Service Level Agreements
The SLA has become an important concern for both providers and their customers as dependence on high-quality Internet services increases. The SLA is a negotiated agreement between service providers and their customers, and in the best of worlds, the SLA is explicit, complete, and easily understood. When done properly, the SLA serves the needs of both customers and service providers.
Organizations are constantly struggling to maintain or extend their competitive advantage with stable, highly available services for their customers and end users. As a result, they are increasingly dependent upon their service providers to deliver the consistent and predictable service levels on which their businesses depend. A well-crafted SLA provides substantial value for customers because of the following:
They have an explicit agreement that defines the services that will be provided, the metrics to assess service provider performance, the measurements that are required, and the penalties for noncompliance.
The clarity of the SLA removes much of the ambiguity in customer-service provider communication. The metrics, rather than arguments based on subjective opinions of whether the response time is acceptable, are the determinant for compliance.
The SLA also helps customers manage their costs because they can allocate their spending on a differentiated scale with premiums for critical services and commodity pricing where best effort is sufficient.
Customers have the confidence that they can successfully deploy the critical services that improve their internal operations (remote training and web-based internal services) or strengthen their ability to compete (web services and supply chains). Too many efforts have floundered due to unacceptable service quality after deployment.
The SLA becomes more important as you move toward customer-managed service activation and resource management. The SLA will determine what the customer is allowed to do in real time in terms of changing priorities and service selections.
Service providers have been reluctant to negotiate SLAs because of their increased exposure to financial penalties and potentially adverse publicity if they fail to meet customer needs. In spite of their reluctance, they have been forced into adopting SLAs to keep their major customers. The evolution of SLAs has therefore been driven mainly by customer demands and fear of losing business.
Early SLAs focused primarily on availability because it was easier to measure and show compliance. Availability is also easier for a provider to supply by investing in the appropriate degree of redundancy so that failures do not have a significant impact on availability levels.
Performance metrics are beginning to be included in more SLAs because customers demand them. Providers have a more difficult time guaranteeing performance levels because of the dynamism of their shared infrastructures. Simply adding more bandwidth will not guarantee acceptable response time without significant traffic engineering, measurements, and continued analysis and adjustment. The difficulty of managing highly dynamic flows has many providers reluctant to accept the financial penalties that are part of most SLAs.
Nonetheless, the value of the SLA to providers is also recognized, and some of the significant factors are as follows:
The clarity of the SLA serves the provider as it does the customer. Clearly defined metrics simplify the assignment of responsibility when service levels are questioned.
The SLA offers service providers the capacity to differentiate their services and escape (somewhat) the struggles of competing in a commodity-based market. As providers create and deploy new services, they can charge on a value-pricing basis to increase their profit margins.
High performance and availability are increasingly becoming competitive differentiators for service providers. Increasing customer dependence on Internet, content delivery, and hosting service providers gives an advantage to those providers that demonstrate their ability to deliver guaranteed service quality levels.
When constructing an SLA, customers must assess their desired mix of services and weigh their relative priorities. A useful first attempt is to match those needs against the providers' preconfigured service profiles. This will group services with common characteristics and requirements, and it will also help identify any special services that are not easily accommodated by the predefined categories. Requirements that do not fit a predefined class will require special considerations when negotiating an SLA.
After services have been grouped, their relative priorities within each category must be established. Customers can do this by selecting the appropriate service profile; for example, many service providers offer a variation on the platinum, gold, and silver profiles. Typically, platinum services are the most expensive and provide the highest quality; gold and silver are increasingly less expensive and provide relatively lower quality.
Even if prebuilt service profiles are used, the SLA negotiations must include discussions of how the SLA metrics are to be measured and how any penalties or rewards are to be calculated. Customers will continue to push for stronger financial penalties for noncompliance, and providers will give in to the pressure as slowly as they can in a highly competitive market.
Unfortunately, it's not uncommon for providers and customers to have ongoing disputes about the delivered services and their quality. Some of the roots of the problem are technical: customers and providers may have different measurement and monitoring capabilities and are therefore "comparing apples to oranges." Other problems are rooted in the terms of the SLA, where ambiguities lead to different interpretations. SLAs must therefore incorporate relevant measurement, artifact reduction, verification mechanisms, and appropriate statistical treatments to protect both parties as much as possible. Customers must play a role in the verification process because they still have the most to lose when serious service disruptions occur.
SLA penalties and rewards are a form of risk management on the part of the customer. However, they continue to be among the least well-developed elements of service offerings. More mature industries offer guarantees and incentives; the ability of the service provider to reduce and absorb some risk for its customers is a key competitive differentiator.
Still, customers bear the brunt of any disruptions caused by a provider. As one customer once said, "The problem is the punishment doesn't fit the crime; an hour-long outage costs us over $100,000, and my provider just gives me a 10 percent rebate on my next bill." Nevertheless, the correct role for penalties and rewards is to encourage good performance, not to compensate the customer for all losses. If loss compensation is needed, it's a job for risk insurance.
Rather, SLA penalties and rewards must focus on motivation. The penalties and rewards should be sufficient to inspire the performance the customer wants, and the goals should be set to ensure that the motivating quality of the SLA remains throughout the time period.
Impossible or trivial goals don't motivate, and capped penalties or goals stop motivating when the cap is reached. For example, if a provider must pay a penalty based on monthly performance, and the SLA is violated in the first three days of the monthso the maximum penalty must be paidthe provider won't be motivated to handle problems that appear during the remainder of the month. After all, that particular customer's ship has already sunk; maybe another customer's ship is still sinking and can be rescued without paying a maximum penalty!
Web performance goals that are set unrealistically high, with no reference to the Internet's background behavior, will cause the supplier to refuse the SLA or insist on minor penalties. A solution to this problem is to include in the SLA metrics a background measure of Internet performance or of competitors' performance, possibly from a public performance index or from specific measurements undertaken as a part of the SLA.
Sometimes, performance is so poor that a contract must be terminated. The SLA should discuss the conditions under which termination is an option, and it should also discuss who bears the costs for that termination. Again, the costs should be primarily designed to motivate the supplier to avoid terminations; it may not be possible to agree on an SLA in which all of the customer's termination costs are repaid.
Finally, customers may want to include security concerns in their SLA as part of a service profile through additional negotiation and specification. Security is notoriously difficult to measure, except in very large aggregates. Security metrics are more likely to take the form of response-time commitments in the event of a breach, either to roll out patches, shut down access, or detect an intrusion. The bulk of security discussions around service levels will be about policies, not measurement.