18

SLA with Cloud

Service Providers
f you need an information on: See page:
The Concept of an SLA 301
SLA Aspects and Requirements 302
305
Service Availability
305
Cloud Outages
306
Credit Calculation for SLA Breaches
306
Sample SLA 1: Amazon S3 SLA
309
Sample SLA 2 The Rackspace Cloud Server SLA
311
Sample SLA 3: Google Apps SLA
312
Sample SLA 4: HP Cloud Compute SLA

things
reverence
thysel and Philosopher,
kene tie cloud wrth its shuadow the star woth its light. Above all
Greek
Mathematician

(582 BC 502 BC)

is Phythagoras,
-
Chapter 18 and
providers
need clarify
to clar certain
things
s.. to each
between the and the ud
users
contract
businesses,
is a
in many An SLA
As it hap (SLA).
of the d
cloud service provider nd the
service p r o v i d e r

through a
Service
Level
Agreement

the terms of
responsibility

unable to meet the terms T h.

The SLA docum sATVWe
It defines is 1se
service provider.
if the provider because after the user starts
credits (penalty
or
fee-reduction)

service provider
is critical,
are usuall,
Using the
between the user and the
cloud
and application
availability
ond t
security, privacy,
cloud, data
public
user's control. data to an external provid.
the services and ine
outsourced
as a user who has The cloud service ider
provider
controls the us
control.

However, you, and privacy.

for service availability does not perform accord.
answerable provider
to be
thus, in
the cloud
service
liable for hbreaches an
SLA to hold the provider
case
data and services, previously-agreed-upon
c a n use the
agreement, you
economics, but
that should not diminish the val.

value in terms of
Cloud service delivers great over-emphasize the significance.
sometimes claim
that customers
of
anSLA. Cloud service providers how the technology is applied to benef:. the
than on
fret over the potential outages
an SLA and
of each term are necessary to set the base-leel
vel
and a close scrutiny
business. However, the SLA
expectations.
need to be wary of when contracting with ud
cloud
Gartner has published four risks that IT managers

providers (Gartner article ID 1579214):

mature for all markets.
Sourcing contracts are not
Clauses in the contract document are usually written to favor the provider.

The clauses are not transparent.

Contract documents do not have clear service commitments. Their responsibility is limited to
their equipment and software. The clause often does not have details such as quality of service

and implications on fee.

Despite the various SLAs and outage-related penalties, outages still occur. Some forms of outages are
as follows:
Hard disks with rotating platters and heads crash.
Viruses and malware thatsometimes circumvent the Intrusion Detection System (IDS), Intrusion
Prevention System (IPs), Unified Threat Management (UTM), and firewalls.

Operators may inadvertently cause hardware and software glitches.

The transparency, customer service, and convenience of giving credits on the part of the cloud
service provider important in your relationship with the service provider. The SLA should
are

provide you comfort about moving your services and data to the cloud service
gives you an idea if the cloud service
providers site. it
ai
providers take your application uptime seriously.

300
 SLA with Cloud
Service Providers
EXAMPRISM

e r v i c ec r e d t s ansumers are not a

replacement tor the
to hOst
hos businesses. Service redns hard and soft losses
reduction and suffered by consumers who
cloud
the are just a
Useercentageofthe total monthly bill. usually capped to a certain
of an SLA
The Concept
cloud-service SL is a doc ument
defining the
A
Aation or individual consumer) and the cloud
agreement or
interaction betweenthe customer
(orgar service provider. An SLA must contain
following: the
ict of services the provider offered to you along with a
definition of each service
Easy-to-understand metrics to evaluate if the
provider is
delivering the service at the
levels promised

a Mechanism to monitor the service

a Customer responsibilities such as

using licensed and tested
applications on laas Virtual
Machines (VM), storing legitimate and virus-free data, not
tenants' VMs or accounts
attempting to break-in to other
Remedies or credits to be given if the terms of the SLA are not met
a Expected changes in the SLA over time

Cloud providers offer the following types of SLA:

Off-the-Shelf SLAs- You can find this on their website. They offer credits toward the
monthly
bill for SLA violations. These are non-negotiable and
usually unacceptable to enterprises
wanting to host critical services on the cloud. Examples for these are included later in this
chapter.
a Negotiable SLAs-These are more expensive, because they are customized for the client.

