|
Continued from Page 1
Security
Truly secure networks are physically isolated from public access. For intranet-based applications, connecting your intranet to the ASP using a dedicated connection that supports virtual circuits such as frame relay and asynchronous transfer mode (ATM) can make your system secure. Furthermore, because ASPs service many clients and support both intranet- and Internet-based applications, the ASP must segregate its public and private data. The ASP should use firewalls wherever appropriate to implement perimeter defenses. The ASP should also have preventive processes to detect intruder attacks. Network traffic patterns can give early warnings of denial of service, Windows network attacks, and Web attacks.Where possible, you should implement adequate authentication procedures, such as password expiry and restricted super user access. Data encryption using VPN or public key/private key technologies will provide an additional layer of security. Finally, the ASP should apply patches to operating systems and databases on a regular basis to prevent hacker attacks through commonly known holes in these systems.
Availability
The metrics that define the availability of the system in a SLA are uptime and recovery time. What is the required uptime for the system? You usually specify uptime for each individual component in the system architecture. For most systems, these components include the network, servers, database, and application-specific processes. Currently, you can reasonably expect uptime in excess of 99 percent. The SLA should also specify the maximum recovery period in the event of a system outage.Uptime and recovery time are good metrics for availability. But what can ASPs do to implement robust, high availability? The answer is redundancy. ASPs should implement redundancy at all levels of the system architecture. Dedicated network pipes such as frame relay should have a failover and they should be load balanced if possible. You can also help safeguard your data by using RAID arrays. High availability solutions for NT and Unix servers can ensure failover and continued operation.
Additionally, ASPs need a solid disaster recovery strategy. Disaster recovery is usually done at a location that is geographically removed from the data center. Using a systems monitoring tool such as Tivoli or CA Unicenter can help ASPs ensure that all application components are up and running.
The system maintenance window will impact uptime. All systems require maintenance, which can include tasks such as backup of files and data, software upgrades, and scheduled server reboots. In most cases, you can conduct system maintenance while keeping the applications online. You can conduct database backups, for example, either online or offline. You should weigh the costs and the benefits for extended online hours vs. the amount of offline time needed to do the maintenance.
Support
The majority of a software's life cycle is spent maintaining it, making support a critical function. You need to establish the hours for support in your SLA. Currently, you can reasonably specify 2437 support. But you still need to determine the nature of this support. A "single point of contact" will be a critical success factor in your SLA. Will the ASP offer a single point of contact for all problems, or will you need to call different people depending on whether the problem was caused by a network outage, server crash, or application error?You also need to determine the dynamics of reporting and resolving the problem. A help desk and ticketing system does help streamline the process and work flow, but if the ASP does not have a help desk system, a formal communications and reporting mechanism between customer and service manager needs to be in place. During the definition of this process, you need to set up metrics that will categorize problems by priority and a response time for problems at each priority level. You also need to determine escalation procedures for problems that are not resolved within the required parameters.
An SLA is a binding contract. If either you or the ASP violate its terms, you may face severe monetary penalties. Defining an effective SLA is therefore critical, and you should negotiate its terms with the goals of scalability, availability, performance, security, and support in mind. By clearly spelling out your needs before entering your relationship with the ASP, you will minimize risks and ensure that you receive quality service and a quick ROI. And you can get back to doing what you do best.
Debashish Bhattacharjee (dev.bhattacharjee@us.pwcglobal.com) is a management consultant with PriceWaterhouseCoopers. He has seven years of experience in the IT industry, integrating information systems for Fortune 500 clients.
RESOURCES
Citrix Systems Inc.: www.citrix.com
Computer Associates (CA): www.ca.com
Corio Inc.: www.corio.com
Exodus Communications Inc.: www.exodus.com
PeopleSoft: www.peoplesoft.com
SAP: www.sap.com
Tivoli Systems Inc. (an IBM company): www.tivoli.com
USinternetworking (USi) Inc.: www.usi.net
  
|
|
|
|
| ||||||||||||||||||||||||||||||||
