PRIVATE CLOUD e-zine

Strategies for building a private cloud

VO

L. 2

|

N0

. 2

|

AP

RIL

20

12

In this issue:

q THE CLOUD’S TOUGH CUSTOMERS By Lauren Horwitz

q DIGGING INTO IBM’S SMARTCLOUD By Bill Kleyman

q CLOUD SLAs: DEFINING THE RIGHT REQUIREMENTS UP FRONT By Larry Carvalho

AS COMPANIES GROW more comfort-able with private and hybrid cloud models, they have also become more savvy. As a result, they now demand more feature-rich offerings from cloud providers. In this issue, we explore how rising customer expectations have influenced cloud offerings.

Companies have also become more sophisticated about plan-ning resources for dynamic, grow-ing cloud infrastructures. As SOA World’s Fabio Violante puts it, “When you wake up in the morn-ing and flip on a light switch, you don’t think about whether the local power company has enough elec-tricity available to power the light. … [But] to get the most value from the cloud, you must continually balance capacity utilization, cost and service quality.”

So first, in Cloud One on One, we investigate how cloud capacity planning has become a critical task in planning and building successful clouds—even though administrators grumble about this time-consuming activity. But without capacity plan-ning, a cloud’s resources can be improperly allocated and undermine performance.

Next, we explore IBM’s cloud platform and whether it fits the bill for building private and hybrid clouds. While some have argued that IBM has a directionless cloud strategy, others counter that Smart-Cloud might signal a new chapter. Its SmartCloud Platform as a Ser-vice and Infrastructure as a Service offerings may be what the company needs to shake the stigma of an also-ran. But customers have made it clear that only more complete cloud suites—with security and management capabilities tied in—are worthy of consideration.

Finally, we dig deep into the task of constructing rock-solid service-level agreements (SLAs). How can SLAs hold providers to account and secure the level of service that customers expect? Expert Larry Carvalho offers actionable advice on constructing SLAs that meet your business requirements and service needs rather than box you in down the road. n

LAUREN HORWITZExecutive Editor Data Center and Virtualization Media Group, TechTarget Inc.

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 2

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1 EDITOR’S LETTER

THE CLOUD’S TOUGH CUSTOMERS

E

www.hpmsmart.com

Cloud One on One

CLOUD CAPACITY PLANNING: A MUST-HAVECloud capacity planning, says virtualization and cloud expert Bill Kleyman, is all about under-standing your current environment to plan for future growth or change. SearchCloudComputing.com sat down with Kleyman to understand the importance of capacity planning for cloud environments.

Is capacity planning for the cloud a nice-to-have or a critical management activity? Capacity planning should not be considered a nice-to-have. Improp-er sizing of capacity requirements creates issues down the road. There must be a fundamental understand-

ing of the organizational goals and how they tie into the IT environ-ment. From there, administrators can better forecast growth and make good decisions.

Consider this example. A com-pany simply signs off on a con-tract to host its cloud at a provider without doing any sort of capacity planning—so it sort of wings it. The environment works well for the first three or four months. But after about five months, a business executive approaches IT and says, “We’re acquiring a new company that we would like to place in the cloud instead of buying new on-site hardware.” But what if the cloud was never sized for this kind of growth? Now, the IT department may have to pay serious overage charges or redesign contracts ret-roactively to resolve these issues. Without good planning, reactive cloud responses become costly and time-consuming.

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 4

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1TRENDS IN CLOUD COMPUTING

TRENDS in cloud computing

T

How does the multi-tenant, elastic model that defines cloud computing change capacity planning activities from those in a traditional data center?As opposed to a physical local-ized data center where resources are truly finite, a cloud administra-tor has more to work with. When working with a cloud infrastructure, we’re dealing with virtualization. In a properly sized environment, administrators can quickly deploy new VMs, allocate more space or provision new workloads as needed. The beauty here is that elastic cloud models are built around economies of scale. That means an IT manager can provision new workloads only when he needs them instead of hav-ing VMs or physical hardware just sitting there unused.

