Cloud SLAs warrant close scrutiny from enterprises planning a move to the cloud, a SunGard executive said at Interop.
Analytics Slideshow Calculating Cloud ROI
(click image for larger view and for full slideshow)
The cloud is not one thing, so when you're thinking about moving to the cloud, try to find the one that most closely matches the IT environment you've built for yourself. And beware of cloud SLAs, advised Carl Meadows, director of managed services product management at SunGard.
"Finding the right cloud starts with you," he warned his audience Thursday as Interop 2011 in Las Vegas, a UBM TechWeb event, came to an end. "The cloud is not one thing. There are many clouds. Every business' needs in the cloud are not the same."
SunGard is the disaster recovery specialist that has broadened its offerings into managed hosted services, co-location services, and cloud computing. The subtext of Meadows' message was that an experienced IT-level service provider, such as SunGard itself, might be a better bet than a plain vanilla infrastructure-as-a-service provider. But in the process of saying so, he pointed out a number of pragmatic metrics anyone could use on their way to the cloud.
Question how highly available the cloud platform will be. Examine the aspects that give it claimed high availability. What will you need to do yourself to reach the degree of availability you think your applications will need, he said.
The comment seemed to address an implicit concern of many in the room after the services outage at Amazon Web Services northern Virginia data center April 21-23.
Software development and testing make a good workload to transfer to the cloud because high availability is less a factor than the ability to make frequent changes, fire up a lot of servers for a short time, and decommission them when testing is done.
"It's a misconception that all cloud platforms are highly available. That's absolutely not true. Your cloud workload is nothing more than a VM running in a data center somewhere. Don't assume high availability," he said.
Another way of thinking about the issue is to find out whether you can monitor availability or test your recovery/restart measures. "Who is responsible for recovery?" he asked. At Amazon's EC2, the customer is. At Savvis, Terremark, and SunGard, that would be more of a shared responsibility with technical support people available to help the customer recover. "There are options in the middle," he said, as opposed to either the customer being completely responsible or the cloud supplier being 100% responsible.
In addition, he advised cloud users should "know your SLAs. The service level agreement does not equal protection against the loss of service." Rather, it is the provider's definition of what it will do for a customer if service fails. If the only penalty paid is free replacement service, the customer must assess what that is worth versus the downtime for the application and its business impact.
Meadows scoffed at SLA advertisements that appear to guarantee no downtime. He posted on the screen a supplier's boast of a "10,000% guaranteed SLA." The SLA appears to offer 100% uptime, but it doesn't. It merely states there will be free replacement time for the customer if any outage occurs.
He said some providers are playing an accounting game with the customer's application, trading off lost revenue for the additional customers they can gain if they make exaggerated claims. "They know some downtime will occur," Meadows said.
SLAs with penalties for lost business are more serious and indicate the vendor has taken the measures needed to better guard against the loss of a customer's workload, he said.
Look for a cloud environment that best matches your own on security measures, high availability, and overall architecture. The two of you are more likely to be compatible in the long run if the cloud provider has enterprise IT types of concepts and operations, he said.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.