Assignment 2Service Level Agreements for Internal and External Projects (Submit to this assignment)Service Level Agreements for Internal and External ProjectsService level agreements (SLAs) have been around since the 1960s when IT departments used them to assess technical services like the uptime of data center. However the SLA has evolved not only to guarantee IT services like email or specific software applications but now are an important component for gauging the performance of projects and outside service providers.According to Lynn Greiner and Lauren Gibbons Paul “A service level agreement (SLA) is simply a document describing the level of service expected by a customer from a supplier laying out the metrics by which that service is measured and the remedies or penalties if any should the agreed-upon levels not be achieved.” Moreover SLAs can be between an organization and its external suppliers as well as between two departments within an organization.For example an IT department or Web hosting company may pledge that a Web site will be available for what is commonly called “five-nines ” or 99.999 percent during a year. That would work out to be about 5.26 minutes of downtime during the year. Therefore the SLA must document clearly all of the agreed-upon contract services expected metrics and responsibilities into a single document. Both parties should have the same understanding of the requirements so that neither side can claim ignorance.Many service providers will have a standard set of documents outlining pricing for different levels of service. On the other hand pricing and services can be negotiated or as part of a request for proposal (RFP). However all important contracts should include an SLA and be reviewed by legal counsel to ensure the SLA does not slant in favor of one party over another. This is especially important if the SLA includes penalties for breach of service or bonuses for rewarding excellent service. In many cases an SLA will include (or not include) a clause for indemnification whereby a provider will have to pay the customer for any litigation costs resulting from a breach of contract.Subsequently metrics are an important component of an SLA that can be made available on a Web portal or by a third party organization hired to monitor a vendor”s performance and supplement the information that vendor provides. However Greiner and Paul caution “Many items can be monitored as part of an SLA but the scheme shouldbe kept as simple as possible to avoid confusion and excessive cost on either side. In choosing metrics examine your operations and decide what is most important. The more complex the monitoring (and associated remedy) scheme the less likely it is to be effective since no one will have the time to properly analyze the data.” In short metrics and measurement should motivate the right behavior.In addition Greiner and Paul outline several types of metrics that should be used to monitor an SLA:· Availability of service—The amount of time a service will be available (e.g. 99.999%)· Quality standards—This could include defect rates like the number of incomplete backups or missed deadlines as well as coding errors.· Security—The number of security breaches or the number of ant-virus updatesSLAs can serve as an internal contract especially if the IT department is viewed as a business within a business in the organization. These internal contracts are not legal documents designed to hold up in court. An internal SLA should document an agreement between the internal customer (i.e. users) and the supplier (IT department) to hold people accountable for their end of the deal.For example Dean Meyer contends “[internal] contracting is not a waste of time not a bureaucratic ritual. The minutes spent working out a mutual understanding of both the customer”s and the suppliers accountabilities at the beginning of the project can save hours of confusion lost productivity and stress later. Furthermore contracts are the basis for holding staff accountable for results. They are not wish-lists; they”re firm commitments. IT staff must never to agree to a contract unless they know they can deliver results.”Dean believes that SLAs are essential if IT is going to be managed like a business. More specifically SLAs should be contracted each year for such services as email and an SLA can be developed for each project deliverable. Dean also outlines several components that should be included in an SLA:· Name of the customer· Name of the supplier· Name of the project· Detailed description of the product or service to be provided· Start date of the contract· End date of the project or the renewal date of the SLA· The price and terms of payment· A complete list of the customer”s accountabilitiesToday many organizations are turning to outside providers for IT services. One service that has been growing in importance is cloud computing. Kevin Fogarty states “Cloud computing is a computing model not a technology. In this model of computing all the servers networks applications and other elements related to data centers are made available to IT and end users via the Internet in a way that allows IT to buy only the type and amount of computing services that they need. The cloud model differs from traditional outsourcers in that