In a truly heterogeneous cloud deployment a "good" SLA guarantees "best
volume pricing" even if the service user must shift large volumes of service
requests away from an underperforming (non compliant) service provider. This
aspect of the SLA is critical in maintaining consistent service cost by
eliminating negative pricing disincentives resulting from large shifts of
service volumes to maintain service reliability.
It would usually also provide the pickup service provider with a sustained
redirection of volume to reward them for picking up the slack and or helping
out in an emergency. This process rewards service providers for
"availability" with consistently growing volume and penalizes over committed
service providers with lost business.
Without this guaranteed best pricing service providers are drawn to over
committing "locked in" users by ensuring that their infrastructure has
maximum utilization even as they fail to achieve their customer's
reliability goals.
The volume shifting price lock clause in the SLA breaks that incentive and
ensures that the provider correctly prices a reliable service or at least
allows the customer to receive those services from someone else who has them
available.
Thus it can again be seen how heterogeneous cloud deployments are crucial to
reliable cloud service fulfillment and profitability.
Tom Hanan
If you can't keep it Real,
Don't do the deal!
Dave
--
You received this message because you are subscribed to the Google Groups
"Cloud Computing Use Cases" group.
To post to this group, send email to
cloud-comput...@googlegroups.com.
To unsubscribe from this group, send email to
cloud-computing-us...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cloud-computing-use-cases?hl=en.
I can understand your position as an IaaS "utility" provider trying to
balance infrastructure costs and customer expectations. I also agree that
yield management is a huge issue for any utility.
The problem is that this creates a rather large conflict of interest between
the public good and private profits. This conflict is especially large when
the smooth operation of the society becomes "dependant" on the "utility"
making it "essential" or "mission critical". Thus there has always been a
sharp line between society / "mission critical" utilities which are
legislatively regulated and "best effort" utilities which are regulated only
by the unseen hand of the market.
Most "Good" IaaS / SaaS providers are in fact a mix of the two classes of
service "Mission Critical" and "Best Effort". The best IaaS providers
"Commit" dedicated resources to their mission critical deployments and
"Sell" the rest as "Best Effort". There is NO in between! The service is
either there when you need it or it is not! If you did not pay for it to be
there and the SLA does not guarantee it to be there then it is "Best
Effort".
This is not intended to paint IaaS providers as evil. Although most of their
SLA are not clearly marked as "Mission Critical" "Guaranteed Delivery" or
"Best Effort". More frequently I have seen the blame fall on the deployment
teams that deploy mission / business critical services on "Best Effort"
"Best Cost" IaaS and or SaaS.
As I have said before on this forum, there are some businesses and some
services that thrive on "Best Cost" / "Best Effort" infrastructure but few
if any of these are mission or business critical.
The more prevalent deployments are hybrids of "Mission / Revenue Critical"
and "Growth / Market Cap Critical" where established profit streams are
maintained with predictable "Mission Critical" services and Company
Valuation is grown with "New" profit streams acquired using lower cost "Best
Effort" infrastructure.
Thus it is essential that companies deploying services onto IaaS and SaaS:
1) Clearly understand how both revenue & growth are impacted by their
heterogeneous mix of Revenue & Growth Critical deployments.
2) Select and work with providers that can and will distinguish between
their "Best Effort" (growth) and "Mission / Revenue Critical" offerings.
3) Provide a clear heterogeneous framework for reliably shifting Dynamic
"Best Effort" to Guaranteed "Mission Critical" as the company's revenue
dependency grows.
4) Provide a clear heterogeneous framework for reliably and dynamically
shifting "Mission / Revenue Critical" deployments to other providers to
maintain the SLA's maximum response times.
5) Provide a clear financial "incentive" to the IaaS and SaaS provider(s) to
maintain mission critical response times below the SLA's maximums. This
includes eliminating any financial "disincentive" for the IaaS / SaaS
consumer for load shifting as a result of the breach.
These critical capabilities allow both the IaaS / SaaS provider and consumer
to create and manage a solid win/win heterogeneous deployment that provides
a clear path to profitable growth for both.
Robert,
Having said this it is obvious that you have described a "Best Effort"
pricing model that dynamically "prices" resources to maximize profits and
utilization. That is a great example of the unseen hand of the market
appropriately pricing "Best Effort" services.
Unfortunately you did not describe a "subscription pricing" mechanism by
which you managed "Mission Critical" services in the event of a breach of
the SLA during predictable "Peak Demand" and or infrastructure failure /
over commitment. You vaguely described that you had "large" high volume
customers whom you implied received a volume discount but made no mention of
structured prioritization and or guaranteed resource availability.
