If your organization has ever experienced a system outage, then you understand the real and potential impact of downtime. With the amount of workloads being placed in the cloud, it is a well-held belief that a service level guarantee, whether it be at 99.9% uptime or higher, is sufficient for your organization. Not so fast.
Service level agreements, which document the amount and type of allowed downtime for your platform, come in many shapes and sizes. It is critical for your organization to understand your service-level agreement in terms of minutes and seconds allowable downtime to help determine acceptable risk for your workload or application. And in addition, it is critical to understand the nuances of the SLAs terms.
For even the most savvy professionals, SLAs can be challenging, cryptic, even intimidating. Here are ten often-missed questions to ask your potential cloud provider before choosing a platform and an associated SLA. Remember, SLAs are part of legal contracts, so it’s advisable to have a lawyer and/or technical expert assist you.
1. How do you calculate downtime?
Do not assume that you share the same definition or implications of downtime as your potential cloud service-provider. For example, Microsoft calculates downtime reimbursement based on a formula that subtracts downtime from the total user time available in a month. This formula means that a company with 100 users might have to be down for over 18 hours before receiving any type of SLA credit. A good move is to ask your potential provider to spell out a few downtime/reimbursement scenarios based on your needs.
2. How do you track uptime/usage?
Many cloud service providers and platforms, such as Microsoft and Amazon, offer real-time service availability and consumption dashboards that you can log into at any time and use to run reports. (You may also be able to integrate these management and reporting tools into your system via an API.) It’s a good idea to get specific. Ask potential partners to set up a demo or at least share examples of their dashboards to understand how your SLA will be tracked and to assess how easily those tools will be for your team to access and manage.
3. What’s your uptime guarantee and is this SLA "stacked?"
Most cloud-providers in the market today provide an uptime guarantee of 95+%, but it’s important to understand that not all uptime guarantees are created equally. Ask your potential provider if the uptime guarantee is all-inclusive (like Concerto’s Virtual Private Cloud offering) or by component AKA "stacked". Will the guarantee cover the application layer, platform and web access? Keep in mind that if one component is down but the others are still functioning, a service provider may not recognize this downtime, even if, in every practical way, it is. A stacked SLA can translate into a major source of frustration and unrecoverable loses.
4. How do you handle reimbursements?
Because it is not realistic that a cloud service provider can guarantee 100% uptime, it’s important to understand how your organization will be compensated for downtime. Depending on your agreement, you may be credited through service time or service fees. Similarly, in some cases, like Azure and Office 365, you must request a credit in the event of an outage that violates your SLA. Some premium service providers like Concerto, on the other hand, will save you time and ensure your peace-of-mind by applying your credit automatically to next month’s bill.
5. What kind of recovery time do you guarantee?
When considering providers and reviewing SLAs, it’s easy to get caught up in "speeds and feeds" (such as the technical details of data centers or compliance demands) and to short-shift or outright ignore service guarantees. Does your SLA outline any service commitments? When you experience an issue that requires support, how promptly will that provider respond? In the event of an outage or a disaster, how quickly can your systems be restored? Is there an additional fee for this service?
6. What type of support do you guarantee?
Like responsiveness, the level of support a service provider offers can make or break your cloud experience. So make sure to identify the support commitments included in the SLA. Many public cloud providers, like Amazon and Microsoft, offer a packaged, one-size-fits-all approach or a toolkit with limited customization and technical support. This "self-serve" approach invariably requires that you have knowledgeable IT resources to move forward. In contrast, a fully-managed services provider like Concerto will provide you 24/7support and a contact person to streamline supporting your end users.
7. Does your SLA require a specific deployment model?
Some public cloud providers require specific deployment models to receive an SLA and, by extension, ensure their uptime guarantees. For example, in Azure, you must deploy in availability sets. In Amazon Web Services, you must work with availability zones. As per our comments above around support, unless you have knowledgeable IT resources handling your deployment, you run the risk of inadvertently voiding your SLA guarantees. This type of exposure explains why so many organizations who are re-booting or evolving their cloud solution seek the services of a high-touch provider, who can integrate multiple clouds into one reliable solution.
8. What type of outages does the SLA cover?
As we mentioned earlier regarding stacked SLAs, look for language around specific outage types: such as when an entire system goes down or partial usage outage. If a workload is deployed in Azure, for example, and you deploy with availability groups, one of the servers may go down for maintenance even as your total solution is still available. Users may find themselves disconnected and unhappy. With a managed cloud, this type of partial usage outage can be tailored around a customer’s work cycles via planned maintenance windows.
9. What type of guarantees around security or regulatory compliance do you offer?
For any organization where data security and/or regulatory compliance is a must, be aware that the cloud providers touting compliance logos for their platforms are not the same. Review your SLA compliance language carefully and understand that these security claims often only complement and enable your compliance and do not, in fact, make you compliant. It is equally important to understand that many providers only apply these standards to the highest platform level. In some scenarios, a standardized platform-level approach will not meet your requirements. In these situations, working with a managed services provider with deep security expertise, like Concerto, can help you implement security to the application layers as well as provide continuous monitoring and management.
10. What if we decide to cancel our service?
For any number of reasons—such as less than satisfactory performance, weak uptime or poor customer care—you may end up exiting the relationship. As per any contract, it is very important to review the termination clauses carefully and to avoid committing to disadvantageous terms, such a high early termination fees, disputes over data ownership, or very narrow terms of renewal.
Related Information:
Azure & HIPAA HITECH Compliance: What You Should Know
Microsoft SLA Uptime Service Credits: Decoding the Fine Print
Ten Vital Facts Every Exec Must Know About Cloud
by Concerto Cloud Services
*This post is locked for comments