The SLA document contains Service Level Objectives (SLOs) and business level objectives. An SLO
defines the characteristic of a service in specific and quantifiable terms. Following are a few specific
SLO examples:
The application must not have more than 15 pending requests at
any instant
Response for a read request should initiate within 3 seconds.
D a t a must be stored within the Arlingtonand Singapore data

EXAM PRISM
Busin the basis for SLAs and SLOs, and
define why the customer needs to use cioud
Corondvel objectives are
Computing.
The SLOs you need applications and your use of thecloud. This is an internal
pend on your over IT
operational cost savings, ongoing control
document with business goals such as
i decision making from
1T teams to individual Business
ucture, budget changes, and move
with the cloud service provider
Units (BUs).
s ) T h e s e internal goals form the basis for the SLA
301
 Chapter 18
R e q u i r e m e n t s

and «ified within an SILA Some of

SLA Aspects
consnderations
that
must
be speci the key leen
beow:
1 a u s

described
There
are
SIA are abos
that help makea
omaet

Availability- The SLA

docuent
must have

F'or
information

mission-critical services
ervice uptime The
the uptimne mut
or higher.
be 99,5%
Service
.
ptime ought to
u
actual uptime is lower
only il the ne in the
to you
Credits are given A
909. careful perusing:
areas
that need
the few
are
the uptime. Ideally
Following
will inform you
about
should beor
.Specify
how the provider each
which is usually monthly.
billing period, as downtime. For cxamnl
duration to qualiy
minimum outage
. Specify the must be specified in the SLA.
or more.
These
minutes, 20 minutes,
SLA downtime over the
Note that some cloud providers average their entire year That
for longer periods in some weeks.
means your
service could be down

that the downtime should

be for user service or data and not for a componeni .
uch as
. .

Note
database, or application.
server, storage, connectivity,

SNAPSHOT
The SLA may have the downtime promised for server availabily. However, if the storage or data ie.
down
having the server up is useless. The service should be up and running, and accessible, which implie that
server, storage, application, network, and all the elements in between should also be up.

a Data Locations. - The SLA must specify the data locations. Many countries prohibit personl
data of citizens to be stored outside the border. For example, there are regulations that force
sensitive data, such as healthcare and finance, to be located within certain geographical
boundaries. The SLA must specify the locations and data centers where
your information will
reside. You should have the
right to visit and audit the attributes of the data center
such as
physical and network security, Disaster Recovery (DR) strategies, maintenance processes,
electrical and cooling
redundancy, etc.

Availability Zones-Some public cloud providers have data

Zones replicated to different Availabilit
(AZs), which are its data centers for
outage
replication. In some cases, the SLA penalty and
are
applicable only if all AZs are down. If the cloud
access
storage at the new AZ and replicate data provider adds an AZ, you need to
to the new AZ. If if all your and
data are down, not, even
Hid
you will be not be for eligible credits.
Downtime Credits-1The
provider may put a cap on the
customer's bill that can be
reduced for downtime
percentage (for example,
meager and less than the hard credits. The credits, if cappea, a usuall
and soft losses such
image, morale, or as lost sales
opportunity, gooaw brand
productivity.
302
 SLA with Cloud
Service Providers
.istion Note
Initiation-
-
who
Note who has the
burden of initiating a credit.
Credit Most providers
,
This
TH is a problem with SLAs. Besides, put the onus
on
the
user.

the SLA may require you

to initiate the credit
within a specitic time, for
example, within 30 days of the outage or 10 days of
o t e the
reyue

Also, the credit processing time in theSLA. Determine

note receiving a
if the
bill.
nonth's bill or after 6 months.
will show credit on
your
nevt

J Timie
Mean Time To Repair-Some SLAs may give you a Mean Time To
Repair (MTTR) for issues.
that vour provider give you
Insis
an MITR in
the SLA. If the time taken is more than the MTTR,
the provider must issue you credits for the extra time taken.
Protection-The SLA should specity details for your data backups such as frequency,
storing tapes offsite, etc. It should also specity if the data is replicated to remote sites for DR.

Data Encryption-SLA must specify if the data-at-rest and in-motion will be encrypted or not.
Details of encryption procedures and access policies must be specified.

Regulatory Requirements-It your enterprise needs to comply with certain regulatory requirements,
Such as data retention, encryption, data privacy, authentication, and authorization policies, etc: you
must outline all such requirements in your SLA. Besides, they must be transparent to you and help
audits.
you during your compliance
Certifications-The SLA must specify that the provider has and will maintain certain
Standard (PCIDSS), Health
certifications such Payment Card Industry Data Security
as
e Act (HIPAA), etc. These are important for compliance.
Insurance Portability and Accountability

p ExAM PRISM performance and availability.