Remember, without good capacity planning, there’s no way to achieve this type of elastic cloud environ-ment. Even in the cloud, planning for growth and having capacity for

users is very important.

As managers capacity-plan, how should they factor in future growth or other unknown issues?No one can ever predict the future, but we can make intelligent estima-tions based on current trends. The idea involves the N+1 mentality. Allocate enough resources for your current environment and for just- in-case moments. The best way to plan for the future is by having inline visibility with business goals. This means clear communication between business stakeholders and the IT team. The key isn’t to talk technology but to understand busi-ness objectives.

If a manager says that a company plans to acquire another company or grow in the near future, IT man-agers should plan for that. This means allocating the right type of storage controller, the right type of physical hosts and the proper cloud

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 5

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1TRENDS IN CLOUD COMPUTINGT

46% IT’S A FACT:

Among 560 IT service consumers and providers, nearly half say that it’s difficult to monitor service-level agreements for public clouds. SOURCE: INFORMATIONWEEK ANALYTICS, JUNE 6, 2011

model. Gauging for user spikes or changes in the business environ-ment is important as well. This means taking the time to under-stand existing requirements and think outside the box. It becomes a costly endeavor to replace or upgrade existing cloud data center components. This can be even more disruptive if we’re working in a pro-duction environment.

Does capacity planning in the cloud still require that you factor in finite resources? This is a big misconception among many IT professionals. But regard-less of the offering, remember that even in the cloud, resources are always finite. Resource require-ments will change. If an environ-ment is built with a cushion, those resources can be assigned to a workload that needs them. When working with a cloud provider, administrators can create contracts to state that if more resources are required, they can be assigned by the appropriate person.

But even with the agility of the cloud, eventually you will run out of resources. At that point, you may have to pay substantial fees to access additional resources for the environment. This is why plan-ning is so important. Administrators can avert these additional costs by sizing an environment for current and future requirements. Your esti-

mations are just that—they don’t have to be exact, but making a solid guess based on business goals is extremely helpful. This prevents additional costs and charges from piling up when more resources are required.

One of the main goals of any IT initiative is to get good ROI. When cloud environments expand and are poorly planned out—the ROI on that infrastructure will go down. If the planning is really poor, a cloud infra-structure may cost a company more than it’s worth.

The bottom line is that adminis-trators must use the elasticity of the cloud, but they have to do it wisely.

What kinds of metrics do you recommend?For the most part, here is what you need to look for:

n User count. Administrators must know how many users will access the environment at a given time. Even more important is their abil-ity to forecast the user count a year or two down the road. This type of planning will dictate the size of the cloud environment and how many servers are necessary. By establish-ing user count and future growth, we can also tell how much storage (IOPS), RAM and CPU require-ments are necessary.

n Workload type. What are we

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 6

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1TRENDS IN CLOUD COMPUTINGT

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 7

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1TRENDS IN CLOUD COMPUTING

going to deliver? Are these virtual desktops or just published applica-tions? Is this an Infrastructure as a Service or a Platform as a Service? All these questions will determine the kind of cloud deployment neces-sary. By knowing the workload type, we can size and plan the cloud envi-ronment more effectively.

n WAN link. In a distributed cloud environment connectivity is king. We must know what we are push-ing down the link to ensure optimal performance for end users. Are we delivering rich media content or just small files? As a best practice, bandwidth considerations must happen when a cloud environment is being designed.

n Delivery methodologies. The suc-cess of a cloud deployment largely depends on the acceptance level of users. With poor performance, sat-isfaction and adoption rates will be low, which might ultimately result in the failure of the project. Capac-ity planning partly involves how a workload is delivered to end users. What speeds are optimal? Where will certain types of content be ren-dered? Do we need to make adjust-ments to compensate for latency? All of these questions must be answered prior to deploying a pro-duction cloud infrastructure.