OK so you will probably have one of the lowest "Best Effort" costs in the
market place but how will I "KNOW":
1) You will not re-allocate my SLA capacity to someone willing to pay more
for it during peaking?
2) You will not penalize "MY" volume pricing based on "MY" need to shift my
loading somewhere else when your response times exceed my mission critical
SLA requirements?
I have to go back to my assertion that there are very few IaaS / SaaS
deployments that are not Hybrids of "Known Cost" "Revenue Critical" &
"Lowest Cost" "Best Effort".
So how can I use your IaaS service to address the "Known Cost" "Revenue
Critical" core of my deployment? I can't figure out how your RSS system
provides me with the ability to manage quality of service and price. But the
IaaS / SaaS deployments I help succeed MUST do just that. Even low cost and
free services fail if they are not reliably available / responsive to the
customers upon which their critical revenue streams are dependant.
I can figure out how to "shift" loading away from your "Best Effort" service
as response times approach critical points that will destabilize my ability
to deliver revenue critical services. But now I am likely shopping for those
services at the worst possible time!
Unless of course I find one or preferably more IaaS / SaaS providers that
will provide me with core "guaranteed resource availability" (prioritized
over all dynamic "best effort" pricing). I will of course need an SLA that
allows me to back that guarantee of performance up with an ability to
maintain my volume pricing even if SLA breaches by the IaaS / SaaS provider
drop my volume levels. In a best case scenario I would have an aggressive up
and coming IaaS / SaaS provider acting as a backstop to the tried and true
provider. The up and coming provider gets a "Best Effort" dynamic load
sharing commitment which ratchets up as mission critical loads are shifted
due to SLA availability breaches.
This is a win / win for everyone:
1) The tried and true IaaS / SaaS provider can continue to rapidly grow
revenue & profits by optimizing revenue during peak periods.
2) The up and coming IaaS / SaaS provider has a built in growth plan based
on best effort services which ratchet up as a result of accepting increasing
volumes of mission critical loads which are not satisfied by the tried and
true provider. These are typically price matching contracts based upon the
tried and true providers. Thus the up and coming IaaS / SaaS provider gets
stabilized pricing critical to his growth.
3) The deployment team gets a reliable frame work within which it can
optimize BOTH it's revenue and growth critical IaaS and SaaS deployments.
Robert,
This is a discussion about SLA. The objective of IaaS / SaaS SLA are
reliable & cost effective delivery of services.
The SLA either includes availability criteria which support the service
recipient's revenue and growth objectives or it does not.
If the IaaS / SaaS service recipient's revenue & growth objectives are not
clearly protected by the SLA then the "SLA" is pure "Best Effort" "CYA"!
You just can't have it both ways.
The following anecdotal musing is not targeted at Robert or his highly
appreciated response.
============================================================================
================
Snake Oil is when someone sells you a $30 bottle of $2 heroin laced mineral
oil with a fancy label, because they market it as cure for cancer.
In the bad old days of patent medicines, when you did not have to disclose
what was in the bottle, the cure(s) killed more people than the disease.
A business run "solely" on dynamically allocated / priced "Best Effort" IaaS
/ SaaS is a lot like someone taking snake oil laced with heroin. They
quickly get addicted to an unsustainable dependency. A dependency that ends
abruptly when management / owners force a transition to sustainable revenue
/ profitability.
The business equivalent of rehab! (A heroic effort to break life / company
threatening habits)
Tom Hanan
If you can't keep it real,
1) I did not say that you did not provided subscribed services that were not
prioritized over "best effort". I said your post did not describe the
mechanism by which availability is assigned and guaranteed to your customers
who purchase that service. I was hoping you would take my post as an
opportunity to do just that so the readers of this blog could put such
services into perspective. I failed and I apologize.
Perhaps you could take that opportunity now?
2) Fierce competition does not in itself negate the value of a "Utility" to
the public good or its need for regulation. Cell phone companies are an
example of a rapidly growing "public good" utility that is fiercely
competitive and highly regulated. Neither price or availability are
regulated. What is regulated is the relationship and contract with the
customer. Thus it is the portability and common description of services that
is ultimately regulated.
3) My underlying point is not that IaaS / SaaS vendors and or competition
are bad or good. It is that their SLA & contracts do not support true
heterogeneous competition for best availability at the best price. If
anything their contracts and SLA go out of their way to make their services
less portable in a heterogeneous environment.