Common metrics
metrics to measure
The SLA must have easy-to-understand
are
Network and storage throughput
Application response speed
Maximum number of outages per month remove resources in reaktime must
to add or
important, then the ability
f user, lbad-based, and dynamic elasticty
are

be an SLA requirement. in
service provider to notity you
require the cloud
Advance Notification-The
SLA must
reluctant to post information
scheduled maintenance or
downtime. They may be must at
advance of any but they
on their
website to avoid bad publicity,
dbout unscheduled outages publicly credit requests.
After a n issue is
file
and help you
east inform you by e-mail
or phone
breaches, regardless
of whether the
about security need to be
share information risk. Thus, you
alscovered, providers must to the s a m e
Your data is subject data.
C a c h impacted your
data or service. m e a s u r e s to
s e c u r e your

can implement
so that you
a r e of what is happening, will be available during
if the services
Periods-The SLA must specify maintenance
windows
Maintenance the
eauled
the SLA uptime during Continuity
periods. If yes, and Business
neduled maintenance replication
with the
information about copy is
down.
along when the primary data
b e specified scheduled
maintenance or 303
Plan (BCP) work during
*dnning
Chapter 18 cloud
providers
have gone ut-of-business. The SLA mus
out-of-bue:

1 week, for toyou

Notice Period-Manv
for example,
3 onths
mont or
migrateyyour data
Closure

outline the
closure
n o t i c e period,

site, if
the proVider
were to shut
the
operations.
down its
Dro
cess of
ar

In case
La
to
another of the provider,
and
service
seize the property and
(LEAs)
Agencies
Enforcement
be specified.
m u s t also
data
may have a clause
s...
of your Your SLA
backing up hidden costs.
a reported
for
the SLA consumer can be billa.
Hidden
Costs-Read
consumer's
fault, the ime and
due to the be no n
found to be might might limit
n
is there
there upper on
problem the issue. In
such a case,
the hil
used to investigate ta decide if the reported problemproblem is due to :a consumer's fault
material if the reported
statement on
how to decide
amount o r any
d o c u m e n t s Signed both parties. ho..
by
SLAs are paper they owever, they
Terms-Normally,
on a website. That should be
he uld e
Floating
terms that are published considered an
refer to policies and change. Ihe cloud provider may not ha..
the websites can
uired
for oncern. The files
on
area
terms. Sometimes, cloud providers may
need he
to the
to inform of changes
customers
must specify what cancan ot
or
some SLA terms. However, they be
flexibility to change
terms should be applicable to all the customers. They must infor U
changed, and the new
exit clause, if the new terme
SLA must have an easy
customers before the change. The are

unacceptable.
data center and the cloud provider are located
You should be aware of the local laws where the f
or the cloud provider goes bankrupt
law enforcement agencies seize the cloud provider's equipment
save or migrate your data to your enterprise or to another
they give you enough notice to
should
that cannot be specified in an SLA. For
cloud provider. Moreover, there are certain important aspects
be in business in three or five years from now? You need to be
example, will the cloud provider
comfortable with the financial stability of the cloud provider.

EXAM PRISM
Customers must demand that they get the folowing rights from the coud provider:
Assurance of service quality
Transparent information on financial state of the cloud provider
Compliance to regulatory requirements

With so many cloud providers available at low cost, cloud providers can have cash-flow problems
and wind up. You need to have information in advance to ptepare your migration to another
provider or to an internal infrastructure.

SNAPSHOT
An SLA should be beneficial for both the
customer and the cloud orovider. Also, it should be the best
for the business. Aways >
prepare an SLA is balanced anda
that
win-win for all parties

304
 SLA with
Cloud Service
Service vailability Providers
Difterenl o rOVides have dillerent availability
g9999uptime.
9 In guarantees. They may offer you 99999%
00
90,
99»,
Or
case of an oulage, they
Jt he from 30
hie h could be
the 1sste, wh minutes to a tew hours. may specify Time To Resolve (TTR)
a

Note that some for

any 1 7 R
providers do not specify
aValal
crvice is
imporlant, because the
less thanthelahilily in the SLA. If
The
the SLA
provider gives you credits only if the
e tha
perid heduled downtime.
o f non-sch If the
availability is
100%, the provider credits uptime is
availability is
995%, they are
back for
any
lowntime per-year (or around 21 minutes
per
entitled
to 43
month). The credits are released only
hours of non

outage exceedsthe 21 minutes for any billin month. if the

SwAPSHOT

reviewingan SLA. gather all he concerned people involved from

When

ACCOunting, elc. torev/ew

the fine print. security, IT, business
divisions, legal
Cloud Outages
Tadefinition of outage is important, because it allows
you to calculate the credits. Outages are
hased on the amount of service downtime. Providers have different to ways calculate downtime for
different services that they offer.

