UNIT – 3

Topic 1: Platform as a Service | PaaS

Platform as a Service (PaaS) provides a runtime environment. It allows programmers to easily create,
test, run, and deploy web applications. You can purchase these applications from a cloud service
provider on a pay-as-per use basis and access them using the Internet connection. In PaaS, back end
scalability is managed by the cloud service provider, so end- users do not need to worry about
managing the infrastructure.

PaaS includes infrastructure (servers, storage, and networking) and platform (middleware,
development tools, database management systems, business intelligence, and more) to support the
web application life cycle.

Example: Google App Engine, Force.com, Joyent, Azure.

PaaS providers provide the Programming languages, Application frameworks, Databases, and Other
tools:

1. Programming languages
PaaS providers provide various programming languages for the developers to develop the
applications. Some popular programming languages provided by PaaS providers are Java, PHP, Ruby,
Perl, and Go.

2. Application frameworks
PaaS providers provide application frameworks to easily understand the application development.
Some popular application frameworks provided by PaaS providers are Node.js, Drupal, Joomla,
WordPress, Spring, Play, Rack, and Zend.
3. Databases
PaaS providers provide various databases such as ClearDB, PostgreSQL, MongoDB, and Redis to
communicate with the applications.

4. Other tools
PaaS providers provide various other tools that are required to develop, test, and deploy the
applications.

Advantages of PaaS
There are the following advantages of PaaS -

1) Simplified Development

PaaS allows developers to focus on development and innovation without worrying about
infrastructure management.

2) Lower risk

No need for up-front investment in hardware and software. Developers only need a PC and an
internet connection to start building applications.

3) Prebuilt business functionality

Some PaaS vendors also provide already defined business functionality so that users can avoid
building everything from very scratch and hence can directly start the projects only.

4) Instant community

PaaS vendors frequently provide online communities where the developer can get the ideas to share
experiences and seek advice from others.

5) Scalability

Applications deployed can scale from one to thousands of users without any changes to the
applications

Disadvantages of PaaS cloud computing layer

1) Vendor lock-in

One has to write the applications according to the platform provided by the PaaS vendor, so the
migration of an application to another PaaS vendor would be a problem.

2) Data Privacy

Corporate data, whether it can be critical or not, will be private, so if it is not located within the walls
of the company, there can be a risk in terms of privacy of data.
3) Integration with the rest of the systems applications

It may happen that some applications are local, and some are in the cloud. So there will be chances
of increased complexity when we want to use data which in the cloud with the local data.

Popular PaaS Providers

The below table shows some popular PaaS providers and services that are provided by them -

Providers Services

Google App Engine (GAE) App Identity, URL Fetch, Cloud storage client library, Logservice

Salesforce.com Faster implementation, Rapid scalability, CRM Services, Sales

cloud, Mobile connectivity, Chatter.

Windows Azure Compute, security, IoT, Data Storage.

AppFog Justcloud.com, SkyDrive, GoogleDocs

Openshift RedHat, Microsoft Azure.

Cloud Foundry from VMware Data, Messaging, and other services.

Topic 2: Infrastructure as a Service | IaaS
Iaas is also known as Hardware as a Service (HaaS). It is one of the layers of the cloud computing
platform. It allows customers to outsource their IT infrastructures such as servers, networking,
processing, storage, virtual machines, and other resources. Customers access these resources on the
Internet using a pay-as-per use model.

In traditional hosting services, IT infrastructure was rented out for a specific period of time, with pre-
determined hardware configuration. The client paid for the configuration and time, regardless of the
actual use. With the help of the IaaS cloud computing platform layer, clients can dynamically scale
the configuration to meet changing requirements and are billed only for the services actually used.

IaaS cloud computing platform layer eliminates the need for every organization to maintain the IT
infrastructure.

IaaS is offered in three models: public, private, and hybrid cloud. The private cloud implies that the
infrastructure resides at the customer-premise. In the case of public cloud, it is located at the cloud
computing platform vendor's data center, and the hybrid cloud is a combination of the two in which
the customer selects the best of both public cloud or private cloud.

IaaS provider provides the following services -

1. Compute: Computing as a Service includes virtual central processing units and virtual main
memory for the Vms that is provisioned to the end- users.

2. Storage: IaaS provider provides back-end storage for storing files.

3. Network: Network as a Service (NaaS) provides networking components such as routers,

switches, and bridges for the Vms.

4. Load balancers: It provides load balancing capability at the infrastructure layer.

Advantages of IaaS cloud computing layer
There are the following advantages of IaaS computing layer -

1. Shared infrastructure

IaaS allows multiple users to share the same physical infrastructure.

2. Web access to the resources

Iaas allows IT users to access resources over the internet.

3. Pay-as-per-use model

IaaS providers provide services based on the pay-as-per-use basis. The users are required to pay for
what they have used.

4. Focus on the core business

IaaS providers focus on the organization's core business rather than on IT infrastructure.

5. On-demand scalability

On-demand scalability is one of the biggest advantages of IaaS. Using IaaS, users do not worry about
to upgrade software and troubleshoot the issues related to hardware components.

Disadvantages of IaaS cloud computing layer

1. Security

Security is one of the biggest issues in IaaS. Most of the IaaS providers are not able to provide 100%
security.
2. Maintenance & Upgrade

Although IaaS service providers maintain the software, but they do not upgrade the software for
some organizations.

3. Interoperability issues

It is difficult to migrate VM from one IaaS provider to the other, so the customers might face
problem related to vendor lock-in.

Some important point about IaaS cloud computing layer

IaaS cloud computing platform cannot replace the traditional hosting method, but it provides more
than that, and each resource which are used are predictable as per the usage.

IaaS cloud computing platform may not eliminate the need for an in-house IT department. It will be
needed to monitor or control the IaaS setup. IT salary expenditure might not reduce significantly,
but other IT expenses can be reduced.

Breakdowns at the IaaS cloud computing platform vendor's can bring your business to the halt stage.
Assess the IaaS cloud computing platform vendor's stability and finances. Make sure that SLAs (i.e.,
Service Level Agreement) provide backups for data, hardware, network, and application failures.
Image portability and third-party support is a plus point.

The IaaS cloud computing platform vendor can get access to your sensitive data. So, engage with
credible companies or organizations. Study their security policies and precautions.

Top Iaas Providers who are providing IaaS cloud computing platform
IaaS Vendor Iaas Solution Details

Amazon Web Elastic, Elastic Compute Cloud The cloud computing platform pioneer,
Services (EC2) MapReduce, Route 53, Amazon offers auto scaling, cloud monitoring,
Virtual Private Cloud, etc. and load balancing features as part of its
portfolio.

Netmagic Solutions Netmagic IaaS Cloud Netmagic runs from data centers in Mumbai,
Chennai, and Bangalore, and a virtual data
center in the United States. Plans are
underway to extend services to West Asia.

Rackspace Cloud servers, cloud files, cloud The cloud computing platform vendor focuses
sites, etc. primarily on enterprise-level hosting services.