Again I encourage you to let us all know how your service, SLA & contracts
and overcome this vexing issue.
4) I agree that there is little correlation between size of vendor and
reliability. But I have found that larger providers, with larger aggregated
deployments, have more dynamic (utilization priced) resource availability
than smaller providers who are focused on increasing their base revenue by
providing exceptionally responsive services and flexible SLA that stand
behind the customers core needs.
Again I am not saying one is better than the other, just the opposite, I am
saying that many organization combine the strengths of both into a
heterogeneous deployment that is far better matched to business goals than
if it were deployed on one or the other.
Again I mean no disrespect and I am not targeting your companies' service. I
am describing an elephant in the room that has been stomping the life out of
many organizations transitioning their deployments away from dedicated
resources and into the cloud.
I also do not wish to imply that this is any more of a problem than that
faced by an organization attempting to "own" all of its core and dynamic
computing capacity. Frankly it is not!
5) My hope in posting this response is that you will take a hard look at
your service offerings and SLA and post an optimistic response on how your
services could be packaged for use in a "State Of the Cloud" heterogeneous
deployment. Real feedback from vendors and customers alike are crucial. My
personal experience is that most providers have the capability to provide
these services but only do so when challenged to do so by a major customer
and their pesky consultant(s).
Take the initiative, draw business to you, by providing a heterogeneous
frame work for cloud deployments that makes your company a standout in a
crowded room!
Your organization has already come a great deal of the way by providing a
simple, automated mechanism, for pricing and clearing underutilized Dynamic
resources. I honestly think we are agreeing more that we disagree.
Structure that dynamic script into a multi vendor (heterogeneous) script and
you’re a few yards from the finish line and ten steps ahead!
Robert,
I would again like to thank you for your posts.
If you would like to "talk" offline before you reply
you can e-mail me at tom....@switchcomputing.com.
You have earned my respect thus some my time.
Tom Hanan
Dear Tom,
Kind regards,
Robert
--
The need for a Heterogeneous (Multi Vendor) deployment is more a function of
ensuring that you have options when service availability / disruption issues
arise due to outages or unexpected (but desirable service growth).
Providing maximum UP-Side opportunity when and if your business grows faster
than your vendor or has seasonal peaks that grow faster than your vendor.
That's the kind of stuff that separates the boys from the men where
investors are concerned.
Social networking is a great example of deployments that "sometimes" have
nearly unmanageable user acquisition rates and rapidly growing peak resource
consumption. Something their founders and investors are working hard to
encourage!
All in all it's about best business practices (maximizing revenue growth and
retention opportunity) driving best cloud deployment practices.
Dear Tom,
Thanks for the input.
Regards
--
This is a great discussion everyone!
Just the kind of feedback and insight from both sides necessary to create solid agreements.
I wanted to take a moment to highlight what I see as the best underlying practices discussed.
1) Simpler, clearer, decisive objectives and language are ALWAYS better.
2) There are only (4) things to define:
a. What you are offering / guaranteeing. (Don’t include things BOTH parties can’t independently measure)
b. How and by whom it is measured (see “a” above)
c. What is the customer’s recourse when the guaranteed & measured levels are not delivered
d. The terminology used in the SLA (not as well agreed upon as you might think, especially in court)
3) The core of the SLA should be three pages or less:
a. A section describing the service and what is guaranteed.
b. A section describing how the service is measured and by whom.
c. A section describing the customers recourse when the guaranteed services are not met.
d. A section describing the definitions for all terms used in the SLA. (Quote standardized definitions whenever possible)
I am working on a boiler plate for the above and am looking for feedback from IaaS, SaaS and PaaS providers and customers.
Robert, from CloudSigma, has already provided some great feedback.
They sound like a customer focused group, who like to keep things simple and concise.
Remember a good SLA is ALWAYS cheaper than ANY litigation!
Tom Hanan
If you can’t keep it real,
Don’t do the deal!
--
Difficulty doesn't get in the way of what is necessary. Failure to have agreeable metrics available to both sides opens the door to litigation.
Good observations David.
I have some thoughts to add on the legal aspects of the SLA.
1) An SLA should be written so that it “CAN” act as the “Guarantees” section of a contract. The “Guarantees” section is the most litigated section in my experience. Clearly written SLA significantly reduce the time / cost an arbiter / judge needs to achieve a resolution. A simple 3 page SLA could require arbitration around clear service level objectives with clear and limited recourse.