Sometimes, an SLA can include parameters other than downtime period. For example, Amazon $3
uSes error rate as a parameter, which is defined as the total number of internal server errors returned
by Amazon $3 as error status "InternalError" or "ServiceUnavailable" divided by the total number
.'
of requests during that five minute period. Amazon calculates the "Error Rate" for each Amazon S3
account as a percentage for each five minute period in the monthly billing cycle. Monthly uptime
percentage is calculated by subtracting from 100%, the average of the 'Error Rates' from each five
minute period in the monthly billing cycle.
Also note whether you have the onus to notify the outage and request credits or will the cloud
the has the onus to notify
you the credits. In most SLAs,
consumer
provider automatically give
Outages and initiate the claim for credits. In addition to this, some SLAs require the user to request
credits
claims within a certain number of days. For example, the provider must receive
a request for

within 10 days of the outage or after the bill is sent to the user.

burden. They are trustrated being at

e onus on thefor claiming credits is an additional
users
Moreover, they
productivity, and customer business.
ed to bear the
outage, loss of employee you for SLA
Cloud providers should auto-pay
t r a c k and request the outage credits. morale
in comparison to the lost business and
a t o n s . The monetary credit, in any case, pales

305
 Chapter 18
Breaches
for SLA credit
Credit
Calculation
the outage
duration to estimate redits. Credits are
various ways to use
calculation process, the total
usual
There could
be

percentageor part
of the bill
anmount.
Besides

allow at
the
most 20% or 30% of the bill allowed shmlt
as cre whil
providers than 10noo
also be
considered.
Some
bill amount (but
n o n e offer more
0%, that is
100% of the pay
others may allow up to

for the month).

money

they will refund you one day's wor Ge

SLA states that
For example, a cloud provider's
of the website. If your
website is down for tha 3
more
hours but
hosting fers
in iable 1. les
for each 60-minute
downtime
of credit is sho.
of fees. Another example
than 4 hours, your
credit is 3 days' worth efor the
and allows up to 100% refund
SLA of 99.9% availability month, t
where the provider has
an

less:
the uptime is 96.5% or

99.9%
for an SLA Uptime of
Table 1: Example Credit
Month
Reduction (Credit) in Monthly Service Fee
Uptime Percentage for the Example

99.89% -99.5%
10%
25%
99.49%-99%

98.99% -98%
40%

97.99%-97.5% 55%
97.49%-97% 70 %

96.99% -96.5% 85%

96.5% or less 100%

If the downtime for the month is 240 minutes (tha* is 0.5556%), the uptime is 99.44%,
credit back to you is 25% of the monthly fee.

Sample SLA 1: Amazon $3 SLA

Cre
Service Commitment
AWS will
commercially reasonable efforts to make Amazon S3 available with a Monthy
use

Uptime Percentage (defined below) of at least 99.9%

"Service Commitment"). In the event
during any monthly billing cycle (the
where Amazon S3 does not meet the Servie
Commitment, you will be eligible to receive a Service Credit
as described below.
Definitions
"Error Rate" means: The total number of internal
error status
server errors returned by Anaa
"Internal Error" or
"ServiceUnavailable"
divided by the total numo
requests during that five minute
period. We will calculate the Error Rate for each A
S account as a
percentage for each five-minute period vcle The
in the monthly biling
306
 SLA with Cloud
Service Providers
sleulation ot the number ot internal server
errors will not
directly as result ot any the Amazon Ss
a ot include errors that arise
SLA Exclusions (as defined below directy
bl Uptime Percentage Is
calculated by subtracting from 100% the
r Rates from each five minute period in the
monthly billing cycle.
average of the
Seryice Credit" is dollar credit, a

Amazon
calculated as set forth below, that may credit back
S3 acount. we
to an eligible
Service Credits

cice Credits are calculated as a

percentage of the total
charges paid by you for Amazon 53
far the billing cycle in which the error occurred in accordance with the schedule below

Monthly Uptime Percentage Service Credit Percentage

Equal to or greater than 99%
but less than 99.9% 10%
less than 99% 25%
otherwise due
We will apply any Service Credits only against future Amazon $3 payments
to the credit card that you used to pay for
from you; provided, we may issue the Service Credit
error occurred. Service Credits shall not
entitle you
Amazon S3 for the billing cycle in which the
other payment from AWS.
to any refund or

for the applicable

A Service Credit will be applicable and issued only if the credit amount
not be transferred
than one dollar (US$ 1). Service Credits may
monthly billing cycle is greater the AWS Agreement, your
sole
Unless otherwise provided in
any other
to account.
or applied of Amazon $3 or other
failure
or non-performarnce
and exclusive remedy for any unavailability in accordance with the

