What is a Cloud SLA?
A cloud SLA or cloud service-level agreement is an agreement that is signed between the cloud service provider and the customer to ensure that a minimum level of service is maintained. It is responsible for providing guaranteed levels of reliability, availability, and responsiveness to the systems and applications. It also specifies who is going to govern when there is a service interruption.
The SLA can vary from provider to provider, but the areas covered under it remains uniform, i.e. volume and quality of work, which includes accuracy and precision, speed, responsiveness, and efficiency. The SLA document is aimed to establish a mutual understanding of the services, prioritized areas, responsibilities, guarantees, and warranties that are provided by the service provider.
What Should Be Included in a Cloud SLA?
The SLAs are becoming more important as the organizations have moved their systems, applications, and data to the cloud. A cloud SLA ensures that cloud providers meet certain requirements of enterprise-level and the customers are provided with a clear defined set of deliverables.
The defined level of services needs to be specific and measurable in each aspect. This, in turn, allows the benchmarking of Quality of Service (QoS). An SLA commonly uses the technical definitions which can quantify the levels of service, such as Mean Time Between Failures (MTBF) or Mean Time To Repair (MTTR), which can specify the target or a minimum value for service-level performances. Another aspect that needs to be carefully considered, is service availability, which is used for specifying the maximum amount of time a read request can occur. The SLAs should also define the compensation structure for users if their specifications aren’t met. A cloud service provider usually gives a tiered service credit plan which gives the users credit based on the inconsistency between the SLA specifications and the actual service levels that are delivered.
SLA Requirements
Following are the requirements that need to be mentioned in any Cloud SLA-
- A signed agreement with every customer
- Transactions maintained by the hour and jobs by day for every application
- Method for reporting the results of SLA
- Prioritizing the services in case of insufficient availability
- Agreed methods of penalty when the customer exceeds his scope
- Agreed methods of penalty when the cloud provider fails to meet the contract specifications
- A schedule of meeting between the customer and the service provider, if required
Role of Cloud SLAs
SLAs play a key role as they act as a means of documenting the cloud services between the Cloud Service Provider (CSP) and the consumer.
SLAs are important because of the following reasons-
#1 Assigns Roles and Responsibilities
The consumers need to understand their roles and responsibilities and the business relationships that exist between them and the CSP. The Cloud consumers must recognize and understand the activities and roles of each entity or service in the cloud as per the explanation given by the CSP along with their responsibilities.
#2 Examines the Business Level Policies
The business-level SLAs would be defining the guarantees that are provided by the CSP. The acceptable use policy is a business level SLA statement where the CSP describes the usage of services, list of services that are not covered along with the excess usage of services. The CSP usually encourages the consumer to buy those resources which are required for the consumer’s business. Other policies include payment and penalty modes, activations, renewals, transferability, sub-contracted services, etc.
#3 Data Level Policies
Data level policies are crucial in an SLA. In this case, the CSP explains how the consumer’s data is governed and protected within a local jurisdiction or other locations, where the data might reside or made available. Consumers need to carefully evaluate legal requirements on how SLA is going to handle issues related to the movement of data for offering multi-site storage in different jurisdictions for redundancy. Other critical SLAs in data-level policies could include- Data Preservation, Data Locations, Data Privacy, and Data Seizure.
The data-level policies in SLA form the most crucial policies which need to be thoroughly evaluated by the consumers.
#4 Different Service and Deployment Models
The Cloud service models could be categorized as- IaaS, PaaS, and SaaS. These service models are unique in terms of service delivery and are defined with a unique set of SLAs. Similarly, the cloud models can be private, public, and hybrid which can also have a unique set of SLAs. The Cloud customers must understand these variations of service and deployment models along with their respective SLAs as the degree of risk and values varies significantly.
#5 Describing Objectives for Critical Performances
SLA in performance objectives is related to efficiency, accuracy, and service delivery. The performance statements present in the SLA help the consumers to measure and audit different aspects of cloud performance. The performance metrics are dependent on each service model- IaaS, PaaS, and SaaS.
#6 Security and Privacy Considerations
SLAs which are related to security and privacy considerations deal with information assets such as- data, applications, and functions that can be defined based on the criticality and sensitivity of consumer data. Usually, the CSP offers global security standards, which are defined within ISO, ITIL, etc. The SLA also covers alternative actions that need to be taken at times when there is a security breach or data loss for the customer.
The SLAs are also responsible for defining areas such as- disaster recovery, service management, auditing, self-service metering, solutions in case of service failures, remedies and limitations in cloud services. The SLAs will also state exit processes that need to be followed in case the consumer wishes to discontinue from a service provider.
Operation-Level Agreements
Operational Level Agreements or OLA are the internal agreements that a service provider defines for the internal users to meet the SLAs. OLAs can contain several objectives or service targets. The OLAs could be used for tracking internal service commitments.
How is OLA Different from SLA?
OLA differs from SLA in following aspects-
- SLA focuses on the service part of the agreement, such as uptime, service, and performance, whereas OLA is an agreement in terms of maintenance and other services
- SLA is a contract between the service provider and a customer. OLA forms an agreement between the internal support groups in an institution which support SLA
- In terms of the target groups, OLA has a smaller target group as compared to the SLA
- OLA doesn’t connect the service providers and the customers
- OLA is more technical agreement than the SLA
The SLA forms the contract between the user and the service provider and often sets an expectation for the relationship. It needs to be written in order to protect the cloud services based on the risk level acceptance by the user. The outcome is to have an SLA which both- the consumer, as well as the provider, can understand and agree to, which might have an exit strategy as well. The SLA needs to be looked as a document for establishing the partnership between the parties and can be used for mitigating any kind of problem. In the long run, the SLA will benefit both- consumers and providers as it will help in saving money, driving satisfaction for both the parties which are directly involved.