2) Heterogeneous (multi provider) deployments allow simpler SLA which describe simpler limited liability for the service provider(s). This is due to the fact that the customer is indemnified by the provider(s) for any financial penalty for shifting workload from one provider to another when service level objectives are not met. Thus both the customer and provider are mutually indemnified against the “cascading losses” that “good lawyers” are trying to protect their clients against. Thus a SHLA (Simplified Heterogeneous Liability Agreement) uniquely allows both the service provider and consumer to optimize their deployment, in very dynamic conditions, without dynamically changing their liability exposure.
3) I do have to agree with David that there are SLA guarantees, such as data security, where a heterogeneous deployment will not be able to address cascading liability. The good / bad news is that these aspects are almost all regulated by law and thus the SLA need only refer to the mandated provider requirements. Litigation of these standardized / regulated aspects of the provided service will be covered by the contracts standardized and regulated legal clauses.
4) Data integrity is however commonly mandated and addressed using heterogeneous backups and mirrors. Thus data integrity can be addressed using the same SHLA (Simplified Heterogeneous Liability Agreement).
Just a few quick thoughts:
The SHLA (Simplified Heterogeneous Liability Agreement) provides simplified “limited liability”, for both the provider AND customer, through simplified “customer recourse”. Essentially it is shifting the burden back onto the deployment team to forsake the promises written on a piece of paper for the ability to respond to dynamic shifts in demand and supply provided by a heterogeneous deployment. SHLS are based on a solid capitalistic foundation that both prices and deploys reliable heterogeneous resources efficiently.
Stability and opportunity,
the core goals of any “real” deployment!
Look for my draft SHLA (Simplified Heterogeneous Liability Agreement) at the beginning of 2011. I encourage any service providers interested in an open source SHLA (Simplified Heterogeneous Liability Agreement) to send me their < 3 page SLA. I would like to incorporate as many of the best practices they contain in my initial open source draft.
If you would like to privately address the opportunity for a customized SHLA (Simplified Heterogeneous Liability Agreement) then send me a private e-mail.
I have some time available at the beginning of the year.
Tom Hanan
If you Can’t keep it real,
Don’t do the deal!
************* Legal Disclaimer *********************
Tom Hanan is not a licensed attorney or a representative of a licensed attorney. All comments related to legal precedence and or documents are my own opinions and suggestions and should not be considered or used without proper review by a qualified legal professional licensed to practice in the appropriate judicial jurisdictions.
***********************************************
--
Good observations David.
I have some thoughts to add on the legal aspects of the SLA.
1) An SLA should be written so that it “CAN” act as the “Guarantees” section of a contract. The “Guarantees” section is the most litigated section in my experience. Clearly written SLA significantly reduce the time / cost an arbiter / judge needs to achieve a resolution. A simple 3 page SLA could require arbitration around clear service level objectives with clear and limited recourse.
2) Heterogeneous (multi provider) deployments allow simpler SLA which describe simpler limited liability for the service provider(s). This is due to the fact that the customer is indemnified by the provider(s) for any financial penalty for shifting workload from one provider to another when service level objectives are not met. Thus both the customer and provider are mutually indemnified against the “cascading losses” that “good lawyers” are trying to protect their clients against. Thus a SHLA (Simplified Heterogeneous Liability Agreement) uniquely allows both the service provider and consumer to optimize their deployment, in very dynamic conditions, without dynamically changing their liability exposure.
3) I do have to agree with David that there are SLA guarantees, such as data security, where a heterogeneous deployment will not be able to address cascading liability. The good / bad news is that these aspects are almost all regulated by law and thus the SLA need only refer to the mandated provider requirements. Litigation of these standardized / regulated aspects of the provided service will be covered by the contracts standardized and regulated legal clauses.
4) Data integrity is however commonly mandated and addressed using heterogeneous backups and mirrors. Thus data integrity can be addressed using the same SHLA (Simplified Heterogeneous Liability Agreement).
Just a few quick thoughts:
The SHLA (Simplified Heterogeneous Liability Agreement) provides simplified “limited liability”, for both the provider AND customer, through simplified “customer recourse”. Essentially it is shifting the burden back onto the deployment team to forsake the promises written on a piece of paper for the ability to respond to dynamic shifts in demand and supply provided by a heterogeneous deployment. SHLS are based on a solid capitalistic foundation that both prices and deploys reliable heterogeneous resources efficiently.
Stability and opportunity,
the core goals of any “real” deployment!