Reliance Reliance Internet Data Center RIDC supports both traditional hosting and
Communications cloud services, with data centers in Mumbai,
Bangalore, Hyderabad, and Chennai. The
cloud services offered by RIDC include IaaS
and SaaS.
Sify Technologies Sify IaaS Sify's cloud computing platform is powered
by HP's converged infrastructure. The vendor
offers all three types of cloud services: IaaS,
PaaS, and SaaS.

Tata InstaCompute InstaCompute is Tata Communications' IaaS

Communications offering. InstaCompute data centers are
located in Hyderabad and Singapore, with
operations in both countries.
TOPIC 3 : Software as a Service | SaaS
SaaS is also known as "On-Demand Software". It is a software distribution model in which services
are hosted by a cloud service provider. These services are available to end-users over the internet
so, the end-users do not need to install any software on their devices to access these services.

There are the following services provided by SaaS providers -

Business Services - SaaS Provider provides various business services to start-up the business. The
SaaS business services include ERP (Enterprise Resource Planning), CRM (Customer Relationship
Management), billing, and sales.

Document Management - SaaS document management is a software application offered by a third

party (SaaS providers) to create, manage, and track electronic documents.

Pause

Unmute

Example: Slack, Samepage, Box, and Zoho Forms.

Social Networks - As we all know, social networking sites are used by the general public, so social
networking service providers use SaaS for their convenience and handle the general public's
information.

Mail Services - To handle the unpredictable number of users and load on e-mail services, many e-
mail providers offering their services using SaaS.

Advantages of SaaS cloud computing layer

1) SaaS is easy to buy

SaaS pricing is based on a monthly fee or annual fee subscription, so it allows organizations to access
business functionality at a low cost, which is less than licensed applications.

Unlike traditional software, which is sold as a licensed based with an up-front cost (and often an
optional ongoing support fee), SaaS providers are generally pricing the applications using a
subscription fee, most commonly a monthly or annually fee.

2. One to Many

SaaS services are offered as a one-to-many model means a single instance of the application is
shared by multiple users.

3. Less hardware required for SaaS

The software is hosted remotely, so organizations do not need to invest in additional hardware.

4. Low maintenance required for SaaS

Software as a service removes the need for installation, set-up, and daily maintenance for the
organizations. The initial set-up cost for SaaS is typically less than the enterprise software. SaaS
vendors are pricing their applications based on some usage parameters, such as a number of users
using the application. So SaaS does easy to monitor and automatic updates.

5. No special software or hardware versions required

All users will have the same version of the software and typically access it through the web browser.
SaaS reduces IT support costs by outsourcing hardware and software maintenance and support to
the IaaS provider.

6. Multidevice support

SaaS services can be accessed from any device such as desktops, laptops, tablets, phones, and thin
clients.

7. API Integration

SaaS services easily integrate with other software or services through standard APIs.

8. No client-side installation

SaaS services are accessed directly from the service provider using the internet connection, so do
not need to require any software installation.

Disadvantages of SaaS cloud computing layer

1) Security

Actually, data is stored in the cloud, so security may be an issue for some users. However, cloud
computing is not more secure than in-house deployment.
Provider Services

2) Latency issue

Since data and applications are stored in the cloud at a variable distance from the end-user, there is
a possibility that there may be greater latency when interacting with the application compared to
local deployment. Therefore, the SaaS model is not suitable for applications whose demand
response time is in milliseconds.

3) Total Dependency on Internet

Without an internet connection, most SaaS applications are not usable.

4) Switching between SaaS vendors is difficult

Switching SaaS vendors involves the difficult and slow task of transferring the very large data files
over the internet and then converting and importing them into another SaaS also.

Popular SaaS Providers

The below table shows some popular SaaS providers and services that are provided by them -
Salseforce.com On-demand CRM solutions

Microsoft Office Online office suite

365

Google Apps Gmail, Google Calendar, Docs, and sites

NetSuite ERP, accounting, order management, CRM, Professionals Services Automation

(PSA), and e-commerce applications.

GoToMeeting Online meeting and video-conferencing software

Constant Contact E-mail marketing, online survey, and event marketing

Oracle CRM CRM applications

Workday, Inc Human capital management, payroll, and financial management.

TOPIC 4: DaaS in Cloud Computing

Desktop as a Service (DaaS) is a cloud computing offering where a service provider distributes virtual
desktops to end-users over the Internet, licensed with a per-user subscription.

The provider takes care of backend management for small businesses that find their virtual desktop
infrastructure to be too expensive or resource-consuming. This management usually includes
maintenance, backup, updates, and data storage. Cloud service providers can also handle security
and applications for the desktop, or users can manage these service aspects individually.

There are two types of desktops available in DaaS - persistent and non-persistent.

o Persistent Desktop: Users can customize and save a desktop from looking the same as each
user logs on. Permanent desktops require more storage than non-permanent desktops,
making them more expensive.

o Non-persistent desktop: The desktop is erased whenever the user logs out-they're just a
way to access shared cloud services. Cloud providers can allow customers to choose from
both, allowing workers with specific needs access to a permanent desktop and providing
access to temporary or occasional workers through a non-permanent desktop.
Benefits of Desktop as a Service (DaaS)

Desktop as a Service (DaaS) offers some clear advantages over the traditional desktop model. With
DaaS, it is faster and less expensive to deploy or deactivate active end users.

Rapid deployment and decommissioning of active end-users: the desktop is already configured; it
needs to be connected to a new device. DAAs can save a lot of time and money for seasonal
businesses that experience frequent spikes and declines in demand or employees.

Reduced Downtime for IT Support: Desktop as a Service allows companies to provide remote IT
support to their employees, reducing downtime.

Cost savings: Because DAAS devices require much less computing power than a traditional desktop
machine or laptop, they are less expensive and use less power.

Increased device flexibility: DaaS runs on various operating systems and device types, supporting
the tendency of users to bring their own devices into the office and shifting the burden of supporting
desktops across those devices to the cloud service provider Is.

Enhanced Security: The security risks are significantly lower as the data is stored in the data center
with DaaS. If a laptop or mobile device is stolen, it can be disconnected from service. Since no data
remains on that stolen device, the risk of a thief accessing sensitive data is minimal. Security patches
and updates are also easier to install in a DaaS environment as all desktops can be updated
simultaneously from a remote location.

How does Desktop as a Service (DaaS) work?

With Desktop as a Service (DaaS), the cloud service provider hosts the infrastructure, network
resources, and storage in the cloud and streams the virtual desktop to the user's device. The user
can access the desktop's data and applications through a web browser or other software.
Organizations can purchase as many virtual desktops as they want through the subscription model.

Because desktop applications stream from a centralized server over the Internet, graphics-intensive
applications have historically been difficult to use with DaaS.

New technology has changed this, and applications such as Computer-Aided Design (CAD) that
require a lot of computer power to display quickly can now easily run on DaaS.

When the workload on a server becomes too high, IT administrators can move a running virtual
machine from one physical server to another in seconds, allowing graphics-accelerated or GPU-
accelerated applications to run seamlessly. Meets.

