Forum OpenACS Q&A: Re: Service Level Agreement negotiation

Collapse
3: Re: Service Level Agreement negotiation (response to 1)
Posted by Walter Smith on 05/22/03 08:37 PM
SLA's are a known problem in the industry.  For an excellent treatment of the subject and a really good primer on colo/hosting/managed services, you can check out Doug Kaye's book, "Strategies for Web Hosting and Managed Services."  He's got a web site at http://www.rds.com/books/.

Below is one of my works in progress, an internal document for evaluating and negotiating with managed services providers.  At this point it is incomplete, but there are some important points, and maybe someone else can step in and fill in the gaps.

COLO/MANAGED SERVICE PROVIDER EVALUATION
Assuming a combination of colocation and managed services, that you are providing rack space, power, connectivity, and related services as well as additional managed services.

The need for managed services is because I have to offer my clients a service level based on web site uptime, not just hardware or network uptime.  The typical colocation facility will provide an SLA that guarantees “power and pipe,” but there are so many other things that can go wrong.

Coverage - I think of managed services as a
- 24/7 NOC - a network operations center that is staffed at all times
- Off-hours/overflow customer service support -
- Documentation/runbook
- Backup, recovery, and reboot

The dilemma for businesses running the OACS is that it doesn’t fit into the standard managed services packages, which ordinarily only support a limited number of the most common applications and operating systems.  You are then stuck paying for a much more expensive "custom" managed service package, and still not getting comparable support because perhaps they have only one or two people on staff who have been trained in your configuration.  In this sense it is desirable that the MSP be "specialized" in the applications needed to run OACS, although this raises the concern that they will not have enough business to support themselves on that.

Application Support - typical managed services packages only support a limited list of applications and a couple of OS's, usually Windows 2000 and Redhat. Obviously, it would be important to make sure they will support the variations/customizations necessary for your environment.

Monitoring -
- Web site monitoring and alert notification
- Traffic monitoring and shaping

Hardware acquisition assistance – purchasing recommendations, capacity planning assistance, leasing arrangements.

CDN

Network security

No single points of network failure:
- Redundant bandwidth from multiple tier-one providers, favorable peering arrangements, and BGP4 – peak usage at less than 60% of capacity so that the network can support the loss of any one connection.
- Redundant network routers cross-connected to the redundant backbone connections.

Staffing:
How are you staffed?  How many people, what’s the structure, who knows what, etc.

Pricing:
What is your pricing model?  Time-and-materials, flat-rate, retainer, etc.?