Look for my draft SHLA (Simplified Heterogeneous Liability Agreement) at the beginning of 2011. I encourage any service providers interested in an open source SHLA (Simplified Heterogeneous Liability Agreement) to send me their < 3 page SLA. I would like to incorporate as many of the best practices they contain in my initial open source draft.
If you would like to privately address the opportunity for a customized SHLA (Simplified Heterogeneous Liability Agreement) then send me a private e-mail.
I have some time available at the beginning of the year.
Tom Hanan
If you Can’t keep it real,
Don’t do the deal!
************* Legal Disclaimer *********************
Tom Hanan is not a licensed attorney or a representative of a licensed attorney. All comments related to legal precedence and or documents are my own opinions and suggestions and should not be considered or used without proper review by a qualified legal professional licensed to practice in the appropriate judicial jurisdictions.
***********************************************
From: cloud-comput...@googlegroups.com [mailto:cloud-comput...@googlegroups.com] On Behalf Of David Moskowitz
Sent: Wednesday, December 29, 2010 7:16 PM
Subject: Re: [Cloud Computing Use Cases 1106] Re: SLA
--
You received this message because you are subscribed to the Google Groups "Cloud Computing Use Cases" group.
To post to this group, send email to cloud-comput...@googlegroups.com.
To unsubscribe from this group, send email to cloud-computing-us...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cloud-computing-use-cases?hl=en.
2) Heterogeneous (multi provider) deployments allow simpler SLA which describe simpler limited liability for the service providerllevel objectives are not met. Thus both the customer and provider are mutually indemnified against the “cascading losses” that “good lawyers” are trying to protect their clients against. Thus a SHLA (Simplified Heterogeneous Liability Agreement) uniquely allows both the service provider and consumer to optimize their deployment, in very dynamic conditions, without dynamically changing their liability exposure.
There needs to be clear and unambiguous declaration of responsibility. Which provider (if there's more than one) owns (and is, therefore, responsible for) the customer relationship and satisfaction. Agreements have to be crafted to avoid the typical finger pointing that is part of all too many relationships.
3) I do have to agree with David that there are SLA guarantees, such as data security, where a heterogeneous deployment will not be able to address cascading liability. The good / bad news is that these aspects are almost all regulated by law and thus the SLA need only refer to the mandated provider requirements. Litigation of these standardized / regulated aspects of the provided service will be covered by the contracts standardized and regulated legal clauses.
What needs to be included in the SLA are statements about more than just what is regulated/mandated. Very often a customer will have their own requirements in this area. Also considered needs to be issues of continuity (what happens if... and there are at least 2 aspects of this: what happens if the provider has to invoke or if the customer invokes), capacity (aka performance levels), availability, maintainability, etc...
To unsubscribe from this group, send email to cloud-computing-us...@googlegroups.com.
David,
I guess we may have a bit of a break in philosophy here.
The concept of using a SHLA (Simplified Heterogeneous Liability Agreement) is that everyone’s liability and exposure are reduced by dynamic provider portability. But simplified heterogeneous provider portability “requires” standardization of the infrastructure AND the liability contract across providers. The very concept of having a unique contract with each provider builds in barriers to dynamic portability which negates the ability of customers to move dynamically between suppliers with “Like” service offerings to mitigate liability to themselves and their providers. The legal work to “qualify” multiple heterogeneous providers is just too time consuming for an overloaded deployment team.
Insurance companies have fully developed the legal process and definition of the “clients responsibility to minimize damage” and it is under this umbrella that the SHLA allows / requires the client to dynamically move loads (as their primary recourse) when a provider fails to meet their SLA. The ability to move the load is the sole protection afforded both the customer AND the provider.
When you think about it the simplest limited liability agreement possible is a provider that allows you to dynamically and or permanently re-deploy resources to another provider when they are unable to meet the customer’s dynamic growth and or contracted minimum volume.
1) When due to unplanned demand by the customer, that exceed minimum volume guarantees, the providers are protected by keeping the volume loading they contracted for and delivered. The customer is then free to satisfy the peaks and or rapid growth with increases to the existing contracts minimum availability and or shifting the additional “un-guaranteed’ loading to another provider willing and able to provide “guaranteed” service for the additional loading. This scenario is complicated a little when you add in a “first right of refusal” clause that gives the existing “contracted” provider the ‘first option” to ratchet up their minimum guaranteed volumes under the existing terms, if they have not previously failed to deliver that volume of service dynamically.
2) When due to a temporary failure by the provider to “deliver” the minimum volumes contracted for by the customer, the client is allowed to dynamically re-deploy the unsatisfied volumes to another provider without an increase in cost and or services associated with the lower levels of volume. >98% of the “beyond our control” service interruptions fit into this category.
