instances in a given region, to be an outage. In the cloud, each service has its own SLA definitions, complicating the picture and giving providers more than one exception on an outage claim.

Amazon, to its credit, has chosen to interpret its terms liberally, offering credits to customers for its April 2011 Easter outage even though servers were up and running during it. Customers, in some cases, had no way of accessing them or making use of the Elastic Block Store storage service, as a disconnected network set off a "remirroring storm" inside its US East facilities.

What's your cloud's uptime? What's in your SLA? Can your service provider do better? Read on to learn more about what to look for in your cloud contracts. Share additional advice with your peers using the comments section.

(Source: Kara Harms on Flickr)

Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
6/20/2014 | 2:23:28 PM
What is a "commercially reasonable" commitment?
The organization and presentation of cloud services varies a great deal by vendor; the contracts, on the other hand, show many marks of similarity. Repeatedly encountered the phrase, "commercially reasonable effort." To me, ikt's come to mean "will meet the same low standard as everybody else."
ppetrasko549
50%
50%
ppetrasko549,
User Rank: Apprentice
6/20/2014 | 1:24:40 PM
Cloud security
SAS70 Type 2 audits were not designed to provide assurance about IT security and practices.  SAS70's have been superseded by SSAE16 SOC2's which are designed to provide assurance about IT security and practices.
Laurianne
50%
50%
Laurianne,
User Rank: Author
6/19/2014 | 11:47:17 AM
Good advice
Thanks for sharing your insights on these contracts, Charlie. The current difficulties involved in apples-to-apples pricing comparison = one pain point I hear a lot about from IT leaders.
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.