GPU-accelerated Desktop as a Service (GPU-DaaS) has implications for any industry that requires 3D
modeling, high-end graphics, simulation, or video production. The engineering and design,
broadcast, and architecture industries can benefit from this technology.

How is DaaS different from VDI?

Both DaaS and VDI offer a similar result: bringing virtual applications and desktops from a
centralized data center to users' endpoints. However, these offerings differ in setup, architecture,
controls, cost impact, and agility, as summarized below:

Specialty Slave VDI

Setup The cloud provider hosts all of the organization's With VDI, you manage all IT resources on-
IT infrastructure, including compute, networking, premises or yourself in a colocation
and storage. facility. VDI is used for servers,
The provider handles all hardware monitoring, networking, storage, licenses, endpoints,
availability, troubleshooting, and upgrade issues. etc.
It also manages the VMs that run the OS. Some More about this source textSource text
providers also provide technical support. required for additional translation
information
Send feedback
Side panels
History
Saved
Contribute

Architecture Most DaaS offerings take advantage of the multi- Most VDI offerings are single-tenant
tenancy architecture. Under this model, a single solutions where customers operate in a
instance of an application-hosted by a server or completely dedicated environment.
datacenter-serves multiple "tenants" or Leveraging the single-tenant architecture
customers. in VDI allows IT administrators to gain
The DaaS provider differentiates each customer's complete control over its IT resource
services and provides them dynamically. distribution and configuration.
Resource consumption or security of other You also don't have to worry about the
clients may affect you with multi-tenant overuse of resources and any other
architecture if services are compromised. organization causing service disruption.

Control The cloud vendor controls all of its IT With VDI deployment, the organization
infrastructure, including monitoring, has complete control over its IT resources.
configuration, and storage. You may not have Since most VDI solutions leverage a single-
complete knowledge of these aspects. tenant architecture, IT administrators can
Internet connectivity is required to access the ensure that only permitted users access
control plane of DAAs, making it more vulnerable virtual desktops and applications.
to breaches and cyber attacks.

Cost There is almost no upfront cost with DaaS VDI requires a real capital expenditure
offerings as it is subscription-based. The pay-as- (CapEx) to purchase or upgrade a server.
you-go pricing structure allows companies to it is suitable for
 dynamically scale their operations and pay only Enterprise-level organizations that have
for the resources consumed. projected growth and resource
DaaS offerings can be cheaper for small to requirements.
medium-sized businesses (SMBs) with fluctuating
needs.

Agility DaaS deployments provide excellent flexibility. VDI requires considerable efforts to set up
For example, you can provision virtual desktops and build and maintain complex
and applications immediately and accommodate infrastructure. For example, adding new
temporary or seasonal employees. features can take days or even weeks.
You can also reduce the resources easily. With Budget can also limit the organization if it
DaaS solutions, you can support new wants to buy new hardware to handle the
technological trends such as the latest GPUs or scalability.
CPUs or CPU or software innovations.

What are the use cases for DaaS?

Organizations can leverage DaaS to address various use cases and scenarios such as:

o Users with multiple endpoints. A user can access multiple virtual desktops on a single PC
instead of switching between multiple devices or multiple OSes. Some roles, such as
software development, may require the user to work from multiple devices.

o Contract or seasonal workers. DaaS can help you provision virtual desktops within minutes
for seasonal or contract workers. You can also quickly close such desktops when the
employee leaves the organization.

o Mobile and remote worker. DaaS provides secure access to corporate resources anywhere,
anytime, and any device. Mobile and remote employees can take advantage of these
features to increase productivity in the organization.

o Mergers and acquisition. DaaS simplifies the provision and deployment of new desktops to
new employees, allowing IT administrators to quickly integrate the entire organization's
network following a merger or acquisition.

o Educational institutions. IT administrators can provide each teacher or student with an

individual virtual desktop with the necessary privileges. When such users leave the
organization, their desktops become inactive with just a few clicks.

o Healthcare professionals. Privacy is a major concern in many health care settings. It allows
individual access to each healthcare professional's virtual desktop, allowing access only to
relevant patient information. With DaaS, IT administrators can easily customize desktop
permissions and rules based on the user.
How to Choose a DaaS Provider ?
There are multiple DaaS providers to choose from, including major vendors such as Azure and
managed service providers (MSPs). Because of the many options, selecting the appropriate provider
can be a challenge.

o An appropriate DaaS solution meets all the organization's users' requirements, including
GPU-intensive applications. Here are some tips to help you choose the right seller:

o If you implement a DaaS solution for an organization with hundreds or thousands of users,
make sure it is scalable. A scalable DaaS offering allows you to get on and offboard new
users easily.

o A great DaaS provider allows you to provision resources based on current workload
demands. You don't want to overpay when workload demands vary depending on the day or
time of day.

o Datacenter Choosing a DaaS provider whose data center is close to the employee results in
optimized network infrastructure with low latency. On the other hand, poor location can
lead to unstable connections and efficiency challenges.

o Security and compliance. If you are in an industry that must comply with prevailing laws and
regulations, choose a DaaS provider that meets all security and compliance requirements.

o An intuitive and easy-to-use DaaS solution allows employees to get work done. It also frees
you from many IT administration responsibilities related to OS and application management.

o Like all cloud-based services, DaaS migrates CapEx to an operating expense (OpEx)
consumption model. However, not all DaaS providers are created equal when comparing
services versus price. Therefore, you should compare the cost with the value of different
DaaS providers to get the best service.

Top Providers of DaaS in Cloud Computing

Working with DaaS providers is the best option for most organizations as it provides access to
managed services and support. Below are the three largest DaaS providers currently available.

Amazon Workspace

Amazon Workspace is an AWS desktop as a service product that you can use to access a Linux or
Windows desktop. When using this service, you can choose from various software and hardware
configurations and multiple billing types. You can use workstations in multiple AWS regions.

Workstations operate on a server-based model. You enumerate predefined OS, storage, and
resource bundles when using the Services. The bundle you choose determines the maximum
performance you expect and your costs.
For example, in one of the standard bundles, you can use Windows 7 or 10, two CPUs, 4GB of
memory, and 100GB of storage for $44 per month.

The workspace also includes bringing in existing Windows licenses and applications.

With this option, you can import your existing Windows VM images and play those images on
dedicated hardware. The caveat to fetch your license is that it is only available for Windows 7 SP1
and select Windows 10 editions. Additionally, you will need to purchase at least 200 desktops.

Learn more about the AWS DaaS offering in our guide.

VMware Horizon Cloud

VMware Horizon Cloud is a DaaS offering available as a server- or client-based option. These services
are provided from a VMware-hosted control plane that enables you to manage and deploy your
desktop and applications centrally.

With Horizon Cloud, you can access fully managed desktops in three configurations:

o Session desktops are ephemeral desktops in which multiple users share resources on a
single server.

o Dedicated Desktop-Continuous desktop resources are provided to a single user. This option
uses a client-based model.

o Floating Desktop-Non-persistent desktop associated with a single user. These desktops can
provide users with a consistent experience through Horizon Cloud features, such as the User
Environment Manager, enabling administrators to maintain settings and user data. This
option uses a client-based model.