Which kinds of tools do you recommend for capacity planning

T

n n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n nn n n n n n n n n n

IAAS STRATEGIES: STILL STEADY AS SHE GOESMore than 70% of IT managers have taken a slow-and-steady

approach to adopting Infrastructure as a Service.

49%: CONSERVATIVE Most nonproduction

workloads will be outsourced to the cloud

24%: RESEARCH MODE We haven’t yet identified

a use case for IaaS at our company

27%:AGGRESSIVE More than half our infrastructure will be cloud-based over the next 12 months

N=90 I.T. MANAGERS; SOURCE: 2011 CLOUD COMPUTING ADOPTION SURVEY, TECHTARGET INC., MARCH 2011

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 8

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

in a cloud environment? Visibility and granularity are the most important tool features for any cloud. Since we’re working with a distributed environment, it’s impor-tant to have tools capable of seeing what is happening within each cloud data center. This means RAM, CPU and storage metrics are monitored and gauged.

Part of planning for growth is understanding what an environ-ment has today. Without proper visibility into the current environ-ment, there’s no way to effectively scale. Good tools can save money by alerting administrators when resources are running low or when workloads need to be load-bal-anced. Native or third-party tools each have their benefits. It’s impor-tant to plan which tools to use since each will have a different impact on a given environment.

Even though cloud computing expands access to resources, data centers are still bound by finite resources?Finite resources are only a con-straint if their management is poorly planned. Having efficiencies built into an environment means knowing what is available now and what can be used in the future. With capac-ity planning, administrators can size and use resources effectively among multiple workloads. As the environ-ment evolves, a well-planned-out

cloud can scale based on the needs of the business. All this stems from understanding which resources are available now and how they are used. This starts with good visibility into the cloud.

Resources only become con-straints when unexpected events happen. When a cushion is built into a cloud environment, emergency situations can be handled with-out the need to bring in additional, sometimes expensive, resources or tools. Again, this goes back to the idea of N+1, where an environment has what it needs and a bit more for growth, emergency needs or load balancing.

What is most important for data center administrators and managers to understand about capacity management for the cloud?A general mindshift has to happen with a cloud environment. Even though data centers are remotely located, it doesn’t mean they can be managed less. Out of sight, out of mind can become a serious issue for administrators who forget that cloud resources must be continu-ously managed and observed. So IT managers must maintain constant visibility into their cloud environ-ment. From there, they can make solid decisions based on the needs of the cloud infrastructure.

—BY LAUREN HORWITZ

1TRENDS IN CLOUD COMPUTINGT

IBM HAS BEEN considered an also-ran in the cloud computing market, but IBM SmartCloud, which includes components for PaaS and IaaS cloud models, may be what the company needs to shake this stigma. And enterprise cloud architects should understand how these products can help them build public, private and hybrid clouds.

INSIDE IBM SMARTCLOUD PAAS STRATEGYPlatform as a Service (PaaS) gives an organization a set of automated and intelligent services and tools that sit on top of the infrastructure. IBM SmartCloud Application Ser-vices helps promote cloud-based efficiencies and scalability while allowing admins to customize appli-cations. Cloud application platform services are tuned for enterprise applications and are made up of five characteristics.

1. Application lifecycle control. With application lifecycle control, administrators can use the cloud as an integrated tool to see how a spe-cific application behaves in a distrib-uted environment. IT staffs can run application test and development within the cloud environment, giving admins a real-time shared area in which to work.

Collaborative services can include agile application planning, change management tasks and software configuration management. With these kinds of services, developers and administrators can focus on improving application functionality without spending time on manage-ment.

2. Application resource sharing. In a development environment, an application may need access to spe-cific types of resources to function. Within the cloud, engineers can use centrally housed resources and

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 9

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1 IBM’S SMARTCLOUD

DIGGING INTO IBM’S SMARTCLOUDFor a couple of years, observers have wondered what IBM’s cloud strategy is—and whether the company even has one. An expert dissects IBM’s SmartCloud initiative and how the new offering can build private and hybrid clouds. BY BILL KLEYMAN

apply them to any application they may test or develop. With these shared resources, developers can reduce the complexity and cost of an application by having resources ready to use. Shared resources may include message routing or a Data-base as a Service (DaaS) model in which a database becomes available only when needed.