Amazon S3 is the receipt

of a Service Credit (if eligible)
by us to provide
of your use of Amazon S3.
terms of this SLA or termination

Procedures
redit Request and Payment an e-mail message
to aws

must submit
a request by sending
1o receive a Service Credit, you must
the credit request number
[email protected]. To be eligible, (the a c c o u n t
of the e-mail message
number in the
subject
(6) include your a c c o u n t
Account Activity
page)
the top of the AWS incident ot
non-zero
Error
Can be found at
dates and times of each
e-mail, the
nclude, in the body of the
claimed
claim to have
experienced corroborate
your

Rates that you and

document the errors be removed or

server
request logs that in these logs
should
C u d e your information
sensitive
confidential or
utage (any
replaced with asterisks)
307
 of
d of the
the hitt.
Chapter18
within ten (10)
business days
after the end
billing
cycle whixh in
by us applicable to
the
(iv) Be
recreived

the errors occurred.

If the Monthly Uptime Percentage
99.9%, then we will issue issue the
month of such,
#h.

confirmed by
us and is less than
which the e r r o r e
Service
error occurred. YourCredit
request is the month in
following
within one billing cycle, required above will dis.
falur
vou

to provide the request

and other
information as
ualify you trom
receivinga Service Credit.

Exdusions
Amazon S3 SLA
not apply to any unavalla Dility,
suspension, teTmm
The Service Commitment does
issues:
or
ermination
other Amazon S3 performance
Amazon S3, or any the AWS
described in Section 6.1 of Agreement
That result from a suspension
)
including any force maienw
control,
() Caused by factors outside of our reasonable
Internet access or related problems
beyond the demarcation point of Amazon S3
actions or inactions of you or any third party
(ii) That result from any
(iv) That result from your equipment, software, or other technology and/or third-par

equipment, software, or other technology (other than third party equipment within
direct control) or

()Arising from our suspension and termination of your ight to use Amazon S
accordance with the AWS Agreement (collectively, the "Amazon $3 SLA Exclusions"
the availability is impacted by factors other than those used in our calculation of theE
Rate, we may issue a Service Credit considering such factors in our sole discretion.

Following are a few red flags in the Amazon SLA:

aAmazon will
make a commercially-reasonable effort for uptime." This is ambiguous. T
efforts will be inline with what Amazon can
spend. In this case, the consumer suffers from s
losses such as lost opportunity, stake-holders morale, etc.
The 25% service credit will be for downtime of
anything more than 1%." A 40% downime
still get you 25% credit.

Various clauses, such as

replication, maintenance or breach notifications, performanec, c astcir
etc., are not mentioned.

"To receive Service Credit, you must submit a

a
request by sending an e-mau nie
[email protected]" another red flag. You may get too
is
you may provide delayed to qualiry i
aware of the exact
information that they consider irrelevant or incomplete. You may d
time, nature, or cause of the
downtime.

308
 SLA with Cloud
Service Providers
Sample
o SLA SLA 2: The Rackspace Cloud Server SLA
Coud Servers Service Level Guarantee
Rackspace rovides the same guarantee for
Cloud Servers
hosted servers. Specifically:
as
Rackspace does for traditional

Network

We guarantee
that our data center
network will be available
100% of the time in
monthly billing period, excluding scheduled maintenance. any given
Data Center Infrastructure
We ouarantee that data center HVAC and
power will be functioning 100% of the time in any
iven
8 monthly billing period, excluding scheduled maintenance. Infrastructure downtime
Pxists when Cloud Servers downtime occurs as a result of power or heat problems.

Cloud Server Hosts

We guarantee the functioning of all cloud server hosts including compute, storage, and
hypervisor. If a cloud server host fails, we guarantee that restoration or repair will be complete
within one hour of problem identification.

Migration
If a cloud server migration is required because of cloud server host degradation, we will notify
unless determine in our
you at least 24 hours in advance of beginning the migration, we

that must begin the migration sooner to protect your cloud server
reasonable judgment we
hours the
will be complete within three of
data. Either way, we guarantee that the migration
time that we begin the migration.
Credits
credit. Credits will be
stated above, you will be eligible for a
we tail to meet aguarantee affected by the failure for
of the fees for the cloud servers adversely
calculated as a percentage at the end
occurred (to be applied
which the failure
tne current monthly billing period during
of the billing cycle), as follows:
of network
downtime, up to 100%
the fees for each 30 minutes
Five percent (5%) of
erwork: to 100%
of the fees. downtinme up
infrastructure
of
each 30 minutes
Daa Center Infrastructure: 5% of fees for
to 100% of the
of the fees downtime up
fees foreach
additional hour of
loud Server Hosts: 5% of the
l00% of the tees
fees hour of
downtime up to
additional
for each
gration: 5% of the fees Guarantee:
Level
of this Service instance.
initions: For the p u r p o s e s virtual
machine

