Tuesday Take-Away: The True Role of the SLA

/in

As you look towards cloud solutions for more cost effective applications, infrastructure, or services, you are going to hear (and learn) a lot about Service Level Agreements, or SLAs.  Much of what you will hear is a big debate about the value of SLAs and what SLAs offer you, the customer.

Unfortunately, the some vendors are framing the value of their SLAs based on the compensation customers receive when the vendor fails to meet their service level commitments.  The best example of this attitude is Microsoft’s comparison of its cash payouts to Google’s SLA that provides free days of service.  Microsoft touts its cash refunds as a better response to failure.  Why any company would send out a marketing message that begins with “When we fail …” is beyond me.  But, that is a subject for another post someday.

That said, Microsoft and its customers that are comforted by the compensation, are totally missing the point of the SLA in the first place.  Any compensation for excessive downtime is irrelevant with respect to the actual cost and impact on your business.  And unless a vendor is failing miserably and often, the compensation itself is not going to change the vendor’s track record.

The true rule of the SLA is to communicate the vendor’s commitment to providing you with service that meets defined expectations for Performance, Availability, and Reliability (PAR).  The SLA should also communicate how the vendor defines and sets priorities for problems and how they will respond based on those priorities.  A good SLA will set expectations and define the method of measuring if those expectations are met.

Continuing with the Microsoft and Google example.  Microsoft sets an expectation that you will have downtime.  While the downtime is normally scheduled in advance, it may not be.  Google, in contrast, sets an expectation that you should have no downtime, ever.   The details follow.

Microsoft’s SLA is typical in that it excludes maintenance windows, periods of time the system will be unavailable for scheduled or emergency maintenance.  While Microsoft does not schedule these windows at a regular weekly or monthly time frame, they do promise to give you reasonable notice for maintenance windows.  The SLA, however, allows Microsoft to declare emergency maintenance windows with little or no maintenance.

In August 2010, Microsoft’s BPOS service had 6 emergency maintenance windows, totaling more than 10 hours, in response to customers losing connectivity to the service, along with 30 hours of scheduled maintenance windows.  In line with Microsoft’s SLA, customers experienced more than 40 hours of downtime that month, which is within the boundaries of the SLA and its expectations.  On August 17, 2011, Microsoft experienced a data center failure that resulted in loss of Exchange access for its Office365 customers in North America for as long a five hours.  The system was down for 90 minutes before Microsoft acknowledged this as an outage.

Google’s SLA sets and expectation for system availability 24x7x365, with no scheduled downtime for maintenance and no emergency maintenance windows.

The difference in SLAs sets a very different expectation and makes a statement about how each vendor builds, manages, and provides the services you pay for.

When comparing SLAs, understand the role of maintenance windows and other “exceptions” that give the vendor an out.  Also, look at the following.

  • Definitions for critical, important, normal, and low priority issues
  • Initial response times for issues based on priority level
  • Target time to repair for issues based on priority level
  • Methods of communicating system status and health
  • Methods of informing customers of issues and actions/results

Remember, if you need to use the compensation clause, your vendor has already failed.

 

 

 

Friday Thought: Is it Time to Move?

/in

With the popular media focus on the economy, it is natural for the “Tech” press to report on the impact of current economic conditions on IT plans and spending.  Much of the discussion has focused on whether companies will spend on IT initiatives or will they hold off until the economy improves.

I prefer to ask a different question:

On what will you be spending your IT dollars?

For me, IT spending is not a matter of if, organizations should focus on what and when.

For many reasons, now is the time to move to cloud solutions.