3. Application deployment. Devel-opers know that deploying an appli-cation can be difficult. Often, other factors are involved when an appli-cation is launched, including physi-cal resources or other infrastruc-ture needs. With cloud computing, administrators can test and deploy applications without the need for middleware or other environmental requirements.

Deploying and managing applica-tions with IBM SmartCloud includes policy-driven automated scaling and management for each applica-tion. Developers can work with a mix of environments created for each application type. This diversity allows businesses to further develop application environments without worrying about internal infrastruc-ture requirements.

4. Application management. With so many types of different applica-tions, managing them can become a hassle. The ability to work in a single environment allows cloud admins to gain control of the cloud-

based application environment. With IBM SmartCloud, administra-tors can deploy key applications that have built-in automation and

managed services. This gives devel-opers the ability to handle tasks such as change management, appli-cation cloning for upgrades, and rapid backup of an entire installation as well as any associated data.

5. Integration synchronization. IBM SmartCloud features a configurable integration engine that can synchro-nize data and process it with a set of standard or custom application connectors. Developers can then integrate multiple application sets without resorting to custom coding or other manual processes.

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 10

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1 IBM’S SMARTCLOUD

WITH IBM SMART-CLOUD, ADMINISTRA-TORS CAN DEPLOY KEY APPLICATIONS THAT HAVE BUILT-IN AUTOMATION AND MANAGED SERVICES. THIS ENABLES DE-VELOPERS TO HAN-DLE TASKS SUCH AS CHANGE MANAGEMENT, APPLICATION CLONING FOR UPGRADES AND RAPID BACKUP.

THE FOUR PILLARS OF IBM SMARTCLOUD Organizations understand the ben-efits of using cloud technologies for resource-intensive tasks, such as testing, application development and pilot launches for large work-loads. Infrastructure as a Service (IaaS) frees up resources, eliminat-ing the need to use multiple servers at a local data center.

IBM SmartCloud IaaS offering includes four features that can make available local resources while using the cloud to expand an existing environment.

1. Virtual infrastructure. There are two major components of the IBM SmartCloud virtual infrastructure: SmartCloud Enterprise and Enter-prise +. The Enterprise platform is an agile IaaS designed to provide rapid access to enterprise-class virtual server environments. These types of environments are well suit-ed for test-and-development activi-ties and work with other dynamic workloads.

2. Virtual desktop. Many organiza-tions are exploring virtual desktop infrastructures (VDI) to move from operating systems at a physi-cal endpoint. IBM Smart Business Desktop can help companies imple-ment VDI with a range of cloud options. By moving toward a hosted workload platform, administrators can control costs and enable secure

access to corporate applications and data that resides at a central location.

3. Backup and recovery. With any cloud-based environment, backup and recovery of vital systems will always be critical. The SmartCloud has a number of backup and recov-ery options:

n SmartCloud Archive provides cloud-based data archiving capa-bility that can index, search, retrieve and store archived con-tent. This kind of efficient data management helps organizations use information for enhanced decision making and regulatory compliance management.

n SmartCloud managed backup service is currently offered only in the U.S. as Fastprotect online. This feature is cost-effective cloud-based data backup and helps pro-vide virtually continuous, scalable protection and restore capabilities. SmartCloud managed backup is ideal for data that’s distributed on servers, desktops and laptops in various geographic locations.

n SmartCloud Virtualized Server Recovery provides automation and cloud tools that can help speed recovery times and increase the reliability of cloud server recovery. This service supports physical and virtual machines

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 11

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1 IBM’S SMARTCLOUD

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 12

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

1 IBM’S SMARTCLOUD

(VMs) and allows engineers to recover the functions of selected servers on a VM running on cloud infrastructure at the IBM Recovery Center.