Challenges of data as a service

While DaS offers many benefits, it also poses special challenges.

o Unique security considerations: Because DaaS requires organizations to move data to cloud
infrastructure and to transfer data over a network, it can pose a security risk that would not
exist if the data was persisted on local, behind-the-firewall infrastructure. These challenges
can be mitigated by using encryption for data in transit.

o Additional compliance steps: For some organizations, compliance challenges can arise when
sensitive data is moved to a cloud environment. It does not mean that data cannot be
integrated or managed in the cloud, but companies subject to special data compliance
requirements should meet those requirements with their DaaS solutions. For example, they
may need to host their DaS on cloud servers in a specific country to remain compliant.

o Potentially Limited Capabilities: In some cases, DaaS platforms may limit the number of
devices available to work with the data. Users can only work with tools that are hosted on or
compatible with their DaaS platform instead of being able to use any tool of their choice to
 set up their data-processing solution. Choosing a DaaS solution that offers maximum
flexibility in device selection mitigates this challenge.

o Data transfer timing: Due to network bandwidth limitations, it may take time to transfer
large amounts of data to the DaaS platform. Depending on how often your organization
needs to move data across the DaaS platform, this may or may not be a serious challenge.

Data compression and edge computing strategies can help accelerate transfer speeds. Successful
DaaS Adoption:

DaaS solutions have been slow to catch on compared to SaaS and other traditional cloud-based
services. However, as DaaS matures and the cloud becomes central to modern business operations,
many organizations successfully leverage DaaS.

o Pointbet uses DaaS to scale quickly while remaining compliant: Point bet uses cloud-based
data solutions to manage its unique compliance and scaling requirements. The company can
easily adjust its operations to meet the fluctuating demand for online gaming and ensure
that it operates within local and international government regulations.

o DMD Marketing accelerates data operations with DaaS: DMD Marketing Corp. has adopted
a cloud-first approach to data management to give its users faster access to their data and,
by extension, reduce data processing time. The company can refresh data faster thanks to
cloud-based data management, giving them an edge over competitors.

How to get started with Data as a Service

Although getting started with DaaS may seem intimidating, as DaaS is still a relatively new solution,
the process is simple.

This is particularly simple because DaaS eliminates most of the setup and preparation work of
building an on-premises data processing solution. And because of the simplicity of deploying a DaaS
solution and the availability of technical support services from DaaS providers, your company does
not need to have specialized personnel for this process.

The main steps to get started with DaS include:

o Choose a DaaS Solution: Factors to consider when selecting a DaaS offering include price,
scalability, reliability, flexibility, and how easy it is to integrate DaaS with existing workflows
and ingest data.

o Migrate data to a DaaS solution. Depending on how much data you need to migrate and the
network connection speed between your local infrastructure and your DaaS, data migration
may or may not require a lot of time.

o Start leveraging the DaaS platform to deliver faster, more reliable data integration and
insights.
TOPIC 5: Backup as a Service
What Is Backup as a Service?

Backup as a service (BaaS), also known as online backup or cloud backup, is a way of storing data
remotely in the cloud and having the service provider provide and manage the necessary backup and
recovery infrastructure, software, and support services. Using backup as a service enables
organizations to eliminate capacity overprovisioning and long CapEx purchasing cycles and switch to
OpEx subscription pricing. Just as importantly they can free up resources from infrastructure
management to focus on more valuable work.

Why Is Backup as a Service Important?

Given the exponential rate at which data is growing and the siloed nature of legacy infrastructure,
many IT organizations are finding data backup to be increasingly challenging, time consuming, and
costly. These same organizations are seeing cloud adoption provide cost and operational efficiencies
as well as strengthened security across industries.

Organizations spending an increasing percent of shrinking or static IT budgets on installing,

maintaining, and managing data backup infrastructure want to do more with less but have little
money—or time—for other business-critical activities.

Data backup as a service solves their time and cost challenges by supporting:

 The shift to OpEx – Eliminate CapEx and upgrade headaches with easy subscription-based
pricing

 Simplified backup and recovery – Eliminate time-consuming infrastructure silos and simplify
management by moving backup off-site to a service provider

 Defend data against threats – Provide air gap protection for the most valuable data off-site
on redundant infrastructure and when needed rapidly recover it to anywhere

What is the Best Backup Service?

The best enterprise backup services are available from Cohesity and partners. Cohesity has a
portfolio of Data Management as a Service offerings, including Backup as a Service (BaaS).

Cohesity has teamed with AWS, the leader in cloud to provide these offerings.

The largest enterprises and organizations depend on Cohesity to protect their data. Organizations
consistently report 50% to 70% TCO savings with Cohesity.

What is a Backup Process?

A complete process for backup as a service will include these steps:

 Sign up directly via the web with account verification and activation for security
  Set up of the data encryption and cloud regions in which backup data is stored

 Registration and connection of on-premises, SaaS, or cloud data sources to be backed up

 Protection of data sources through automated detections on unprotected data and

automated policies.

 An easy way to restore—instantly and at scale to any point in time—from that backup,
should the worst case scenario or a ransomware attack occur

What is AWS Backup Service?

Organizations can adopt enterprise-class backup as a service for AWS workloads and cloud-native
apps. They also can seamlessly extend and migrate legacy workloads and datasets to the cloud as
well with a robust multicloud data management solution such as Cohesity. For example, IT teams
can backup Amazon EC2 cloud compute and Amazon RDS cloud databases with Cohesity.

What are the Three Types of Backup as a Service?

Backup as a service can cover the following other similar backup services.

 Cloud backup – originally came about for backing up consumer data to the cloud, it can also
refer to backing up enterprise and business data to the cloud in a SaaS model

 Offsite backups – traditionally took backup data (usually in offline tape media) to another
offsite location for safe keeping. Today, cloud is a more common offsite location.

 Cloud-to-cloud backup – the cloud service that backs up cloud data sources. Some backup as
a service offerings have this capability

Cohesity and Backup as a Service

Although the data backup as a service (BaaS) model is attractive to businesses, many also want to be
able to manage some data directly with a hybrid approach. Yet legacy backup products don’t provide
the flexibility and choice. Instead, IT teams are forced to cobble together disparate SaaS-based
solutions from a multitude of vendors while managing different backup products with cloud
gateways onsite.

Cohesity and AWS have teamed to offer backup as a service, solving key challenges but most
importantly providing choice and flexibility. With the Cohesity solution, IT staff can:

 Eliminate unpredictable backup fees – Not only do you eliminate the CapEx as well as the
upgrade costs and hassles of on-prem backup solutions, but you get rolling feature updates,
unlimited data restores, and no data egress charges with a single, inclusive OpEx
subscription price
  Make hybrid cloud backup easy – Because Cohesity BaaS is hybrid and multicloud, you
eliminate complex gateways and silos. Plus, a single unified UI allows you to sign up,
connect, and protect your data in minutes

 Protect and get more value from data – Automatically discover and protect both on-prem
and cloud workloads. And, most importantly, eliminate data mass fragmentation to free up
IT ops personnel while enabling developers and data analysts to do more with data

TOPIC 6: Disaster Recovery as a Service (DRaaS): Why, Where and

How
What is Disaster Recovery as a Service?