  • Ability to Move: For many small and mid-size enterprises, boom times are too busy to upgrade IT systems.  During a slow-down, companies can allocate resources to IT projects more easily.  Successful IT projects are not just technical, they need the involvement and support of managers and end users.
  • OpEx vs CapEx: Upgrading traditional in-house systems requires up front capital, requiring many businesses to borrow or to use valuable cash on hand.  Given the current economy and credit markets, both options pose a challenge.  Cloud Solutions, on the other hand, are an operating expense.  You pay for what you use, when you use it.
  • Lower Costs: For most organizations, cloud solutions will save them money.  Not just in terms of dollars out the door, but in terms of improved communications and efficiency.
  • Stagnation: Organizations that fail to maintain and upgrade their technologies risk stagnation.  “Catch up” efforts always cost more than prudent maintenance and incremental updates.
  • Preparedness: When the economy turns around and growth returns, will you be ready?  Sound planning and effective improvements can prepare you for the next uptick in business and your next round of growth.

Interest in learning more about how cloud solutions might benefit your organization?  Contact me.  I am happy to explore opportunities and options with you.

Tuesday Take-Away: Is VDR a Cure?

/in

In the first two posts in our Backup series, we covered the difference between “restore” and “recovery” and some key terms to know when considering your requirements and solutions.  In this week’s Take-Away, we look at VDR, or Virtual Disaster Recovery, as a possible cure for your recovery ailments.

Virtual DR is a service that leverages virtualization technology and online backup services to provide your organization with an affordable path for a speedy Return to Operations (RTO) in the event of a disaster.

How Virtual DR Works:

With Virtual DR, the backup process creates complete images of your servers — operating system, drivers, software, and data — and maintains the image on a server in a secure data center.  The process updates the image regularly and when changes are made to each server, including regular patches and updates.

In parallel, you continue to use online backup services to ensure current data is available for restores and to ensure the most current data is available for recovery.

In an emergency, your server images are activated to run on servers in the secure data center.  You connect your business to the servers, from your current location or an alternate location, via a secure Virtual Private Network (VPN).  Once running, the most recent data set is restored from the data backups.

In most cases, businesses using Virtual DR have a RTO of under 4 hours.

What Does Virtual DR Cost?

What makes Virtual DR affordable is that server image backup and storage is very inexpensive.  You only pay for operational services when you declare an emergency.  As such, Virtual DR is an incremental cost over online backup services.

When looking at Virtual DR solutions expect the following components and fees:

  • One-Time Fees
    • Setup and Configuration
    • Software agents for Exchange, SQL Server, and other specialized systems and applications
    • Initial Validation Testing
  • Recurring Fees
    • Backup and storage of service images
  • As-Needed Fees
    • Emergency declaration and server run-time
    • Additional bandwidth

Considerations

Better  VDR services provide a fixed fee for an emergency declaration and base level of run time.  For example, the VENYU Virtual DR services we offer include the emergency declaration and 30 days of run time for a single, small fee.

Additionally, the VDR service should include periodic validation tests as part of the recurring monthly cost of the service.  Annual tests are good, semi-annual tests are better.  And, you should have the option of adding and paying for additional tests when warranted, such as after major changes to your IT environment.

Finally, check with your insurance provider.  Most policies that include business recovery coverage will pay for the emergency declaration, run time, and bandwidth in the event of a disaster.  Having Virtual DR in place may also lower your premiums.

Cumulus Global CEO offers Video Conferencing Advice to SMBs

/in

Allen Falcon, CEO of Cumulus Global was quoted recently by the Worcester Business Journal, providing technical advice about video conferencing services for Small and Mid-Size Businesses.

Click Here to Read the Article

Friday Thought: Who Do You Trust?

/in

Recently, in one of my LinkedIn groups, a member asked folks about outsourcing and cloud computing.  Predictably, the cloud computing naysayers chimed in with their usual argument, which often sounds like “I would never put my data in the cloud because you don’t have control”.

To me, this sounds like an argument from past generations against putting your money in a bank.  The naysayers’ concern is not control, but trust. The naysayers don’t trust the cloud provider with their data.  They don’t trust that the cloud provider will really delete information when you hit the delete key.  They don’t trust that the administrators will not access data.

And yet, these same folks fail to look at their own environments in the same way.

In a Windows server environment, the “Domain Administrator” has complete access to everything — every piece of data, every piece of user information.  In most small and mid-size enterprises, everybody on your IT team as Domain Administrator privileges.  A disgruntled team member can not only destroy your data, but can destroy the backups you would need to recover.