4. Managed cloud security. IBM has three different products for securing a cloud infrastructure.

n Hosted Application Security is designed to provide an advanced security analysis that helps cloud admins identify and analyze threats.

n Hosted Mobile Security provides ongoing management to make mobile device security virtually turnkey. This capability helps pro-tect against mobile device theft, malware infection and inappropri-ate use.

n Managed Security offers always-on monitoring and management of security technologies housed within a cloud environment. IBM provides a single management console that enables admins to view the entire security infrastruc-ture and mix and match by device type, vendor and service level to meet the needs of an evolving business.

Certainly, cloud computing will continue to evolve. Organizations of all sizes will see the benefits of

placing some or all their infrastruc-ture in the cloud. The availability of additional resources, improved bandwidth and more capable hard-ware facilitates delivering large workloads.

Cloud technologies allow orga-nizations to grow and expand as needed. This means companies can do more testing and development without provisioning physical or virtual resources locally at the data center level. Pushing workloads into the cloud will help many IT environ-ments develop new technologies and make their infrastructure more efficient. n

Bill Kleyman, MBA, MISM, is an avid technolo-gist with experience in network infrastructure management. His engineering work includes large virtualization deployments as well as busi-ness network design and implementation. Cur-rently, he is a virtualization solutions architect at MTM Technologies Inc., a national IT consulting firm.

PUSHING WORK- LOADS INTO THE CLOUD WILL HELP MANY IT ENVIRON-MENTS DEVELOP NEW TECHNOLOGIESAND MAKE THEIR INFRASTRUCTURE MORE EFFICIENT.

TODAY, CLOUD SERVICES are mov-ing into the mainstream. They offer elastic IT infrastructure that can respond quickly to new demands, such as business growth or new projects. Cloud models also offer possible cost savings through pay-per-use approaches and economies of scale.

But to save money with a cloud model, IT pros have to construct service-level agreements (SLAs) carefully. Businesses rely on these agreements to hold providers to account in providing service and recourse if service fails. They spec-ify, for example, the responsibilities of providers, such as the time frame in which a cloud vendor should be able to address a problem and the reparations it should make if down-time occurs and a customer loses business.

But, when it comes to cloud SLAs, the devil is in the details. Outlin-

ing the terms of customer reim-bursement can be problematic, for example. Should customers be reimbursed for lost services, or is it sufficient for an SLA to stipulate a future credit? Not surprisingly, creating solid, realistic SLAs to which both parties can agree can be complex. As a result, companies are understandably gun-shy about the fine print of these agreements.

So, for companies eager to try cloud services, it’s prudent to con-sider potential gotchas, including pricing, provider responsibility, availability, data security, customer rights, risks and penalties, and so on in choosing a cloud service provider.

PREPARE FOR AN SLABefore you can sign on the dotted line, you have to identify certain business requirements. You can’t specify the time it should take a

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 13

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

CLOUD SLAs: DEFINING THE RIGHT REQUIREMENTS UP FRONT Before you sign on the dotted line for cloud services, scrutinize your service-level agreement for disadvantageous terms. Here are some SLA gotchas to be wary of. BY LARRY CARVALHO

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 14

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

provider to get back up and running following a disaster until you deter-mine your maximum downtime tolerance and the potential business loss for your company of various time frames. That means running the scenarios and the numbers.

So first, identify business-critical needs for data and applications in a cloud environment. This requires establishing key performance indi-cators—or KPIs—that are unique to your company’s business require-ments, such as these:

n acceptable latency levels,

n the measured impact of downtime or lost data,

n the need for constant access to business data (current or archived), and

n a cloud service usage pattern.

If a business needs a cloud service to have peak transaction load at certain times of the month, quarter or year, reviewing a provider’s SLA for monthly average latency figures is not a good indicator of how your business latency needs will be met.

It’s also important to understand business requirements—the legal, compliance, regulatory or other business-critical obligations—to which a company must adhere. These factors can involve data locality, data set size, access speed

or time taken to access archived/backed-up data.