Disaster Recovery as a Service (DRaaS) is disaster recovery hosted by a third party. It involves
replication and hosting of physical or virtual servers by the provider, to provide failover in the event
of a natural disaster, power outage, or other disaster that affects business continuity.

The basic premise of DRaaS is that In the event of a real disaster, the remote vendor, which typically
has a globally distributed architecture, is less likely to be impacted compared to the customer. This
allows the vendor to support the customer in a worst case disaster recovery scenario, in which a
disaster results in complete shutdown of the organization’s physical facilities or computing
resources.

Third-party DRaaS vendors can provide failover for on-premise or cloud computing environments,
billed either on-demand, according to actual usage, or through ongoing retainer agreements. DRaaS
requirements and expectations are typically recorded in service level agreements (SLAs).

In this article you will learn:

 DRaaS Operating Models

 Managed DRaaS

 Assisted DRaaS

 Self-Service DRaaS

 How Does DRaaS Work?

 BaaS vs DRaaS

 What Should You Consider When Choosing a DRaaS?

 Reliability

 Access

 Assistance
DRaaS Operating Models
There are three primary models used by disaster recovery as a service providers—managed,
assisted, and self-service.

Managed DRaaS

In the managed DRaaS model, third parties take full responsibility for disaster recovery. Choosing
this option requires organizations to work closely with DRaaS providers to keep all infrastructure,
application, and service changes up to date. If you don’t have the expertise and time to manage your
own disaster recovery, this is the best option.

Assisted DRaaS

If you want to take responsibility for certain aspects of your disaster recovery plan, or if you have
custom applications that may be difficult for a third party to take over, supported DRaaS may be a
better choice. In this model, the service provider provides services and expertise that can help
optimize the disaster recovery process, but the customer is responsible for implementing some or all
of the disaster recovery plans.

Self-Service DRaaS

The cheapest option is a self-service DRaaS, where customers are responsible for planning, testing,
and managing disaster recovery, and the vendor provides backup management software, and hosts
backups and virtual machines in remote locations. This model is offered by all major cloud
providers—Amazon, Microsoft Azure and Google Cloud.

When using this model, careful planning and testing is required to ensure that operations can be
immediately failed over to the vendor’s remote data center, and easily recovered when local
resources are restored. This option is ideal for organizations with in-house disaster recovery and
cloud computing expertise.

How Does DRaaS Work?

The DRaaS provider provides infrastructure that serves as the customer’s disaster recovery site when
a disaster happens. The service offered by the provider typically includes a software application or
hardware appliance that can replicate data and virtual machines to a private or public cloud
operated by the provider.

In managed DRaaS, the provider is responsible for the failover process, ensuring users are redirected
from the primary environment to the remote environment. DRaaS providers also monitor disaster
recovery operations and help customers recover systems and resume normal operation. In other
forms of DRaaS, your organization will need to assume responsibility for some of these tasks.

Hosted DRaaS is especially useful for small businesses that lack in-house experts to design and
execute disaster recovery plans. The ability to outsource infrastructure is another benefit for smaller
organizations, because it avoids the high cost of equipment needed to run a disaster recovery site.
BaaS vs DRaaS
Backup as a Service (BaaS) allows businesses to back up files, folders and entire data stores to
remote secure data centers. It is provided by third-party managed service providers (MSP). It is the
MSP’s responsibility to maintain and manage backups, rather than having the IT department manage
them locally.

There are three primary differences between BaaS and DRaaS:

 BaaS only backs up data, whereas DRaaS is responsible for backing up data and
infrastructure. In a DRaaS service, the MSP is responsible for deploying entire servers and
ensuring they are available to users.

 BaaS can perform data recovery, but the RPO (Recovery Point Objective) and RTO (Recovery
Time Objective) are typically measured in hours or days. This is because for large datasets, it
can take a long time to transfer data back from the MSP to your on-premises data center.
With DRaaS solutions, you can measure RPO and RPO in minutes or even seconds, because a
secondary version of your servers are ready to run on a remote site.

 BaaS costs are significantly lower than DRaaS, because the main cost is storage resources
used by your backups. In DRaaS you need to pay for additional resources including
replication software, compute and networking infrastructure.

What Should You Consider When Choosing a DRaaS?

The following are key considerations when selecting a DRaaS provider for your organization.

Reliability

In the early days of DRaaS, there were concerns about the resources available to the DRaaS provider,
and its ability to service a certain number of customers in case of a widespread regional disaster.

Today, most DRaaS services are based on public cloud providers, which have virtually unlimited
capacity. At the same time, even public clouds have outages, and it is important to understand what
happens if, when disaster strikes, the DRaaS vendor is unable to provide services. Another, more
likely scenario is that the DRaaS vendor will perform its duties, but will not meet its SLAs.
Understand what are your rights under the contract, and how your organization will react and
recover, in each situation.

Access

Work with your DRaaS provider to understand how users will access internal applications in a crisis,
and how VPN will work—whether it will be managed by the provider or rerouted. If you use virtual
desktop infrastructure (VDI), check the impact of a failover event on user access, and determine who
will manage the VDI during a disaster.
If you have applications accessed over the Internet, coordinate with providers, customers, partners,
and users how DNS will work in a crisis—whether it should be transitioned to DNS managed by the
provider, or kept with the same DNS (this also depends on whether your DNS is hosted or self-
managed). DNS is a mission critical service, and if it doesn’t work smoothly during a disaster, even if
systems are successfully transitioned, they will be offline.

Assistance

Ask prospective DRaaS providers about the standard process and support they provide, during
normal operations and during a crisis. Determine:

 What is the disaster recovery procedure

 What professional services the provider offers in time of disaster

 What responsibility lies with the provider vs. your organization

 What is the testing process—determine if you can run tests for backup and recovery
internally, and whether testing or disaster “drills” are conducted by the provider

 After declaring a disaster, how long can the provider run your workloads before recovering
(to account for long term disaster scenarios)

Protecting Data Effortlessly with Cloudian

If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with
capacity up to 1.5 Petabytes. You can also set up a Cloudian appliance in a remote site and save data
directly to the remote site using our integrated data management tools.

Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and
configure it to replicate all data to the cloud. This allows you to access data locally for quick
recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data
center.