Use an IT service firm or the services of an MSP?  Chances are, one or more of their employees have “Domain Administrator” or other rights that gives them access to some or all of your data.  How do you know that the help desk staffer at your IT provider will not get upset with his boss and seek revenge by destroying or stealing your data?

Clearly if you don’t trust an employee, you let them go.  And no business owner would sign up for outside services if they did not trust the vendor enough to also trust the vendors’ employees.  Cloud computing is no different. Well … maybe a little different.

Unlike your network administrator, the vast majority of cloud computing vendors have no access to your data.  They do not need access to provide you with service.  Reputable providers include data privacy and security clauses in their contracts and their service level agreements.

Unlike most in-house systems, cloud computing solutions are designed to keep everyone but you out of your data.  Google, for example, obfuscates every occurrence of every piece of data on every server.  Most SMEs cannot afford anything close to the levels of encryption and security included in the architecture of most cloud computing services.

Control and trust go hand in hand.  And, cloud computing may not offer the best solutions for every business, or even yours.  When assessing your options, consider the benefits and risk of the cloud with the real benefits and risks of your current network and systems.

A New Look is Coming to Google Apps

/in

Over the next months, Google is rolling out a new look and feel across its products, including Google Apps services such as Gmail, Calendar, Docs, and Sites.

The new look is available in the following apps:

  • Gmail: Consumer, Rapid Release, and Scheduled Release users can preview through a special theme
  • Calendar: Consumer, Rapid Release, and Scheduled Release users can try out the new look
  • Documents List: Consumer and Rapid Release users can try out the new look

 

Tuesday Take-Away: Think in These Terms About Backup

/in

In last week’s Tuesday Take-Away, I wrote about understanding requirements before thinking technology when it comes to backup, restore, and recovery.  The number of emails and questions I received was rewarding.  So, I thought I would take this time this week to define some terms and answer questions that I received in response to last week’s post.

Retention Period versus Retention Point

The Retention Period is the time period during which data is available to restore or recover.  A Retention Point is a point in time from which you can select to recover or restore your data.  Some backup solutions limit the retention period; others limit the number of retention points.  Be sure you understand how long data will stay in your backups if it deleted by a user.

Better solutions give you the ability to set both the retention period and the number of retention points for each backup set you create.  Great solutions offer Continuous Data Protection, where the system backs up files every time they change.

Off-Site versus Online Backups

Off-Site Backups are those in which the data is kept off-site.  While in some cases, off-site backups run between a company’s locations and data centers, off-site backups include backups to hosting companies and cloud-based providers.   In many cases, off-site backups provide for a local backup to disk that is then copied to an off-site location.  For some off-site services, the on-site backup history is complete, the off-site backup history is limited and intended for recovery more than restore.

Online Backups are those in which the data is backed up to an online service.  Better online backup services offer local backup copy options.   Online backup services will keep your full backup history in a vault; the local backup copy can be a limited set or a full set.

Online versus Disk-Based versus Vault Recovery

While every off-site and online backup solution gives you the ability to restore over the Internet, methods for recovery differ.

As the name implies, Online Recovery is over the Internet.  You restore your system to the point that you can start recovering files from you backup.  This is easy and reliable, but will be painfully slow.  Online recovery times are limited by your Internet bandwidth.

Disk-Based Recovery is when you recovery your files from a local or temporary disk drive.  Many off-site and online backup solutions will place your files on a DVD or a USB drive and ship it to you.  For some services, however, you need to send them the media first, adding to your RTO time.  Other services perform the restore, so your data is no longer encrypted when they send it to you.

A Vault-Based Recovery occurs when your online or off-site backup service ships you a complete vault — a computer with your encrypted data and the vault control software.  The backup software recognizes that the vault is now local and recovers your data securely at local network speeds.  Once on-site, recovering data from a vault is the fastest options, as data transfer rates are much greater than via the Internet or slower media such as DVDs and USB drives.