customers don”t hand over their IT resources to be managed. Instead they plug into the ‘cloud’ for infrastructure services platform (operating system) services or software services (such as SaaS apps) treating the ‘cloud’ much as they would an internal data center or computer providing the same functions.”Cloud computing is becoming increasingly common with Web-based email services from Google or Yahoo customer relationship management applications likeSalesforce.com instant messaging and voice-over-IP from Skype or Vonage as well as backup services from companies like Carbonite or MozyHome. As Fogarty explains “The arguments for cloud computing are simple: get sophisticated data-center services on demand in only the amount you need and can pay for at the service levels you set with the vendor with capabilities you can add or subtract at will.”There are three basic types of cloud computing:· Infrastructure as a Service—Designed to replace or augment an entire data center by providing grid clusters or virtualized servers networks storage and systems software.· Platform as a Service—Allows users to run existing software applications or develop new ones on virtualized servers without having to maintain operating systems or hardware or worrying about load balancing or computing capacity.· Software as a Service—SaaS is the most common type of cloud computing and provides sophisticated applications through a Web browser instead of being installed locally on a personal computer. Examples include email from Google or Yahoo as well as instant messaging from AOL or VoIP from Skype or Vonage.Unfortunately an organization gives up control of its data and the performance of its applications when a third party is responsible for the computer infrastructure. According to Chris Wolf a virtualization and infrastructure analyst at the Burton Group “Cloud customers risk losing data by having it locked into proprietary formats may lose control over data because tools to see who”s using it or who can view it moves across the network are inadequate or may lose confidence in it because they don”t know when data has been compromised or how.” While groups like the Cloud Security Alliance and the Open Cloud Consortium are attempting to develop standards for interoperability management data migration and security many experts agree that rigorous standards will not be widely accepted for a few more years.While cloud computing continues to grow Patrick Thibodeau contends that many customers are becoming increasingly frustrated. As Thibodeau explains “… cloud customers—and some vendors as well—are increasingly grousing about the lack of data handling and security standards. Some note that there aren”t even rules that would require cloud vendors to disclose where their clients’ data is stored—even if it”s housed in countries not bound by U.S. data security laws.”According to Jon Brodkin a cloud vendor”s SLA generally guarantees at least 99 percent uptime but how that is calculated and enforced can vary widely from one vendor to the next. For example Amazon EC2 promises to make “reasonable efforts” to provide 99.95 percent uptime. However this metric is calculated on an annual basis so service could fall below the targeted level for a week or a month but still be within the guaranteed service level for the year. The customer”s business could be affected adversely without any service credit or penalty to Amazon. It also depends on who monitors the service. GoGrid promises 100 percent uptime but whether individual servers deliver as promised is only known on GoGrid”s network monitoring system.Recently Carbonite a Boston-based company that backs up computer data using cloud computing filed a lawsuit against a storage vendor called Promise Technology for “significant data loss” due to repeated failures of Promise hardware. Stephen Lawson reported that Carbonite paid over $3 million for Promise VTrak Raid products but the Promise equipment failed to monitor multiple computer hard drives to ensure that they were working properly. As a result this caused “substantial damage” to Carbonite”s business and reputation because the backups of over 7 500 customers were lost.Carbonite also contends that Promise did not solve any of these problems despite a 3-year limited warranty on its products. Promise believes that the suit is without merit and the company statement explained “Our investigation indicates that our products were neither implemented nor managed using industry best practices.”As an online backup service provider Carbonite”s ability to store data is vital to all of its customers. Regardless of how the lawsuit turns out the real losers may be the 7 500 customers who lost both their data and their trust.1. What role does having a service level agreement (SLA) play for supporting internal projects and IT services?2. What role does having an SLA play for supporting external projects with consultants or third party service providers.3. Suppose you have been tasked with overseeing a service level agreement with another company that can provide backup services to the 500 PC users of your company. Use the Web or other resources to research and come up with a set of metrics that could be used to assess service availability quality standards and security to be part of an SLA.