TOPIC 7: Service level agreements in Cloud computing

A Service Level Agreement (SLA) is the bond for performance negotiated between the cloud services
provider and the client. Earlier, in cloud computing all Service Level Agreements were negotiated
between a client and the service consumer. Nowadays, with the initiation of large utility-like cloud
computing providers, most Service Level Agreements are standardized until a client becomes a large
consumer of cloud services. Service level agreements are also defined at different levels which are
mentioned below:

 Customer-based SLA

 Service-based SLA

 Multilevel SLA
Few Service Level Agreements are enforceable as contracts, but mostly are agreements or contracts
which are more along the lines of an Operating Level Agreement (OLA) and may not have the
restriction of law. It is fine to have an attorney review the documents before making a major
agreement to the cloud service provider. Service Level Agreements usually specify some
parameters which are mentioned below:

1. Availability of the Service (uptime)

2. Latency or the response time

3. Service components reliability

4. Each party accountability

5. Warranties

In any case, if a cloud service provider fails to meet the stated targets of minimums then the
provider has to pay the penalty to the cloud service consumer as per the agreement. So, Service
Level Agreements are like insurance policies in which the corporation has to pay as per the
agreements if any casualty occurs.
Microsoft publishes the Service Level Agreements linked with the Windows Azure Platform
components, which is demonstrative of industry practice for cloud service vendors. Each individual
component has its own Service Level Agreements. Below are two major Service Level Agreements
(SLA) described:

1. Windows Azure SLA –

Window Azure has different SLA’s for compute and storage. For compute, there is a
guarantee that when a client deploys two or more role instances in separate fault and
upgrade domains, client’s internet facing roles will have external connectivity minimum
99.95% of the time. Moreover, all of the role instances of the client are monitored and there
is guarantee of detection 99.9% of the time when a role instance’s process is not runs and
initiates properly.

2. SQL Azure SLA –

SQL Azure clients will have connectivity between the database and internet gateway of SQL
Azure. SQL Azure will handle a “Monthly Availability” of 99.9% within a month. Monthly
Availability Proportion for a particular tenant database is the ratio of the time the database
was available to customers to the total time in a month. Time is measured in some intervals
of minutes in a 30-day monthly cycle. Availability is always remunerated for a complete
month. A portion of time is marked as unavailable if the customer’s attempts to connect to a
database are denied by the SQL Azure gateway.

Service Level Agreements are based on the usage model. Frequently, cloud providers charge their
pay-as-per-use resources at a premium and deploy standards Service Level Agreements only for that
purpose. Clients can also subscribe at different levels that guarantees access to a particular amount
of purchased resources. The Service Level Agreements (SLAs) attached to a subscription many times
offer various terms and conditions. If client requires access to a particular level of resources, then
the client need to subscribe to a service. A usage model may not deliver that level of access under
peak load condition.

If a cloud service provider fails to meet the specified targets of the minimum, the provider will have
to pay a penalty to the cloud service consumer as per the agreement. So, service level agreements
are like insurance policies in which the corporation has to pay as per the agreement if an accident
occurs.

Microsoft publishes service level agreements associated with Windows Azure platform components,
demonstrating industry practice for cloud service vendors. Each component has its own service level
contracts. The two major Service Level Agreements (SLAs) are described below:

Service level agreements are based on the usage model. Often, cloud providers charge their pay-per-
use resources at a premium and enforce standard service level contracts for just that purpose.
Customers can also subscribe to different tiers that guarantee access to a specific amount of
purchased resources.

Service level agreements (SLAs) associated with subscriptions often offer different terms and
conditions. If the client requires access to a particular level of resources, the client needs to
subscribe to a service. A usage model may not provide that level of access under peak load condition

Cloud infrastructure can span geographies, networks, and systems that are both physical and virtual.
While the exact metrics of cloud SLAs can vary by service provider, the areas covered are the same:

o Volume and quality of work (including precision and accuracy);

o Speed;

o Responsiveness; and

o Efficiency.

The purpose of the SLA document is to establish a mutual understanding of the services, priority
areas, responsibilities, guarantees and warranties. It clearly outlines metrics and responsibilities
between the parties involved in cloud configuration, such as the specific amount of response time to
report or address system failures.

The importance of a cloud SLA

Service-level agreements are fundamental as more organizations rely on external providers for
critical systems, applications and data. Cloud SLAs ensure that cloud providers meet certain
enterprise-level requirements and provide customers with a clearly defined set of deliverables. It
also describes financial penalties, such as credit for service time, if the provider fails to meet
guaranteed conditions.

The role of a cloud SLA is essentially the same as that of any contract -- it's a blueprint that governs
the relationship between a customer and a provider. These agreed terms form a reliable foundation
upon which the Customer commits to use the cloud providers' services. They also reflect the
provider's commitments to quality of service (QoS) and the underlying infrastructure.
What to look for in a cloud SLA

The cloud SLA should outline each party's responsibilities, acceptable performance parameters, a
description of the applications and services covered under the agreement, procedures for
monitoring service levels, and a program for remediation of outages. SLAs typically use technical
definitions to measure service levels, such as mean time between failures (MTBF) or average time to
repair (MTTR), which specify targets or minimum values for service-level performance. does.

The defined level of services must be specific and measurable so that they can be benchmarked and,
if stipulated by contract, trigger rewards or penalties accordingly.

Depending on the cloud model you choose, you can control much of the management of IT assets
and services or let cloud providers manage it for you.

A typical compute and cloud SLA expresses the exact levels of service and recourse or compensation
that the User is entitled to in case the Provider fails to provide the Service. Another important area is
service availability, which specifies the maximum time a read request can take, how many retries are
allowed, and other factors.

The cloud SLA should also define compensation for users if the specifications are not met. A cloud
service provider typically offers a tiered service credit plan that gives credit to users based on the
discrepancy between the SLA specifications and the actual service tiers.

Selecting and monitoring cloud SLA metrics

Most cloud providers publicly provide details of the service levels that users can expect, and these
are likely to be the same for all users. However, an enterprise choosing a cloud service may be able
to negotiate a more customized deal. For example, a cloud SLA for a cloud storage service may
include unique specifications for retention policies, the number of copies to maintain, and storage
space.

Cloud service-level agreements can be more detailed to cover governance, security specifications,
compliance, and performance and uptime statistics. They should address security and encryption
practices for data security and data privacy, disaster recovery expectations, data location, and data
access and portability.

TOPIC 8: Cloud SLA lifecycle

The Cloud SLA lifecycle is an important part of the provision of Cloud services. There is a tight
correlation between the phases of the Cloud service lifecycle (Acquisition, Operation, Termination)
and the 7 phases of the Cloud SLA one.

Cloud service lifecycle: Acquisition

A prospective cloud customer can use service offerings published by the cloud service provider to
check whether it meets her/his requirements, for example, security, personal data protection,
performance etc., and see how one offering compares with another in the market. Why is it
important? This phase is crucial for establishing an SLA between the cloud customer and the cloud
service provider.

Any relationship starts with pre-assessing what one would like, why, when and with
whom (for instance one or more CSPs), so does the first Cloud SLA lifecycle phase,
Assessment
Assessment. This includes for instance doing market intelligence, checking specific
needs, offerings, CSPs, performance of CSPs and setting up a business case...

This second Cloud SLA lifecycle phase, includes for instance, the first contact and
Preparation conversation with possible CSPs, further assessment, pre-evaluation and fine-tuning
goals and assumptions...