If you have more questions or comments about the in’s and out’s of backup solutions, please comment below or send me a message.

Next week, I’ll answer the question: “Is VDR a Cure?”


Happy Belated Birthday, World Wide Web!

/in

Sometimes, extraordinary events seem to become commonplace and get lost in the shuffle of our busy lives.

On Saturday, August 6th, the World Wide Web celebrated its 20th birthday.  Since you may have missed this, let us wish the Web a Happy Birthday!

Take a look at your computers, your phones, your music players, and your TVs; it is not difficult to see the impact the “Web” has had on society and our individual lives.

Tech news site CNET.com offers a brief history lesson and celebratory slide show.

Cumulus Global Launches Google Apps for Franchises

/in

Delivers Integrated Email and Collaboration Services to
Franchisers and Their Franchisees

WESTBOROUGH, MA – August 08, 2011 – Cumulus Global is pleased to announce the launch of Google Apps for Franchises, an integrated product and service packages designed to improve communication and collaboration between franchisers and their franchisees.  With Google Apps for Business at its core, Google Apps for Franchises gives franchisers control over their domain and their brand while providing Franchisees with best-in-class email, communication, and collaboration tools.

“Google Apps for Franchises goes beyond providing domain-branded email service to Franchisees,” stated Allen Falcon, CEO of Cumulus Global.  “The package gives franchisers the ability to move documents and training materials out of the 3-ring binder and into secure portals, without having to buy and build an expensive infrastructure.”

Google Apps for Franchises includes creation of a secure franchisee portal that may be used to share documents, create on-online policy and procedure models, deliver training videos, and post announcements.  Using Google Docs and Google Sites, franchisers can setup systems for improved reporting and rolling up numbers.  The package also includes Cumulus Global’s Premium Support offering, including tier 2 end user support.

“We understand that franchisers have unique business issues when providing services to franchisees,” notes Falcon.  “Franchisers, for example, can direct us to invoice them centrally or invoice each franchisee.”

Franchisers interested in Google Apps for Franchises can get more information at Cumulus Global’s website directly or through the Google Apps Marketplace.

About Cumulus Global
Cumulus Global, formerly Horizon Info Services, helps small and mid-size businesses, non-profits, governments, and educational institutions thrive by delivering cloud computing solutions.  Serving clients from 1 to more than 1000 employees across numerous industries, we align technology with our clients’ goals, objectives, and bottom lines. We leverage our expertise, vendor relationships, and a diversified range of best-of-breed cloud services to create custom solutions with tangible value.

Google Apps for Franchises is the first in a series of industry specific cloud computing solutions from Cumulus Global.

Friday Thought: 3 More Reasons Google Apps is Secure

/in

In addition to SAS 70 Type II Certification, here are 3 more reasons Google Apps is secure.

  1. Custom Operating System. Google Apps runs on a custom version of the LINUX operating system (OS).  Services and ports that are not needed, a common entry point for hackers, are not simply disabled, they have been removed.  As important, hackers cannot buy a copy of Google’s custom OS and use it to find vulnerabilities.
  2. Data is Unreadable, at least by humans.  When you save data in Google Apps, it is broken into little pieces that are each saved in different servers across multiple data centers.  Each piece is then obfuscated using encryption and other methods.  Even if somebody was able to break in, or a Google employee gained access to your data, they would first need to find all of the pieces and then figure out how to decrypt each piece. In comparison, your MS Exchange administrator can read every email in the system.
  3. Google is the second largest target for Hackers. Only the US Department of Defense has more attacks by hackers.  Google, therefore, has built an extremely robust defense against hackers.  With a security team of thousands on the job, led by some of the foremost security experts in the world, Google has built protection from hackers that greatly exceeds what most businesses can technically do, or even afford to do.

Does this mean your data is perfectly secure?  No!  Security can never be perfect.  It does mean that your chances of losing data in Google Apps is negligible when compared to most businesses’ network security and the actions of their employees (sharing passwords, stolen laptops, lost USB drives, and so on…..).