Considerations may also include disaster recovery, availability guar-antees, privacy, hard deletion and encryption, and capabilities for

monitoring, managing and auditing cloud SLAs. As an example, your business may require data to be physically stored within the geo-graphical limits of your country for legal or compliance reasons, but your service provider is a global entity with data centers spread among different countries for eco-nomic advantage. In this case, you need to ensure that the provider SLA addresses your data locality needs but also provides requisite data-access audits.

Another consideration is provider practices. Your prospective provider should be able to demonstrate cer-tain best practices to ensure com-pliance. As a neutral third party, it

IDENTIFY BUSINESS-CRITICAL NEEDS FOR DATA AND APPLICA-TIONS IN A CLOUD ENVIRONMENT. THIS REQUIRES ESTABLISH-ING KEY PERFORMANCE INDICATORS THAT ARE UNIQUE TO A COMPA-NY’S REQUIREMENTS.

should be able to provide evidence of separation of duties and a chain of custody for critical business information and to support consis-tency for compliance.

In outsourced or cosourced cloud environments, evaluating service-level agreements involves a clear understanding of the implications of an SLA conflict or breach as well as the resolution process. Typical off-the-shelf cloud SLAs may not be sufficient for enterprise customers with business-critical data require-ments.

SET PROVIDER AND CONSUMER RESPONSIBILITIESAfter you evaluate your busi-ness requirements, consider those needs in light of provider responsi-bilities. In the event of an outage or problem, how are responsibilities shared between your company and a provider? What is the provider’s level of transparency, and does it proactively inform consumers of SLA noncompliance and breaches? In the event of a disaster, does the language limit the provider’s liability at the expense of your company’s

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 15

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

SERVICE-LEVEL AGREEMENTS: SOME BASIC TERMS

TO GET A HANDLE on service-level agreements, it’s important to understand the terminology. Here are some common terms to consider:

Downtime: For a domain, if there is more than a 5% user error rate. Downtime is measured based on server-side error rate.

Downtime period: A period of 10 consecutive minutes of downtime.

Intermittent downtime: A period of less than 10 minutes is not counted toward downtime periods.

Monthly uptime percentage: The total number of minutes in a calendar month, minus the number of minutes of downtime suffered from all downtime periods in a calendar month, divided by the total number of minutes in a calendar month.

Scheduled downtime: This refers to periods when a provider notifies customers of downtime at least five days prior to the commencement of such downtime. The maximum is no more than 12 hours of scheduled downtime per calendar year. Pro-viders such as Google do not consider scheduled downtime as countable toward the total downtime. n

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 16

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

data? What kinds of restitution does the provider offer in the face of disaster?

The answer to these questions may be surprising.

While you might expect other-wise, in the event of failure, the onus is not often on the provider. It can be up to the customer to identify a service failure and its impact. Cloud service monitoring and manage-ment could result in additional tasks and costs for a company—unless it already has SLA noncompliance identification automation in its on-premise or private cloud setup that can be easily extended for a hybrid cloud. Companies also need to assess noncompliance penalties and determine whether those reasonably cover lost business opportunity.

EVALUATE CLOUD SLAs: TEN KEY PRINCIPLESCompanies considering cloud ser-vices should closely explore possi-ble risks and outline the protections in their cloud SLAs. While the story of the cloud is still one of buyer beware, companies can use SLAs to secure performance and availabil-ity. Use these 10 principles to guide your evaluation.

1. Keep it short and simple (KISS). Avoid getting lost in the details. Focus on your company’s top busi-ness priorities and the metrics that govern positive business outcomes

rather than technical parameters. Target what is most important to the business instead of what a cloud SLA provides a typical consumer.

Identify potential gaps and check whether the prospective provider allows SLA negotiation to fill in the gaps.

At the same time, liability needs to be outlined with specificity. It’s traditional, for example, for a cloud provider’s liability to be limited to direct damages and capped at an aggregate dollar amount for all claims under the agreement. Con-sider whether these kinds of condi-tions work for your company.

