Did you miss Part 1 of Richard’s “What makes a quality cloud hosting provider” series – read it here.
Horse meat Burger, Cod and Chips, a Bacon sandwich, Cloud Computing providersโฆ which is the odd one out?ย The Bacon sandwich, of course!
Iโm sure you are aware that there have recently been a number of well publicised food scares around Europe, with products not being quite what they seem. So in the list above, why is the Bacon sandwich the odd one out? Well, to date, I have not heard of anybody successfully counterfeiting a Bacon sandwich!
Often Cloud Computing providers, as I covered in part 1 of this blog, are also not quite what they seem. Lots of promises are made on websites as to how good a service is, but on further exploration is the service actually what it seems? I am now going to explore some of them.
ย โ99.9999% or 100% uptime guaranteeโ
A Service Level Agreement (SLA) is a measure of availability, which is typically described through percentage statements such as โ99.999% SLAโ. When these statements are explored in real time, this is the outcome:
Availability % | Downtime per year | Downtime per month | Downtime per week |
90% (“one nine”) | 36.5 days | 72 hours | 16.8 hours |
98% | 7.30 days | 14.4 hours | 3.36 hours |
99% (“two nines”) | 3.65 days | 7.20 hours | 1.68 hours |
99.5% | 1.83 days | 3.60 hours | 50.4 minutes |
99.9% (“three nines”) | 8.76 hours | 43.8 minutes | 10.1 minutes |
99.99% (“four nines”) | 52.56 minutes | 4.32 minutes | 1.01 minutes |
99.999% (“five nines”) | 5.26 minutes | 25.9 seconds | 6.05 seconds |
99.9999% (“six nines”) | 31.5 seconds | 2.59 seconds | 0.605 seconds |
99.99999% (“seven nines”) | 3.15 seconds | 0.259 seconds | 0.0605 seconds |
This information is all very good, but without looking at the fine print it is actually a meaningless and empty promise on the part of the provider. [pullquote]…without looking at the fine print it is actually a meaningless and empty promise on the part of the provider…[/pullquote]Failure to meet an SLA is usually backed by a penalty clause and penalties as an industry standard are not normally too onerous for service providers. Traditionally, the provider gives a percentage of the overall monthly fee back to the user, depending on the length of the outage.
Below is a table showing what a customer could commonly expect to reclaim:
Service Availability during Monthly Review Period |
Service Credits as % of Monthly Rental Charge |
<99.9%-99.8% |
5% |
99.79%-99.5% |
10% |
99.49%-99.0% |
20% |
98.9%-98.0% |
30% |
<98% |
40%
|
The calculation is:ย (Total hours – Total hours Unavailable)/Total hours) x 100
Other important factors to note when looking into the SLA include:
1)ย ย ย The penalty often does not refer to the service as a whole. Your business may have a web server but the SLA may only be for either network or server availability, so the fact that your website is not working may not be relevant.
2)ย ย ย The advertised SLA does not actually match the penalty clause. For example, your business may have been told it will receive 99.999% availability but the penalty clause starts at 99% availability, so you would never be fully compensated.
3)ย ย ย It is also important to explore what time period the penalty is measured over. It is common that providers use a period of 12 weeks, which actually means on a 99% SLA that your business could be offline for 21.6 hours, or on a 99.9% SLA just over 2 hours and still be within the service level.
4)ย ย ย How is the availability measured? Monitoring commonly checks servers at various intervals, e.g. every 15 minutes, every 5 minutes or every minute. Based on these tests, short outages may often go unnoticed and it is often impractical to check with a higher frequency. 99.999% uptime checked every minute will mean that only longer outages will be spotted or that a short 2 second glitch will show up as a minute long outage.
5)ย ย ย It is usually the customerโs responsibility to request service credit checks and SLAโs are therefore not a good way to determine the quality of a service.
โUnlimited bandwidth includedโย or โ1000 GB bandwidth includedโ
What do they these statements actually mean? Well, they could mean any number of things and statements like these often have an * next to them, referring you to an acceptable use policy where they actually restrict you to 400GB of throughput. However, more often the biggest concern is actually how quickly you can get this bandwidth, how big is the Internet connection?
[pullquote]…the biggest pipe will move more Water.[/pullquote]To illustrate this further, if we equate Water to Internet traffic and a Hose Pipe to the Internet connection, the biggest pipe will move more Water and it really does not matter if your contract allows you to move a gallon of Water or not. If the Pipe can only move three gallons and you are sharing it with 1,000 other people then the net result will be a negative experience.