a your unique
loud server" mean 309
 the
for the monthly

machine billing,
instanc pernandod
servers
cloud
your
Chapter 18 ees
tor
the monthly
virtual
means

sernerees"
incudes

and
Cloud occurred
the laihure
which
in clos!
which hosts your
bandw idth charges. server
urm

the physical
"Cloud
server
host
neans

of
Rackspace's network extending
means
the portion
host to the
outbound nor
outbound port of the from
"Data
center
network"

cloud
server
data center thet

network egress
point of your
the
border router. but does not include the n.

cabling,
PDUs, and e
includes UPSs,
"Power
cloud server hosts. leact
that is a n n o u n c e d at

"Scheduled
maintenance"
means
maintenance

minutes in any calendar nonth.

mo
business Defit
not exceed sixty
and that does Dor
days in advance,

Limitations
are in breach or your services agreement with Racl.
credit if you pace
You are not entitled
to a
until you have remedied the breach V
to us)
(including your payment obligations not have OCcurred but for your breach o
credit if downtime would our
entitled to a Server's system.
misuse of the Cloud
with Rackspace or your
agreement
account team within thirty (a0
contact Rackspace's
To receive a credit, you must
use of the Cloud Servers serui
lays
downtime. You must show that your
following the end of the
the downtime in order to be eligible for th
was adversely affected
in some way as a result of
is your sole and exclusive remedy for Cloud Sera rvers
credit. This Service Level Guarantee
unavailability.

Following are a few red flags in the Rackspace's SLA:

"Power includes UPSs, PDUs, and cabling but does not include the power supplies in cloud server
hosts." It also excludes power grid, diesel generator sets, panels, and several electrical devices.

a Failure of air-conditioners, physical security, and network devices is not given in the SLA.
"You are not entitled to a credit if downtime would not have occurred but for your breach of
your agreement with Rackspace or your misuse of the Cloud Server's system." This is a
problem. The guidelines for breach or misuse are open-ended and the cloud provider can use is
own discretion.

"To receive credit, you must contact

a
Rackspace's account team within thirty (50) aayd
tollowing the end of the downtime." This is a
limitation. Also, the next sentence leaves it
the cloud
provider to see if your claim is up
justified and your service was adversely affected. It aiso
puts the onus on the customer for initiating and
justifying the penalty credit.

310
 "Credits l d be available but for this
SLA with
Cloud Service
limitation Providers
This limits the will not
p e r i o d

penalty to the
nonth of be
occurrence and cannotcarried forward to future billing
be carried forward
Sample SLA 3: Google Apps SLA
Term of the applicable
the
Du Google Apps Agreement (the
ervices Web interface ill be "Agreement"), the Google
ime in any calendar month (the "Googleoperational and available to Customer at Apps
least 9.9% of
and if Customer meets its
Apps SLA"). If Google does not meet
AppsS obligations under this the Google
Google
oligible to receive the Service Credits described below. Apps SLA, customer will
as
the
This Google Apps SLA states
stomer's sole and exclusive remedy for any failure by
Google Google Apps SLA. to meet the
Dofinitions: The following definitions shall apply to the
Google
nawntime" means, for a domain, if there is more than a five Apps
SLA.

is measured based on server side error rate.

percent user error rate. Downtime

"Google Apps Covered Services" means the Gmail, Google Calendar, Google Talk, Google
Docs and Drive, Google Groups, Google Sites, and
Google Apps Vault components of the
Service. This does not include the Gmail Labs
functionality, Google Apps -

Postini Services,
Gmail Voice, or Video Chat components of the Service.

"Monthly Uptime Percentage" means total number of minutes in a calendar month minus
the number of minutes of downtime suffered in a calendar month, divided by the total
number of minutes in a calendar month.
"Service" means the Google Apps for Business service (also known as Google Apps Premier

Edition), Google Apps for Government service, Google Apps for ISPs service (also known as
Google Apps Partner Edition), Google Apps for Education service (also known as Google

Apps Education Edition) or Google Apps Vault (as applicable) provided by Google to

Customer under the Agreement.

