We’re trying to come to an agreement with a SaaS vendor about performance and availability service level agreements (SLAs). I discussed this topic some in my previous “SaaS Headaches” post. I thought it would be instructive to show people the standard kind of “defense in depth” that suppliers can have to protect against being held responsible for what they host for you.
We’ve been working on a deal with one specific supplier. As part of it, they’ll be hosting some images for our site. There’s a business team primarily responsible for evaluating their functionality etc., we’re just in the mix as the faithful watchdogs of performance and availability for our site.
Round 1 – “What are these SLAs you speak of?” The vendor offers no SLA. “Unacceptable,” we tell the project team. They fret about having to worry about that along with the 100 other details of coming to an agreement with the supplier, but duly go back and squeeze them. It takes a couple squeezes because the supplier likes to forget about this topic – send a list of five questions with one of them being “SLA,” you get four answers back, ignoring the SLA question.
Round 2 – “Oh, you said ‘SLA’! Oh, sure, we have one of those.” We read the SLA and it only commits to their main host being pingable. Our service could be completely down, and it doesn’t speak to that. Back to our project team, who now between the business users, procurement agent, and legal guy need more urging to lean on the supplier. The supplier plays dumb for a while, and then…
Filed under Cloud, General
The industry is abuzz with people who are freaked out about the outages that Amazon and other cloud vendors have had. “Amazon S3 Crash Raises Doubts Among Cloud Customers,” says InformationWeek!
This is because people are going into cloud computing with retardedly high expectations. This year at Velocity, Interop, etc. I’ve seen people just totally in love with cloud computing – Amazon’s specifically but in general as well. And it’s a good concept for certain applications. However, it is a computing system just like every other computing system devised previously by man. And it has, and will have, problems.
Whether you are using in house systems, or a SaaS vendor, or building “in the cloud,” you have the same general concerns. Am I monitoring my systems? What is my SLA? What is my recourse if my system is not hitting it? What’s my DR plan?
SaaS is a special case of cloud computing in general. And if you’re a company relying on it, when you contract with a SaaS vendor you get SLAs established and figure out what the remedy is if they breach it. If you are going into a relationship where you are just paying money for a cloud VM, storage, etc. and there is no enforceable SLA in the relationship, then you need to build the risk of likely and unremediable outages into your business plan.
I hate to break it to you, but the IT people working at Amazon, Google, etc. are not all that smarter than the IT people working with you. So an unjustified faith in a SaaS or cloud vendor – “Oh, it’s Amazon, I’m sure they’ll never have an outage of any sort – either across their entire system or localized to my part of it – and if they do I’m sure the $100/month I’m paying them will cause them to give a damn about me” – is an unreasonable expectation on its face.
Clouds and cloud vendors are a good innovation. But they’re like every other computing innovation and vendor selling it to you. They’ll have bugs and failures. But treating them as if they won’t is a failure on your part, not theirs.