This phase can include preparing for negotiation and the actual negotiation and deal
making with one or more CSPs, including sharing concerns, discuss in-scope and out-of-
Negotiation &
scope (cloud) services, debating about trade-offs and finding common grounds,
Contracting
reaching agreement, double-checking needs, goals and assumptions, and of course
documenting the contractual arrangements, and signing thereof...

Cloud service lifecycle: Operation

This phase determines whether a cloud service meets the committed service level objective (SLO)
during the provisioning of the cloud service. This might imply that cloud service providers taking
corrective actions to avoid SLA violations. Why is it important? SLAs can be used to monitor the
cloud service provider in order to assess the correct fulfilment of the cloud service, or detect
potential violations in which case remediation may take place.

This phase includes the actual start of setting up the cloud services, populating the
Execution &
respective cloud service with relevant data, on boarding and training users, setting up
Operation communication channels and further operational activities while using the respective
cloud services...

This phase includes updated or otherwise amended needs, goals and assumptions by
the Cloud Service Customer during the term of the ongoing cloud services
Updates &
arrangements, as well as improved or added cloud services by the CSP there under. It
Amendments
also includes optimisation of the respective cloud services by CSP as per (contractual or
other) non-compliance, breaches and other incidents during that term...

This phase deals with contractual or other) non-compliance, breaches and other
incidents during the term of the ongoing cloud services arrangements that have
Escalation resulted in a dispute that needs escalation, (perhaps even litigation as a last resort),
negotiation and resolution, either by parties themselves or by arbitration, court or
otherwise...

Cloud service lifecycle: Termination

Why is it important? You should already think about termination in phase 1, as an SLA can be used to
arrange the conditions under which the Cloud customer’s data (including but not limited to for
instance Personal Identifiable Information or PII) will be exported and returned to the cloud
customer, and not retained by the cloud service provider (to the extent mandatorily possible).

This phase deals with the end of the relationship between CSP and CSC, including the
end of the legal relationship even though the latter will generally continue for several
Termination &
years after any termination as per mandatory laws and legislation. This last phase for
Consequences of
instance includes the assessment of alternatives, settlement and termination
Termination
arrangements, cloud services transition projects and services, data export, customer
and (end)use care and diligence, and adequate data deletion...
TOPIC: 9 SLA management
Service level agreements (SLAs) are a list of objectives, services, and responsibilities a customer can
expect suppliers or managed services providers (MSPs) to provide. SLAs also include metrics for
measuring the accuracy and extent to which MSPs provide those services as well as potential
penalties if the levels of service specified by the agreement aren’t maintained. While SLAs are
typically negotiated between customers and service providers, it’s not unheard of for departments
within the same company to create their own service agreements.

SLAs are especially important for MSPs, since they help to ensure you’re meeting your agreed-upon
responsibilities—while also protecting your business in case a customer asks for services that exceed
those outlined in the agreement. SLAs can also specify responsibilities on the part of the customer as
well, such as ensuring a representative is available to help address issues pertaining to the service
agreement.

There are several commonly used metrics that measure the success or efficiency of SLAs—and these
can be effectively managed by certain SLA tools and software solutions. So here are a few things to
keep in mind before you start negotiating service agreements.

What Is SLA Management?

Broadly defined, SLA management is the ongoing process of ensuring all provided services and
processes—including the underlying contracts—are in alignment with the agreed-upon service level
targets stipulated by the contract. From the creation of help desk tickets to retrospective reporting
and regular customer feedback, SLA monitoring helps to protect your business—and ensure your
customers are satisfied.

Because strong SLAs will specify the measurement criteria for the agreed upon services and
responsibilities, proper SLA management also involves remaining attentive to those metrics.

Common Service Level Agreement Metrics

The details of individual SLAs will of course vary depending on the type of services a customer
requires—and the metrics used to measure how well the customer and provider are meeting their
service targets will vary accordingly. SLA metrics are associated with specific SLA objectives, which
are essentially the reason why each metric is important. Here are a few of the most common metrics
used to measure how service provider performance and quality is meeting customer expectations:

 Abandonment Rate: the percentage of queued calls customers abandon while waiting for an
answer.

 Availability or Uptime: also referred to as system reliability. This is usually measured by the
percentage of time a device has been working, or the percentage of time that provided
services are operational and accessible to the customer.

 Average Speed of Answer (ASA): the average amount of time required for the service desk
to answer a call.

 Business Results: the use of key performance indicators to calculate how the contributions
of service providers affect business performance.

 Defect Rate: the percentage of errors in deliverables. This can include everything from
coding errors to missed deadlines.

 First-call Resolution (FCR): the percentage of incoming calls resolved without the use of a
help desk callback to finish resolving the case.

 Mean Time to Recovery (MTTR): the time required to recover following a service outage.

 Security: the number of antivirus updates or patches installed. Even if an incident occurs,
MSPs can demonstrate they’ve taken preventative measures.

 Time Service Factor (TSF): the percentage of queued calls answered within a defined time
frame.

 Turnaround Time (TAT): the time required to resolve a specific task or issue once the service
provider receives it.

Beyond establishing the relevant performance metrics, SLAs can stipulate contingencies for how the
services provider can remediate or compensate for potential contract breaches. The agreements will
also include a force majeure clause detailing situations and events outside the service provider’s
control—such as natural disasters—interruptions of service won’t be penalized.
One important thing for MSPs to remember when entering into an SLA is, when selecting metrics,
it’s vital to select the ones that will motivate desired behavior—both on the part of the customer
and the services provider. This will ideally lead to both parties optimizing their processes to reach
the target performance objectives.

Another thing to keep in mind is fewer metrics are usually better—a smaller number will provide a
more manageable amount of data to analyze for performance assessment. Similarly, the SLA should
favor metrics that can be easily collected and measured.

What Are the Three Types of SLAs?

SLAs are broadly categorized according to three tiers:

 Customer-based SLA: These agreements are between service providers and individual
customer groups—and apply to all the services the customer group uses. For instance, if the
financial department of a company constitutes a customer group, a customer-based SLA
could require that service provider be responsible for managing the financial software as
well as billing, payroll, and procurement systems.

 Service-based SLA: These agreements are between service providers and customers—and
are based on specific services that the service provider offers. This can include providing
email systems for customers, or routine maintenance as part of a service package.

 Multi-level SLA: These agreements are categorized into three sub-tiers, with each one
applying the same services to different customer groups within the same SLA.

o Corporate-level SLA. This provides SLA management for every user across the
customer organization. Many of the issues this level of SLA management deals with
are not critical issues, so SLA performance reviews and updates are usually required
on a less frequent basis.

o Customer-level SLA. This provides SLA management for specific customer groups—
but applies to all services provided or in use.

o Service-level SLA. This provides SLA management for specific services related to
specific customer groups.

Why Are SLAs Important?

SLAs provide several valuable benefits for both customers and service providers. MSPs rely on SLAs
to manage customer expectations and to define the situations in which customers can’t hold them
liable for service outages or issues related to performance. SLAs are also essential for establishing
performance targets and benchmarks to set a standard for MSPs to meet.