"Service Credit" means the following:

term (or
to the end of the Service
Monthly Uptime Percentage Days of Service added the value of days of service for
to
monetary credit equal to Customer
billing customers), at no charge
monthly postpay

<99.9% >=99.0% 3

99.0%->=95.0% 7

95.0% 15
Credits described
receive any of the Service
order to
Service Credit. In customer
becomes
Omer Must Request days from the time
customer must notifyGoogle within thirty will forfeit
with this requirement
Vethe Failure to comply
"5e toO receive a Service Credit.

311
Chapter 18
Credit.
Service
to receivea iber of Service Credit
customer's right number
aggregate
maximum
be issued by
Service Credit.The that occurs
single calends
in aa single calendar month
hal net
Maximum downtime

for all the term for the

Google to the customer

Service
added to the
end of
customer's
c
Service
e..
(or the
the val.,
value
days of to a monthly-billine of
exceed fifteen monetary
credit
the form of
a
monetary am
15 days of
Service Credits
service

may
in

not be exchanged
for, or
converted to,
mounts, except for
monthly billing plan.
customers who are on Google's
SLA does apply
not to an.

Google Apps
SLA Exclusions. The Google Apps
stated in the documentation for
for such
services that
this Google Apps
SLA (as services or
exclude
expressly
any performance issues:

described in the "Force Majeure" section of the Agreement. or

caused by factors
) both
or third party equipment, or (not
Customer's equipment
. .

that resulted from inthe

(i)
primary
control of Google).

a few red flags in the Google SLA:

Following are
of the Service Credits,
customer must notify Google within thirhi
davs
.

"In order to receive any

This puts the initiation onus on
the customer.

There are no means of notification of maintenance windows or SLA breaches that ther
nave
identified for the cloud provider
There is no mention of the various critical SLA aspects such as data, network or physca

security, resource elasticity, performance levels, MTTR, etc.

Sample SLA 4: HP Cloud Compute SLA

Service Commitment
HP commits that HP Cloud Compute will be available 99.95% or more of the time in a gven
calendar month. If we (HP) fail to meet this commitment, just let us know and we will appiv
service credit to your account. The service credit
applied will be calculated by muliplving a
total charges for HP Cloud Compute in a given Region during the month we failed to mer
the commitment by b) the percentage credit you qualify for in the table below:
Monthly Availability % (per Region) Give
Credit to Bill for HP Cloud Compute for a

Region (Not Total Bill)

100% to 99.95%
<99.95% to 99.9%
5%
<99.9% to 99.5%
10%
<99.5% to 99%
20%
<99.0%
30%

312
 SLA with Cloud Service
Providers

D e f i n i t i o n s

I P Cou
Campute refers to HP's
compute service, and does not refer to
d i n e but not limited to: the HP Cloud peripheral or separate
management console, HP Cloud language
P Cloud command line tools, HP Cloud CDN, HP Cloud
Block Storage, or HP Cloud
Object Storage.

Mnstalnce" means a customer s virtual machine created within HP Cloud Compute. A

an"represents a geographic area that is no more than 100 miles in diameter and consists of
Region
iple physically separate Availability Zones. An "Availability Zone" is a deployment of HP
Caud Conmpute, which consists of a separate APl endpoint in which the customers can choose
to create instances.

Monthly Availability o i s calculated per Region on a monthly basis, as 100% minus:

Total instance-downtime-minutes, divided by

()
(i) Total instance-minutes

Total instance-minutes" is defined as the aggregate amount of time all instances are running for
a customer during a given month in a given region.

the of each instance's downtime

"Total instance-downtime-minutes" is calculated
as sum

month.
minutes, during the course of a
minutes" are accrued starting at the beginning of the
first 6
For each instance, "downtime
was unable to launch a
was inaccessible and the user
minute interval during which the instance
and continue until the ability to launch a replacement
replacement instance in the s a m e region, instance to
instance is restored, including the time
that would be required for a replacement

become accessible.
instance could not respond to
Inaccessible" meansoperating system in the replacement
that the
minutes or more.
security group configuration, for 6
AM or network requests, despite proper
instance could respond to
in the replacement
Accessible" means that the operating system

network requests. to
was sent
Region" means that request
a

replacement instance
in the same
Unable to launch a instance actually
for that region but no replacement
cach Compute API endpoint
HP Cloud

started and became accessible. "total

activity, defined as having 0
has no HP Cloud Compute availability
Any region in
y whicha customer
deemed to have
had 100%
given month, will be
insta
ldhce-minutes" on their bill in a

1or that customer for the given month. in more

to run instances
be running or trying
must the customer's
a customer
credit of time when
De eligible for a service
region during
the period
Availability Zone within
a
one
a
instances were inaccessible.
313
 Chapter 18

Exclusions
You are not entitled to a service credit if you are in breach of your Customer
Customer Agreement with
HP, including your payment obligations.
The inability to launch new instances due to exceeding your account quotas
formed APl requests are not covered by this SLA.