3) When due to catastrophic and or repetitive failures to deliver “minimum guaranteed” volumes “a breach” (a consistent failure to deliver contracted volume), then the customer may, at their option, permanently re-deploy the contracted volume to another provider without penalty. This just doesn’t happen very often with quality providers! Especially the ones that provide subscription based volume services.
The net of these three simple recourse categories, backed up by three pages of “standardized” legalese, is an SHLA (Simplified Heterogeneous Liability Agreement) that clearly places the burden to address dynamic and or consistent “provider” unavailability on the customer and clearly protects the customer from higher deployment costs due to that dynamic and or consistent failure to meet their volume needs.
It also clearly places the burden of “keeping” their customers on the providers ability to reliably “deliver” the guaranteed service levels. Satisfying the customer’s dynamic and growing baseline volume needs is the clear path to growth already practiced by the best providers.
It should be noted that providers are naturally protected from abusive customers since the customer must shop (Price) the re-deployed services out to another provider at current market or pre-negotiated rates.
Again the goal here is to enable real dynamic growth and reliable deployments through SHD (Simplified Heterogeneous Deployments). Standardizing the deployment contracts (if not the price) across multiple providers is at the core of SHD. SHDP (Standardized Heterogeneous Deployment Packaging) is already far ahead of the SHLA.
Again 99% of all the “customized legalese” in existing SLA are intended to address the unreasonable expectation of customers that they can “Guarantee” deployment success with a piece of paper (SLA / Contract) instead of “Assuring” it with a heterogeneous deployment. Once you eliminate that “unreasonable” expectation you eliminate 99% of the stuff the lawyers argue back and forth about as they seek to provide their clients with the best wiggle room if expectations are not met. Each of these “customized” agreements is unique and essentially binds the hands of the deployment team preventing them from “knowing” the financial impact of a redeployment which must be done to “protect” revenue “now”! So unless you’re a CIO with a degree in contract law and finance you’re not likely to be able to make that critical decision until you wake up the lawyers and the rest of the O’s. A career limiting event at best!
I have looked at a wide range of non heterogeneous SLA and frankly “NONE” of them protect the customer from the lost revenue / opportunity / valuation that accompanies a poorly timed outage. No provider lawyer in his right mind would allow their client to place themselves at that level of financial risk! Providers are not in the business of providing loss of revenue insurance.
Thus the core of SHD is that it concentrates on “Assurance” instead of “Insurance”. Insurance contracts are convoluted heavily litigated documents, Assurance contracts are simple. If I don’t deliver the service you are free and able to get the service elsewhere (true technical & financial portability). Think of it as a meritorious “Servocracy”.
As I have pointed out before, SHD with SHLA are not for everyone, but their core business advantages for customers and providers will likely create a rapidly growing segment which addresses the dynamic volume and high availability needs of large and small customers and providers.
I see:
1) A growing number of aggressive providers implementing the initial SHD with SHDP & SHLA.
2) Competent deployment teams moving new deployments to SDH until they gain the confidence to re-deploy existing deployments to SHD.
3) Startup companies, and their VC, that live and die on creating and enabling dynamic upside, making SDH the new “best practice” for rapidly growing deployments.
4) Initial SDH providers capturing market share because of their aggressive support of their customer’s true needs.
5) SDH provider volumes hockey-stick as customers drive SDH as the new “best practice” for highly dynamic / available deployments.
6) Traditional providers implementing SDH to protect their core customer base as their contracts expire.
Again David,
I think your comments are good and very consistent with existing non SDH contracts and SLA.
Perhaps you could contribute to the specifics of the legalese needed to back up a solid SHLA?
Something that looks more like a fill in the blank non disclosure agreement than a 20 page contract?
Something that could one day be made machine readable / actionable?
These are my observations,as I am working on governance, SLAs, Contracts and international security standards determine the course of governance within the clouds during the relative shift of controls between cloud user and cloud provider within the layers of the cloud SaaS, PaaS and IaaS.) An SLA should be written so that it “CAN” act as the “Guarantees” section of a contract. The “Guarantees” section is the most litigated section in my experience. Clearly written SLA significantly reduce the time / cost an arbiter / judge needs to achieve a resolution. A simple 3 page SLA could require arbitration around clear service level objectives with clear and limited recourse.