For MSPs, SLAs tend to be one of the two foundational contracts established with their customers. In
addition to the service agreement, many service providers will enter into a master services
agreement with customers that lays out the broad overview of terms and conditions under which
they agree to provide services. The master services agreement will often incorporate the conditions
of the SLA, which allows for more specificity regarding the services MSPs will provide and the metrics
they will use to measure the effectiveness of those services.

For customers, some of the benefits SLAs provide include a means of describing the performance
characteristics of the services they are receiving—which they can use to compare or generate
leverage when assessing other service providers’ SLAs. The service agreements will also offer means
for seeking redress for breaches of contract via service credits or other forms of compensation and
remediation.

SLA reporting is another important vector for ensuring MSPs are meeting service targets. Many
MSPs will choose to make statistics related to performance available online so customers can easily
confirm they haven’t breached they SLA contracts.

Service Level Agreement Best Practices

We’ve already mentioned several SLA best practices in this article—SLAs must be measurable,
updated periodically, and account for unexpected situations—but there are a few others that bear
mentioning.

First, you should write SLAs in clear, jargon-free language. This is to ensure clarity for all parties
involved, so customers who may not be technologically literate still understand exactly what they’re
agreeing to when entering into a contract with an MSP or other service provider.

Second, you should clearly define the processes and methodologies related to how you measure,
enforce, and compensate service levels. While in many cases, that responsibility falls on the MSP,
working collaboratively with customers during the process of contract negotiation will help to avoid
misunderstandings and ensure that customer and provider are on the same page.

These defined processes become especially important for SLA management in cloud computing,
because cloud-based service providers tend to be hesitant about making alterations to their
boilerplate SLA agreements. This is because cloud-based profit margins are tighter, and thus
businesses rely on providing services to large customer bases. Overall, regardless of what type of
service you’re providing, an SLA helps define expectations and ensure the customer-provider
relationship remains satisfactory for all involved parties.

TOPIC:10 Business continuity in the cloud: Benefits and planning

Learn the major areas of concern and the seven key steps to include when creating a cloud-based
business continuity plan to protect data and workloads.

Data protection and business continuity offerings were once only financially accessible to large
companies that could afford to construct a secondary data center. However, the public cloud and
cloud hosting providers have made business continuity and disaster recovery services available to
the masses.

Benefits of cloud business continuity

There are numerous benefits to using the cloud for business continuity (BC). The most obvious is
that on-premises workloads can be configured to fail over to the cloud, substantially reducing an
organization's downtime. This enables mission-critical applications to run even if the organization
experiences data center issues.

The cloud also simplifies disaster recovery (DR) planning. On-premises continuous data protection
offerings can often be configured to write a backup copy to the cloud. This ensures that critical data
is replicated to an off-site location where it's protected against disasters that might affect the data
center. An organization could also use a cloud-based disaster recovery service, which can be a less
expensive and simpler alternative to a custom cloud-based DR offering.

Organizations can use the cloud to scale workloads running on premises. During periods of peak
demand, a cloud service can be configured to automatically provision additional VMs to cope with
the increased workload.

Similarly, cloud services can help reduce the effect of a DoS attack. Such attacks seek to overwhelm
IT resources to the point they are unable to handle normal workloads. Depending on the severity of
the attack, workloads can become sluggish or completely unavailable. Because cloud services can
scale to meet demand, an organization might be able to use cloud resources to reduce the effect of
the attack so business can continue as normal.

Finally, business continuity in the cloud reduces recovery time in the event of a disaster by ensuring
that recovery operations can be performed in a minimal amount of time.

What to consider when implementing cloud business continuity

Entire books have been written on what must be considered when planning for business continuity
in the cloud. However, there are several things that must be considered above all others.

 Cost. Although the public cloud was once known as an inexpensive alternative to on-
premises operations, those savings have become more difficult to realize in recent years. As
such, it's important to know how much your BC plan will cost.

 Hardware and software compatibility. Some applications won't work in the cloud, while
others will function in the cloud but are too costly to run in that environment.

 Cloud provider's reputation and what they're doing to ensure business continuity. You
shouldn't trust your mission-critical workloads to a provider with a reputation for periodic
outages or one that could go out of business next week. A reputable provider should offer
a service-level agreement that guarantees a minimal level of service.

 Data ownership. Your provider should be transparent about where your data will be stored,
and the terms of service should ensure you retain ownership of your own data.

 The cost of getting your data out of the cloud. Most cloud providers charge a data egress
fee for any data moved off the cloud. This includes data that is migrated to an organization's
own data center or to another cloud. These fees can be quite substantial, so it's important to
know how much it will cost to move your data elsewhere. Even if you don't plan to take your
 data out of the cloud, there are certain backup and recovery operations that can trigger data
egress fees. Ensure you're aware of when such fees can be incurred.

 Who is responsible for backing up data and what methods will be used? Most cloud
providers have adopted a shared responsibility model in which the provider is responsible
for maintaining the underlying infrastructure, and subscribers are responsible for backing up
and protecting their own data.

 Cost and availability of support within the cloud. It's important to verify that help will be
available in times of crisis, and what that support might cost.

 Security. Check to see if your cloud-based BC plan will undermine security. This is especially
true in regulated industries where penalties can be incurred for breaches or violating
security best practices.

How to implement a cloud-based business continuity plan

The process of creating a cloud-based BC plan will vary from one organization to the next. However,
there are some high-level steps that will be common to most organizations. These steps include:

1. Audit your distributed platform, including all devices, users, software and hardware. It's
impossible to develop a cloud-based BC plan unless the organization knows its existing IT
footprint.

2. Conduct a risk assessment. To develop an effective BC plan, an organization must identify

potential risks to business operations. Although it's impossible to identify and compensate
for every conceivable risk, organizations should work to identify and mitigate those risks that
are most likely to occur and have an adverse effect on the business.

3. Include cloud services in the business impact analysis (BIA). An organization will most likely
perform a BIA for each risk it has identified. Part of this process should include determining
the role the cloud can play in reducing or eliminating each risk.

4. Document workarounds. For each identified risk, identify specific cloud services that can be
used to ensure ongoing business operations during times of crisis.

5. List all key cloud service contacts. Any BC plan should include contact information for IT
staff members, support personnel and cloud service providers that might need to assist you
as you shift mission-critical workloads to the cloud.

6. Describe how work will continue if on-premises apps are down and the cloud is still
available, and vice versa. Business contingency plans created around the cloud are based on
the premise that a catastrophic failure could occur in the organization's own data center, but
that cloud services will continue to be available. However, the opposite could also be true.
Ensure your contingency plans include situations in which the cloud is down but on-premises
operations are still functional.
7. Test all cloud-related parts of the plan. Testing is a key aspect of any BC plan, so don't wait
until disaster strikes to find out whether or not the plan works. Plans should be tested,
refined and retested early on. It's also important to occasionally retest your plans.