A service-level agreement forms the foundation of any relationship between a service provider and users. But the promises and details contained within a service-level agreement don't mean much without objective verification. Both a provider and users need a way to measure service performance, and decide whether that performance falls within acceptable parameters.
As outsourcing and colocation services gain traction within the enterprise, service-level agreement (SLA) enforcement will become even more important. Use this FAQ to build a solid SLA monitoring strategy.
Q. What should I look for in a colocation provider's SLA?
There is no universal answer that addresses every possible situation. For example, the SLA for a traditional colocation provider -- where you bring your own gear -- will be very different than the SLA for a hosted colocation provider --where you rent the provider's gear. Those will also vary from a hosted service provider -- such as a software as a service provider like ServiceNow -- and a public cloud provider.
Always start by reading the SLA, with several IT and business leaders participating in the review process. Once a review is complete, start to make some meaningful assessments of the provider's SLA.
Common points of interest in an SLA assessment
Which services are offered? Have a clear picture of the services offered in an SLA, such as compute or storage resources, application access and so on. Understand how you will use those services, and consider the risks if those services should change or become unavailable.
What are the service levels? Look for the service levels that cover factors such as latency, bandwidth and capacity. This is the real meat of the SLA, and these performance terms provide the basis for SLA monitoring and enforcement.
Does the provider carry any special representations? If the provider's SLA lists adherence to certain standards or certifications -- such as a Tier 4 data center or certification to ISO 27001 security standards -- and those representations are important to you, find a way to independently verify them on a regular basis.
How do you get support? SLAs often explain provider support, starting with initial triage and response times, and describe the proper path to problem escalation and resolution. Know how to engage support, and how long an incident response will take.
How do you implement changes? It's common for users to cancel, add or change services during the term of an outsourcing agreement. An SLA will describe how to request or institute any service changes, along with change fees.
Ultimately, the role of an SLA is to protect the provider -- not the user -- so any remediation is usually limited to the value of service time lost. If a provider's service is disrupted or falls outside the SLA for a time, the most that users could expect is a credit for the time period the service was affected. For example, if a service goes offline for an hour, the user may be entitled to an hour's credit on the next bill. It doesn't matter what the collateral impact may have been to the user's business.
Q. Are there any signs that a colocation provider may not meet its SLA?
Look for frequent or unexpected updates to a provider's SLA. While they may be subtle, these changes can suggest areas where the provider has struggled to meet certain obligations. For example, changing a definite time period -- such as a two-hour response -- to an inconclusive phase like best effort or reasonable time can expose weaknesses.
Next, watch for changes to the provider's internal business, such as mergers and acquisitions, or changes to management staff. Mergers may trigger major changes to an existing SLA, and acquisitions can leave the provider servicing a far larger customer base.
To keep providers honest, employ third-party tools or services for SLA monitoring and enforcement. Also, cultivate relationships with alternative colocation providers and have a strategy to transition critical workloads to those alternate providers if the need arises.
Q. What are some options for SLA monitoring tools?
SLA monitoring and enforcement tools include Mindarray Systems' Minder for network performance and application monitoring; IDERA Uptime Infrastructure Monitor for SLA testing; IDERA Uptime Cloud Monitor to monitor inside and outside application program interface (API) performance; and op5 Monitor. Uptrends and Apica are also available for external website and server monitoring.
Evaluate SLA monitoring tools and services to ensure they can integrate with your provider's APIs or other monitoring hooks. Contact the colocation provider and discuss the availability of external SLA monitoring and enforcement. Let the provider tell you which APIs or hooks are available, and which commercial tools and services can do the job, if any. The provider may even offer technical support for those tool integrations.
Q. Should you test an SLA to see how well the provider performs?
Some users of colocation, cloud or other services periodically stress test the support provisions of a provider's SLA. In many cases, such testing can verify that the provider's support contact information -- such as telephone, email and web support portal -- is still valid, and familiarizes users with the provider's support environment. This kind of cursory testing is fine for providers handling nonessential or low-priority services.
But colocation or other providers of critical services, such as hosting mission-critical workloads, require closer and ongoing SLA monitoring. It may be worth periodically triggering the provider's support to gauge response timing and quality. Response times for telephone calls, emails or help tickets should fall within established SLA limits. The response itself should include meaningful content, such as pointed questions and links to related knowledge base articles. If not, it's worth having a talk with the provider.
Read the fine print in a cloud backup SLA
Know the difference between SLOs and SLAs
Find out if a cloud computing SLA is negotiable