It's better to separate the legal issues from the performance issues. Guarantees and penalties should be part of the contract that reference the SLA by inclusion as an addendum or appendix or... I'm less concerned about page length than I am about simple, easy to understand, and crafted primarily in business terms (versus technical language). That said, I agree the SLA portion of the contract should not be any longer than needed -- with shorter better.The legal issues cannot be seperated, (not referencing SLA) cloud has legal issues rather then technical.SLAs are meant for Quality of Service (QoS), what cloud provider may provide to the user. I am using "may" because cloud providers dont invisage any form of guranttee that they can provide 100% service. if you consider it from the technical perspective, they are allowed the"due care" to the extend that a normal netwrok can provide the information or process it. Then there are some technological controls which are not in the power of cloud provider or user, for example the bradband excess, routing, network confidentiality, these things must be in mind while designing SLAs.
to reinforce SLAs to produce governance, confidence in consumer, the general contracts may be designed in a manner that should not be harsh to cloud provider nor to the user. For example lets take Guarantees, cloud provider and user agrees that security in terms of confidentiality, integrity and availability, is provided by cloud provider, if any dispute occurs, both parties may refer the arbitration for dispute resolution, cloud in its definition is transnational , therefore here the jurisdiction matters which law is needed to be applicable. second point is despite Guarantee is provided, the law enforcements comes and asks for the data. The common rule as espoused by 4th amendment united states constitution (katz case) is whenever the data is substancially in controll of the third party, the victim cannot seek the remedy under reseable expectancy of privacy (4th ammendment). In this case the cloud provider can provide the data to the law enforcement under patriot act etc. Giving guarantee in this context may not work, similarly, in security terminology we describe that nobody is 100% secure. Guarantee clause cannot provide defence for this.I agree that SLA should not be part of COntract, However, I suggest that SLAs should be designed in a way to substantially commensurate the contracts.
Thanks for the great comments Rizwan!
Your comments about the reality of performance QoS being read by the courts as “may” is the reality between unrealistic (phantom) limited recourse “insurance” guarantees with Due Care, Due Diligence and 3rd party exclusions verses the (real) “Assurance” recourse available in SHD (Simplified Heterogeneous Deployment). E.g diversifying your deployments diversifies your real service and network provider risks. The more intelligently you diversify your deployment the higher your real deployment assurance. Server and network Provider as well as geographic and political diversity can be a major consideration in any true “assured” deployment.
Such diversity means that server and network providers in different jurisdictions have different assurance capabilities based upon the regional laws that govern their standards for due care / diligence. This is the area where I think you and David bring up the best arguments for legal addendums that describe how and where each provider’s definition of these terms are governed. As an example Katz has no basis in the actions of Swiss providers or US firms who use such providers to provide services outside the US, typically through a foreign subsidiary.
Espionage aside, such 3rd party diligence of encrypted data with the “expectation” of privacy are fairly clear. The right / liability of making public “encrypted data” with an expectation of privacy is also fairly clear in most jurisdictions around the world. In all of these cases the providers and their customers are indemnified by the legal and or illegal actions of third parties so long as they perform “Due Care” as described in their governing jurisdiction.
It is interesting to note that common “Due Care” clauses include an exception clause that exempt specific assurances where they are not supported by governing law in either the provider, customer or end user jurisdiction. Thus a company in the US using a Swiss service provider could provide higher levels of assurance than if the same servers and data were located in China or the United States. However their recourse would be limited to that of the lesser of the two jurisdictions. It is in this last “lowest common denominator” statement that a simplified description is available.
“The level of assured “due care” is thus the lowest required within the jurisdictions in which the infrastructure provider, service deployer and or end user resides or accesses the service.”
Thus a document / table of governing case law by jurisdiction could describe and or summarize the lowest assurance for a given deployment across multiple jurisdictions. It might also include exclusions which prevent certain types of information, who’s security are governed by regional law, from being processed, transported and or delivered in some regions.
Today’s reality is that most people have no idea how badly exposed their data is or how little actionable recourse they have.
This is why some heterogeneous deployments maintain 100% regional deployments to service regional end users.
Try communicating that without an SDH!
Rizwan,
Perhaps you could contribute to the development of a simplified “due care” statement and jurisdictional table.
As Davit points out it can sometimes be beneficial to separate objectives
from legal obligations. But I have found that if you make the legal
obligations simple enough you can bring the two much closer together! In
either case you need standardized contracts / SLA to achieve true
portability. To do that you need obligations and liabilities that are simple
enough to agree upon!