โWe have ISO 27001 for information securityโ
ย There are few points which you need to know about ISO 27001. Firstly it is an information security management system (ISMS) which means that it is a framework for managing security, it is not a standard that ensures that an organisation is actually secure. Only standards such as PCI actually provide any guarantees, as they are prescriptive about processes, not just suggestive.
Due to the fact that it is a system, people can just buy an off the shelf set of processes and procedures and quickly demonstrate an ISMS without actually really properly implementing it. However, there are some new legislation guidelines being released soon, which will mean that the auditor will be paying far more attention to the โmonitor and measurementโ section which will hopefully improve the situation.
[pullquote]…you clearly need to ask more than โdo you have an IS0 27001 accreditation?[/pullquote]When you setup an ISMS the business also sets the scope of the system and some Cloud providers have been known to use this to their advantage. For example, the business could limit the system scope to the โspare partsโ management element of the business then publically broadcast that it is IS0 27001 compliant but conveniently not mention what for. There are positive and negative elements to IS0 27001 and although it is a good indicator on the strengths of a hosting provider, you clearly need to ask more than โdo you have an IS0 27001 accreditation?โ
โSee terms and Conditionsโ
Remember, what a business offers on the website is not necessarily what you get. For instance, I recently witnessed a company offering a Hosted Email solution and on its homepage the provider boldly stated that they offered a free backup service. I could not find this mentioned anywhere else on the website and after further inspection I discovered that their terms and conditions actually stated that backup was NOT included in the service, unless expressly mentioned in your selected email package. I will let you draw your own conclusions on this.
Your business needs to check the terms and conditions closely in order to explore the full nature of the service being provided, particularly on longer contracts. You may sign up for a service which allegedly offers UK Hosting on dedicated hardware, in full IS0 27001 audited facilities, but if the supplier then decides that they wished to migrate over to Amazon Web service, you may not be able to legally stop him. Equally, you may be contractually obliged to continue to use the service regardless of any changes. Contracts should give your business the right to cancel if there is any fundamental change to the nature of the service delivery.
You are nearly always ultimately responsible for your own data and most contracts will state that the service provider shall not be liable for loss or corruption of data or information. [pullquote]…most contracts will state that the service provider shall not be liable for loss or corruption of data or information.[/pullquote]This is not necessarily because they are a poor provider but usually because it is hard, if not impossible, to get insurance against that form of loss โ especially when it is so difficult to place a value on data.
I hope that by reading this blog you have realised that it is easy for providers to hide behind the online world in which we live in, so closely check what you are buying. Just because the website looks good and you recognise the brand, it does not guarantee that you receive the level of service which you are expecting. It is also important to remember that many of the technologies used in the Cloud are new and long standing, strong brands will also be new to these technologies, and their previous ethos may not necessarily work in the new Cloud world. Many companies historically may have been excellent at providing break-fix style contracts, but can they stop things breaking in the first place?
Did you miss Part 1 of Richard’s “What makes a quality cloud hosting provider” series – read itย here.
For more information on virtualDCS and its cloud computing services visit www.virtualDCS.co.uk , call +44 (0) 8453 888 327 or email [email protected]
Richard May, Managing Director, virtualDCS
In 2000 Richard May led the move towards Cloud Services, participating in Microsoftโs first Service Provider Licensing offering (SPLA). This was followed in 2005 by assisting with the Beta program which became VMwareโs Service Provider Program (VSPP). Working closely with these organisations he created one of the first true Cloud platforms in existence, taking ICM NetServ Limited from a small start-up to become one of the UKโs fastest growing ISP hosting businesses.
In 2008 Richard formed a hosting company called virtualDCS (Virtual Data Centre Services), utilising his previous experience he was able to build an Enterprise Class VMware hosting platform, with the accolade of being the first โVMware Service Provider Enterprise partnerโ. Since its formation virtualDCS has focused on its key skills to provide hosting environments, offering hosting services around Infrastructure as a Service (IaaS), Recovery as a Service (RaaS), and Software as a Service (SaaS). Together with his team of experts, they have all the skills necessary to assist you with your business problems.
You can also visit virtualDCS's sister-site at saasexperts.co.uk
Comments are closed.