2. Consider unique business needs. As most providers deal with cus-tomer and service volume via multi-tenancy and resource sharing, their SLA considerations can border on most-common denominator metrics that serve a broad swath of custom-ers rather than your particular busi-ness. As a result, particular require-

COMPANIES CONSIDERING A CLOUD SERVICE SHOULD CLOSELY EXPLORE POSSIBLE RISKS AND OUTLINE THE PROTECTIONS IN THEIR CLOUD SLAs.

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 17

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

ments become more difficult to satisfy. You’ll want to know how a provider deals with one-off requests from a customer.

3. Look at SLAs versus QoS. It is important to differentiate between cloud service specifications, service

availability and quality of service (QoS). Boilerplate agreements, for example, will likely guarantee certain levels of availability but not quality of service. Multi-tenancy and peak-load-pattern variation can degrade cloud service unexpect-edly. As a result, an SLA’s service

WHAT TO ASK YOUR PROVIDER ABOUT DOWNTIME

CLOUD CONSUMERS NEED to know how their provider handles maintenance and upgrades—especially from the perspective of their business requirements, hid-den costs and productivity disruptions. According to a Harris Interactive survey, 46% of nearly 600 companies said that they lose $50,000 per hour because of downtime; 8% said downtime would cost them $1 million an hour. Consider these important questions about outages and responsibilities:

n When should a consumer be notified about scheduled maintenance? According to avoidable cost of downtime, after systems are back up and running, organiza-tions lose an average of nine hours per year to data-recovery time, with employ-ee productivity as low as 70% after downtime.

n What time frames are typical for cloud services and that a business can sustain gracefully? According to the Harris Interactive survey, 4% of companies said that an hour or more of downtime would threaten their business; 40% said their busi-ness couldn’t tolerate 72 hours or more of downtime.

n What are the risks involved? What does the SLA’s fine print say (such as Amazon.com’s more-than-one-zone failure to count as downtime)? What are the poten-tial hidden costs that the business could incur during service unavailability, lower throughput or limited feature accessibility during maintenance and upgrades?

n Is there a need to test consumer applications built on the updated cloud service or infrastructure? For hybrid cloud deployments, would a cloud provider cooperate and collaborate with your internal IT for troubleshooting, interoperability and integration needs, if any? n

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 18

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

availability requirement may be met, but its quality of service may not be. In the case of cloudbursting in real time, this can create uneven performance for users that access in-house IT vs. those who access cloudburst capacity or, worse, end customers. QoS can directly impede productivity or business output.

4. Remember disaster recovery. In the event of a disaster at a local site or a provider’s IT site, how is data access affected? This is especially critical for hybrid arrangements that have business process or data integration dependencies between internal IT departments and a public cloud. It’s also important to con-sider consistency between these

two clouds: Does a cloud provider’s SLA match up with internal recovery point and recovery time objectives? Is the data locked into the provider’s environment? Is there a mechanism to retrieve cloud data for DR or to migrate to another provider or to internal IT infrastructure?

5. Look for special fees and costs involved. Unlike companies with large amounts of legacy data that need to be brought into the cloud before the data can be used mean-ingfully, some customers have few digital assets. That makes cloud on-boarding easier, since moving data into the cloud can cost money and time. Companies need to evaluate whether such data transfer mecha-

ADDITIONAL RESOURCES Cloud SLAs the Next Bugbear for Enterprise ITThe ever-growing network of IT services delivered by cloud computing are making yet another area of business unsettled: service-level agreements.

Meeting Performance Standards and SLAs in the CloudWhile service-level agreements are common in network services, in cloud computing it’s difficult to find helpful precedents for negotiating an SLA.

Shabby Cloud Computing SLAsTo get the risk controls you want, you need to embed controls in your SLAs.

Beware Cloud Computing Risks: From No SLAs to Vendor Lock-InFor each benefit of cloud computing, such as cost savings, speed to market and scalability, there are just as many risks and gaps in the cloud computing model. n

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 19

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

nisms align with their business obli-gations and security objectives.

