As more and more folks consider cloud computing services, the question gets asked, “How do we evaluate this deal?” After all, cloud computing is relatively new on the landscape, so peer comparison can be tricky. A key to answering this question lies in a contractual document known as a service level agreement (SLA).
An SLA defines the services to be provided by the cloud vendor and the associated levels of availability, response and maintenance associated with these services. The biggest concern in an SLA is typically with availability, or the percentage of time in which a system must be accessible and usable.
For quite some time, the holy grail of availability has been referred to as the “five nines.” That is, the system must be up and running for 99.999 percent of the time. To most, this means that the system can be down only five minutes and 15 seconds annually, for any reason, planned or unplanned. We have started seeing reference to the “six nines,” which means the system must be operable for all but 31.5 seconds a year.
Typically, even in this day and age, businesses do not need to achieve five nines for their operational software. Many SLAs carve out specific periods of time for system maintenance and then make an uptime commitment outside of those periods. This commitment typically ranges from five nines down to two nines (99 percent). Tricky vendors will claim five nines outside of defined system maintenance periods, which is downright wrong, especially if the maintenance periods are not explicitly defined.
One interesting twist in SLAs that we’ve seen lately is the location of the data. Some vendors, in a pointed and targeted attack on some of the biggest cloud providers, have written guarantees that their client’s data will be stored in the United States. Rumor has it that one of the largest law enforcement agencies in the United States is abandoning its cloud computing strategy because its provider cannot (or will not) guarantee that all data will be stored in the country.
Of course, the higher the uptime commitment, the higher the cost, so organizations need to balance the two. Furthermore, not all downtime is created equally. We’re seeing SLAs that try to differentiate between the types of system outages, the times they occur, and the number of users affected. Instead of measuring downtime in fixed percentages, these SLAs try to gauge overall business impact.
Failing to meet the commitments of the SLA usually result in penalties of some kind. These could be monetary, especially in commercial environments. In government organizations, SLAs usually don’t involve monetary penalties and can be harder to enforce.
John Agsalud is director of professional services, Pacific Region, for Decision Research Corp. He can be reached at firstname.lastname@example.org or by calling 949-8316, ext. 171.