NAN - Fotolia
If you're considering using infrastructure as a service for some of your data center's processing capabilities, you will have to make sense of complex contracts and service-level agreements as part of this process. These contracts include boilerplate language, but there can be some extra clauses and fees hidden away that you must look out for.
These IaaS components could have significant ramifications in dealing with future problems by helping you understand all parties' expected responsibilities.
An initial read-through of the SLA helps you identify risks to address as part of the cloud migration process, such as pricing structure, roles compliance needs and spending power.
Portability of spend
Having flexibility with a provider to move money from service to service should be a paramount concern in IaaS agreement negotiations, said Dan Beers, vice president of colocation business services at INAP, a cloud and data center solutions provider.
The ability to avoid early termination fees and move to the infrastructure that makes the most sense for your application demands -- such as public cloud, private cloud or managed services -- is more than just a luxury. Portability allows your IT department to rework its infrastructure needs as necessary instead of being locked into provider contracts or specific vendors.
Responsibilities and licensing
Many organizations are locked into contracts with software and hardware manufacturers that do not have portability to service providers. Read contracts and agreements to verify that they include detailed information on responsibilities between the software/hardware manufacturer, IaaS provider and your IT department.
The capability to bring your own software licenses or hardware allows you to avoid early termination fees, said Beers. Also develop a co-managed service agreement that outlines roles and responsibilities to mitigate the risk of outages.
Infrastructure availability and performance
Determine whether availability and service-level agreements apply to individual components in an IaaS deployment or across the whole setup. What happens if performance suffers because of something outside the scope of a virtual machine instance -- which is more likely covered in the contract -- such as a network problem, domain name system error or database integration?
"Ultimately if your IaaS isn't available or performant, which is as bad as not being available, then it's no use to anyone," said Philip Brown, head of Oracle cloud services at DSP, a cloud consultancy. As you build out an IaaS offering in the cloud, you can build against issues of availability and performance.
"However, you don't want to have to be architecting a solution to protect against a fault from your supplier," Brown said. A cloud provider's SLA does not necessarily guarantee that everything will go perfectly, but it provides information on what kind of compensation to expect, such as service credits, if it does.
Enterprise discount credits
An enterprise discount agreement is the best approach for large organizations looking to pursue IaaS, said Sean Feeney, cloud engineering practice director at Nerdery, a consulting service. Many providers provide a discount if you commit to migrate a certain number or types of workloads over a set number of years and agree to be a public reference customer in the IaaS agreement.
Even if your company is not large enough for these pricing options, you can save costs by committing to purchase a specific workload setup for one to three years.
Organizations should also consider the pricing structure within the agreement, said Bill Saltys, senior vice president of alliances at Apps Associates, a cloud consultancy.
The IaaS agreement should provide full transparency into the cost and pricing structure, and not include any hidden fees. Use this pricing data to conduct a total cost of ownership and ROI analysis that includes an assessment of the planned workloads and clearly define what you will run on the infrastructure.
Look beyond commodity pricing and investigate the entire deal's structure, including length of contract, annual increases and automated, post-agreement charges. This way, all involved parties understand the full picture of every cost as well as who is liable for certain fees, Saltys said.
Security, governance and compliance
It is important to establish who owns what portion of the security pipeline in the IaaS agreement, Saltys said. Cloud services typically use a shared responsibility model in which the infrastructure provider is responsible for the security and infrastructure integrity up through the OS. Above the OS, you must employ extra software and services for full protection.
Discuss any specific regulatory requirements that your department must meet with your account representative, Feeney said. HIPAA customers, for example, must have their provider sign a business associate agreement, and they must restrict their use to only BAA-approved services. Defense organizations, or those operating in certain EU countries, can only use regions approved by respective government authorities.