6. Don’t forget data retention. Compliance or business obliga-tions necessitate data retention or hard deletion after a certain period of time. Customers need to ask for special data access audit reports or they should instead screen data so that what needs hard-deletion is kept on-premises rather than going to the cloud.

7. Build an undiluted SLA. In a hybrid cloud setup, on-premises or private cloud SLAs run the risk of dilution with the introduction of cloud services into the mix—unless the business functions running on-premises and those working on the cloud service are mutually exclu-sive. Evaluate SLAs for clauses that may weaken any aspect of related on-premises SLAs or SLAs of other providers in case you are using more than one provider.

8. Look for third-party dependen-cies. In the case of third-party involvement in an on-premises or private cloud or if a cloud service provider depends on a third party to deliver its service, evaluate cloud SLAs for potential gaps and ascer-tain clarity with respect to respon-sibilities and ownership—especially in case of breaches and conflicts. Several cloud providers have fine print in their SLAs that limit their

responsibility to the infrastructure and services they own.

9. Keep cloud standards in mind. Over time, enterprises and hybrid cloud arrangements evolve and grow. They may require migration of workloads and data from one cloud provider to another. Flexibility, extensibility and standards compli-ance of provider SLAs, especially with multiple vendors involved, is crucial in the long term.

10. Check on other consider-ations. Without compromising on cloud flexibility, scalability or cost advantage as compared with an on-premises alternative, does the pro-spective cloud provider SLA address these issues?

n Acceptable transaction latency. Can it coexist with an on-premises

IN THE CASE OF THIRD-PARTY INVOLVEMENT IN AN ON-PREMISES OR PRIVATE CLOUD OR IF A CLOUD SERVICE PROVIDER DEPENDS ON A THIRD PARTY TO DELIVER ITS SERVICE, EVALUATE CLOUDSLAS FOR POTENTIAL CONFLICTS OR GAPS.

PRIVATE CLOUD E-ZINE • VOL. 2, NO. 2 20

HOME

EDITOR’S LETTER

TRENDS

DIGGING

INTO IBM’S

SMARTCLOUD

CLOUD SLAs:

DEFINING

THE RIGHT

REQUIREMENTS

UP FRONT

2 CLOUD SLAs

setup or will there be integration-related load/peak issues?

n Refunds. However liberal or customer-friendly the provider’s credit refund policy is, actual credits are not refundable and are usually applied only toward future payments.

n SLA evolution. Rapid technology and business requirement changes necessitate that hybrid cloud arrangements can accommodate future revisions in SLAs to take care of changing business needs, instead of getting constrained by rigid provider SLAs.

The bottom line is that consum-ers’ awareness about their IT needs and the clarity of desired business outcomes in harnessing clouds is critical for SLA evaluation, regard-less of how complex, limited or confusing the service provider SLAs themselves may be. n

Larry Carvalho runs Robust Cloud LLC, an advi-sory services company that helps organizations develop strategies to take advantage of cloud computing.

Strategies for Building a Private Cloud is a SearchCloudComputing.com

e-publication.

Margie Semilof Editorial Director

Lauren Horwitz Executive Editor

Michelle Boisvert, Christine Cignoli Senior Editors

Eugene Demaitre Martha Moore

Associate Managing Editors

Linda Koury Director of Online Design

Scott Kelly Associate Publisher

skelly@techtarget.com

TechTarget 275 Grove Street, Newton, MA 02466

www.techtarget.com

©2012 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher. TechTar-

get reprints are available through The YGS Group.

About TechTarget: TechTarget publishes media for infor-mation technology professionals. More than 100 focused websites enable quick access to a deep store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to independent expert commentary and advice. At IT Knowledge Exchange, our social community, you can get

advice and share solutions with peers and experts.

ACTUAL CREDITS ARE NOT REFUNDABLE AND ARE USUALLY APPLIED ONLY TOWARD FUTURE PAYMENTS.