To receive a service credit, you must file for a credit within 30 days, following the
g the
month in which availability was not met by contacting HP via the "Contact Ue of the
www.hpcloud.com website with a description of the downtime, how you were
link on the
affected, an the

how long. HP right to withhold any credit if it cannot verify the downt
reserves the
cannot show that you were adversely affected in any way as a result of the or you
downtime
me.
This Service Level Agreement does not apply to any downtime, suspension, or
termination of s. ..

services:
Othat result in account suspension or termination due to breach of the Customer Aoreo
eement
caused by factors outside ofreasonable control, including any force maieure ot
our

Internet access or related problems beyond the demarcation point

of HP-controllod data
centers.

that result from any actions inactions of you

or or
any third party.
O that result from your
equipment, software or other technology and / or third parh
equipment, software or other technology (other than those which are under our
control).
direct
The service credit remedy set forth in this Service Level
Agreement is your sole and exclusive
remedy for any failure to meet availability of HP Cloud Compute.
Following are a few red flags in the HP SLA:
"The inability to launch new instances due to exceeding your account
formed API requests,
quotas or improperly
are not covered by this SLA." The statement leaves the
scope of
interpretation
improper APls open for the provider.
O "You are not entitled to a service credit if you are in breach of your Customer
HP." This Agreement with
keeps the Customer
Agreement as a URL, which can be changed by HP in the future,
after the SLA has been
physically signed or electronically accepted.
"HP reserves the right
withhold credit if it cannot
to
that you were
verify the downtime or you cannot show
adversely affected in any way as a result of the downtime." The statement allows 2
HP to decide on the
eligibility for service credits.
OLike many other cloud
providers, there are no means of notification of maintenance
SLA breaches that the windows
provider have may identified.

314
 SLA with
mention of various critical Cloud Service
There
i sn o
SLA Providers
perforn
aspects such as
data, network or
elasticity, rmance levels, MTTR, etc.
esource

physical security,
Points t o R e m e m b e r

or a service
An SLA is a part contract where the level of
A service is
all parties. documented and agreed by
binds the provider meet user and regulatory
to

SLA or a customized
SLA. requirements and could be a standard
management includes negotiation, monitoring, and
Should have clear definitions and
enforcement of terms.
4 An agreed levels for various terms such as
nse rates, service uptime, credits for MITR,
respoi outages, transfer rates, throughput,
other measurable criteria. elasticity, and
5
The provider must initiate and share with you all the
required data for outage-related credits in the
monthly bill.

The SLA must contain SLOs for availability, security, performance, etc.
6
7 The SLA must describe the mathematical process to calculate service availability, billing, and
credits (or cash-back).
8. The SLA penalty will reduce your monthly bill by 10-50%, but your financial losses, lost sales
loss of customer goodwill and faith, loss of employee morale will be difficult to recover.

9 Various clauses, such as replication, maintenance or breach notifications, performance,

elasticity, allocation of resources to meet high workloads, etc., may not be in the SLA. You must
insist for these criteria to be officially expressed for your records.
10. You must insist that the cloud provider notify you of SLA breaches and outages. The onus
is on you, it
should be on them to initiate service credits for SLA violations. If the responsibility
is likely that you may get disqualified for late filing or for providing inadequate
time, nature, or cause of the SLA violation.
intormation.You may also not be aware of the exact
of
. n some SLAs, the terms are that the Service Credit will
begiven if there is a clear proof
to decide if the damage to your
amage to the customer's business. It allows the cloud provider
credits.
Dusiness is severe enough or not to qualify for service scheduled
from cloud providers on

besides the SLA, meaningful proactive transparency

Your cloud providers must post these
etc. are necessary.
utdges, expected performance issues, week.
time of at least one

h e i r website giving you sufficient advance of service

root causes
determining
cloud SLA is the
complexity of
E downside of a

interruptions.
315
 Chapter 18

14. As a reactive measure, the provider must do a post-mortem of all service..

vice-imp cting, 19sues otd
report causes, downtime, security breaches, and nform the results
MTTR and inform the
nd
and enenU
service credits to all the customers.
Your cloud provider must adhere to available cloud standards, maintajin ceu
15. aintain certific.
for its services and processes. OTS, «nd
comply with regulatory requirements
16. The SLA must clearly ask for their willing and proactive participation durino.
verification, security post-mortems, or tracking root cause of SLA violations. Compliarce

316