Cloud Data Storage SLAs: Read the Fine Print
Cloud data storage services are making the transition from consumer, SOHO and SMB up to the enterprise space. Just last week, for example, Verizon (NYSE: VZ) and IBM (NYSE: IBM) announced Managed Data Vault for enterprise backup and recovery.
"Managed Data Vault offers a broad array of enterprise data protection, not just for files, but for very large data stores and transactional database content," said Don DeMarco, IBM vice president of Business Continuity and Resiliency Services. "This addresses the needs of enterprise users with large data footprints, whether it's 15, 50, 150 terabytes or even more."
But as the size of the cloud mushrooms -- along with the volume and importance of the data -- the issue of service level agreements (SLAs) is coming to the fore. Some users balk, for example, at the small print buried in the contracts of services such as Amazon's (NASDAQ: AMZN) Elastic Compute Cloud (Amazon EC2) and Simple Storage Service (Amazon S3), which appear to absolve the vendor of responsibility in some areas.
Mike Karp, vice president and principal Analyst at Ptak Noel Associates, points out that Amazon guarantees "three nines" (99.9 percent) up time for storage services.
"That's better than most users get from their own PCs, but not nearly the level of data access that a professional IT manager would want to offer his company's users," said Karp.
The reason for the legal boilerplate, said Karp, is that Amazon and other cloud providers can assure the integrity of their service within the technology boundaries that they control. Connectivity over the Internet, however, falls outside of that perimeter, so such services are quite reasonable to point out that they can't be expected to ensure service levels for the traffic between their site and the user site. It is good business practice to make sure users are aware of all the exclusions that appear in any service level agreement.
Users of paid-for cloud services have a right to expect appropriate service levels in terms of protecting their data, ensuring privacy and maintaining specified levels of functionality and everything else that happens within the data center, even if that data center is on the other side of the world. The catch is that there is a public Internet in the middle that introduces an unpredictable environment. Few providers are going to offer enterprise-level SLAs for that aspect. And free services offer little or no recourse if things go wrong.
"These are early days for many aspects of cloud computing, and in many areas of cloud-provided services we are still feeling our way," said Karp.
The Cloud, Compliance and Legal IssuesSo what are the major cloud SLA issues to pay attention to? StorageIO Group analyst Greg Schulz cautions users to concentrate on availability, accessibility, data consistency and integrity, security and performance when considering cloud services.
"What this boils down to is a concern about being able to access data once it is moved into the cloud, as well as that the data is consistent, safe and secure," he said. "Some additional concerns also have to do with controls or audits on where data is placed from a compliance perspective, such that certain data cannot be stored or moved across different state or country borders, as an example."
Ultimately, that brings the subject squarely into the legal arena. Daryl Plummer, an analyst at Gartner, said he is all of sudden spending a lot of time with legal staff discussing the cloud.
"I knew the lawyers would wake up and get in this game in a big way, but what has surprised me is the amount of glee these lawyers seem to have re the cloud model and how it affects their companies," said Plummer. "I think they actually enjoy being the center of attention as usual on something that everyone keeps bringing up."
He sees the legal arguments centering around guarantees about where the data is located, regulatory compliance, uptime, privacy, security, bandwidth and SLAs in general. His advice is to educate your own lawyers on the cloud and get them involved in negotiations at an early stage.
One firm focusing on the cloud is Cloud Leverage, which offers a global cloud computing platform. Aimed at the enterprise, its SLAs start at 99.99 percent for cloud storage at one or two data center locations, which is upped to 100 percent for three or more.
"The issues with SLAs in the cloud are the same as with any service: Trust in the organization, comfort level with supposed risk, knowledge of the potential risks factors, and knowledge of methods and technologies to reduce and eliminate that risk," said Jonathan Hoppe, president and CTO of Cloud Leverage. "With the cloud, it is magnified because many of the technologies still seem new and companies are still undecided about how to use cloud solutions."
He reiterated Karp's point about the quality of the Internet connection. While many providers build in terms and conditions to account for Internet interruptions that are outside their control, Cloud Leverage, avoids these issues because of its association with colocation firm Netriplex and its global cloud network.
"We can optimize Internet availability and performance for our clients," said Hoppe.
NetApp and the CloudBut these matters don't just apply strictly to standard cloud providers. They are becoming more of an issue as the vendor community flocks to the cloud. It seems that just about everybody is getting involved. NetApp (NASDAQ: NTAP), for example, has even appointed Val Bercovici as its Cloud Czar in the office of the CTO.
Bercovici said SLAs are not a significant barrier to cloud adoption. For many customers, the SLAs that are in place are acceptable, which you can see with the adoption of cloud-friendly workloads such as messaging and collaboration, analytics and dev/test.
"However, there are some customers who feel that the SLAs are nowhere near as good as they can deliver themselves, so they are shying away from a cloud service model," said Bercovici.
The whole subject of SLAs, he said, is one that has to date been centered on very specific areas of the IT landscape, so many companies are only now beginning to come to terms with its intricacies and are not as well informed about the fine points of cloud SLAs as they could be.
"Many organizations don't have good metrics for their own internal capabilities, so creating SLAs for cloud services can be somewhat disingenuous," said Bercovici. "They are struggling with how to tie these SLAs to actual business impacts and, in the case of the internal IT organizations, how to develop chargebacks to their customers, or penalties for the services they seek in external providers."
His recommendation is to start the cloud adventure by isolating those workloads companies feel comfortable offloading and which ones they want to keep. And if companies are not already delivering services to their internal customers with SLAs, they need to put mechanisms in place to do so.
Like NetApp, Fujitsu is another company extending its offerings to include the cloud. Daniel Lawson, senior director of Solution Offerings and Architecture for Fujitsu America, agreed that SLAs are a primary issue to ensure that performance will be the same as local systems. Accordingly, Fujitsu offers a range of SLAs; Gold, Silver and Bronze. They range from 95 percent up to 99.9 percent and can cover 24x7 or just Monday through Friday.
"We can offer even higher SLAs where business parameters demand," said Lawson. "For storage, we have different SLAs which are focused on the storage tiers, RAID levels and snapshots that are required."
For example, disaster recovery SLAs are becoming more prevalent. In those cases, he said it is not uncommon for clients to expect a Recovery Point Objective (RPO) of less than 30 minutes and Recovery Time Objective (RTO) of four hours. These requests drive the architecture delivered in the cloud.
Be careful what you ask for, however.
"The higher the SLA, the higher the cost," said Lawson.
Follow Enterprise Storage Forum on Twitter