-----Original Message-----
From: cloud-comput...@googlegroups.com
[mailto:cloud-comput...@googlegroups.com] On Behalf Of Miha
Ahronovitz
Sent: Friday, January 07, 2011 9:22 AM
To: Cloud Computing Use Cases
Cheers,
Miha
cloud-computing-us...@googlegroups.com.
David,
how do you propose a standardized connection between a business term SLA, which is considered a contract or at least a referenced document / addendum and there for modifying document by most jurisdictions and “the” contract?
Are you arguing for a standardized contract / SLA to achieve the goal of standardized / simplified heterogeneous deployments and the necessary standardization of the supporting agreements / contracts or are you against the goal and such standards?
I did not see supporting standardized contracts for the documents at ITIL.
Did I miss them? Are they less than a few weeks old?
--
You received this message because you are subscribed to the Google Groups
"Cloud Computing Use Cases" group.
To post to this group, send email to
cloud-comput...@googlegroups.com.
To unsubscribe from this group, send email to cloud-computing-us...@googlegroups.com.
I have also seen that a very small amount of well crafted and practically unintelligible legalese outside the context of the SLA and or SLO completely eliminate any legitimate recourse. This is what changed my focus years ago to availability “assurance” through “diversity” instead of allowing lawyers to confuse the difference between a promise made and one fulfilled.
As I have said here many times the bulk of all agreements are really “best effort” when you get in front of a judge or arbiter. So why not admit it and architect your offerings and solutions to make that work for everyone instead of against everyone.
A friend of mine, a corporate lawyer, once told me that his job in creating language for contracts was that of a street magician.
1) No one signs until they “believe” they know which shell the pea is hidden under.
2) Everything is fine until someone turns over the last shell and find out there is no pea!
In the case of most deployment agreements, that reference but supersede their attachments, there is no practical recourse which matches the actual damage due to the failure and therefore no pea! The pea is the value and ability of anyone to make a greater assurance than “I will not financially penalize you or block you from moving volume when I do not fulfill it.” That is a very simple statement to describe even in legalese!
So why not eliminate the pea and the shell game to begin with?
Thus is the goal of SDH.
Understand what you “need” from a deployment and “pay” for what you get.
Tom Hanan
If you can’t keep it real,
Don’t do the deal!
From: cloud-comput...@googlegroups.com [mailto:cloud-comput...@googlegroups.com] On Behalf Of David Moskowitz
Sent: Thursday, January 06, 2011 12:03 PM
Subject: Re: [Cloud Computing Use Cases 1109] Re: SLA
Sounds good.
Let’s look at this from the heterogeneous portability aspect.
That is where the differences in our comments seem to be centered.
I look forward to your feedback.
--
Sounds good.
Let’s look at this from the heterogeneous portability aspect.
That is where the differences in our comments seem to be centered.
I look forward to your feedback.
From: cloud-comput...@googlegroups.com [mailto:cloud-comput...@googlegroups.com] On Behalf Of David Moskowitz
Sent: Saturday, January 08, 2011 5:54 PM
Subject: Re: [Cloud Computing Use Cases 1119] Re: SLA
--
You received this message because you are subscribed to the Google Groups "Cloud Computing Use Cases" group.
To post to this group, send email to cloud-comput...@googlegroups.com.
To unsubscribe from this group, send email to cloud-computing-us...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cloud-computing-use-cases?hl=en.
Thanks for the candid response.
Your points about “points of responsibility” are well taken.
I think you will be pleased by what comes out in the near future.
It will include Multi vendor SLA as well as provisions for prime contractors who aggregate the multivendor relationship(s) into a single customer facing relationship.
Here are some probable prime contractor business models:
1) Prime contractor will be a deployment teams’ primary infrastructure vendor.
2) Prime contractor will be a third party who aggregates multiple vendors into a heterogeneous deployment by providing varying levels of service & support.
3) Prime contractor will be a virtual infrastructure provider aggregating all their customers in to a single heterogeneous load while providing levels of service & support.
The above examples cover a very wide and diverse set of existing business models for cloud deployments.
To be frank all of them already exist to some degree or another!
Anyone interested in understanding the unique nature of HDPC (Heterogeneous Deployment Prime Contractor) opportunities is welcome to contact me privately.
It’s a field that will no doubt experience rapid growth among existing and emerging players.
Tom Hanan
If you can’t keep it real,
Don’t do the deal!
Miha,
Your request to call a Simplified Heterogeneous SLA just that is warranted and a good one that I will incorporate.
Please be patient I am trying to incorporate received suggestions here and elsewhere that I think will make the first draft both simple and comprehensive enough so others can productively comment upon and improve it.
-Tom