sudu loonu epa | information technology degree





How to select a cloud infrastructure provider for Disaster Recovery

By Martin Wright, director of Techgate PLC

…Make sure you ask the proper questions when choosing a Cloud Infrastructure provider.”

The cloud marketplace is maturing and therefore the range of solutions on offer is becoming broader, but this will make it even trickier to gauge exactly what you're buying. virtualization technology Your Disaster Recovery (DR) solution must be as secure as your in-house IT systems, but many companies aren't yet asking the proper questions when it involves selecting a trusted provider. This blog post tells you ways to avoid a number of pitfalls.

Security and availability

Make sure your Business Continuity provider takes security seriously, especially if your company handles sensitive data. If security isn't a strategic backbone to their own IT setup and network from top to bottom they could not offer the extent of security your organization requires. A fresh pair of Tier3 Data Centres with “military-level security” doesn't mean anything if there's no fault-tolerant network, with multiple points of failure, or no monitoring service to form sure all the traffic remains uncompromised.

Check that your provider offers:

Data Centres during a “low-risk area” outside of a city center and far away from the threat of power outages or terrorist attacks

An ISP-independent, underlying fully redundant network that they own and manage

Solutions which will be failed-over to a second separate site if needed

Connectivity options with various providers

Avoid vendor lock-in

You don’t want to be locked into any provider forever. So you would like to seem for a 1 which will supply cloud services supported a typical platform that you simply can migrate from again if you would like to. In essence, you would like to create your exit strategy once you engage. VMWare’s vCloud is the leading cloud platform at the instant. Building a cloud solution supported by their stack will allow you to migrate your workloads and applications to a different provider if required within the future.

Accreditations

Ask your provider for evidence of their accreditations. There are two accreditations that relate to Information Security and Business Continuity Management:

ISO27001

BS25999 [This accreditation are going to be superseded by ISO22301 in 2014]

Check also that your supplier has the proper technology partners in situ in which their partner status is current (this is important). it's going to even be worth checking whether the staff is all CRB checked, otherwise you'll be buying a very secure system trip by but scrupulous people.

Hardware infrastructure

One of the foremost common cloud computing myths is that hardware becomes irrelevant to the cloud. The technologies used and therefore the overall performance of your provider’s hardware does matter if you would like to be sure of getting a knowledgeable and reliable solution. make sure your provider is using cutting-edge infrastructure – CPUs, switches, firewalls, cargo area networks (SANs), and hard drives. These components can differentiate an enterprise-class cloud offering from a Virtual Private Server with entry-level performance.

Make sure you're comparing like-to-like in terms of performance, especially once you are buying storage, using industry standards like IOPS, or Passmark scores. The technology in infrastructure has moved on an extended way even in two years!

Compliance and legal issues

Now, this really may be a sensitive one; data domicile matters – or in other words “where within the world is that the technical infrastructure located and where are my applications and data exactly?” Different countries have different data regulations and you would like to be sure of where your data is really being held.

In the last 18 months, the Patriot Act and therefore the US government’s simple access to any data center of an American provider even on European soil has created tons of controversy and fear among prospective cloud customers (see Frank Jennings’ blog here on the subject).

Especially when it involves UK sourced data, where the legal framework concerning information security and usage is stricter (and even more so in specific, regulated industries). the situation of the info Centres and where data and applications reside are very real and significant issues that require to be addressed. In any case, you ought to consume cloud resources and migrate data in a controlled manner, knowing exactly how the cloud you're using is about up and where it's located.

References and industry experience

Another important thing about the checklist when making your selection is that the cloud provider’s existing clientele and references. Search for relevant reference companies in your sector, who have similar requirements to you. invite case studies that specify what the provider did for them as an indication of their technical and support capacity. attempt to engage during a conversation with the relevant customer and invite their experience with the corporate.

Support and adaptabilit

Last but not least, consider the extent of support you'll get and the way personal that support is. Sometimes a helpdesk isn't enough to map out your problems or assist you together with your cloud adoption strategy. Besides solving any technical problems and determination, consider whether the provider can provide adequate account management and offer a consultative approach towards your mid-term/long-term objectives. are you able to initiate a discussion with the tech support, or maybe better the cloud vendor’s technical architects, to travel through your specific requirements and technologies? Can the provider offer professional advice about your systems and IT infrastructure choices over subsequent months? Does the provider have the expertise, industry knowledge, and understanding to guide you thru the “cloud-washing” and hype that you simply encounter every day?

Look for a provider that will accurately assess your requirements, provide support to migrate your data, and manage any issues which will arise, for whatever reason.

What makes a top-quality Cloud hosting provider? Part 2

Did you miss Part 1 of Richard’s “What makes a top-quality cloud hosting provider” series – read it here?

Horse meat Burger, Cod, and Chips, a Bacon sandwich, Cloud Computing providers… which is that the odd one out? The Bacon sandwich, of course!

I’m sure you're aware that there has recently been a variety of well-publicized food scares around Europe, with products not being quite what they appear. So within the list above, why is that the Bacon sandwich the odd one out? Well, to date, I even have not heard of anybody successfully counterfeiting a Bacon sandwich!

Often Cloud Computing providers, as I covered partially 1 of this blog, also are almost what they appear. many promises are made on websites on how good a service is, but on further exploration is that the service actually what it seems? I'm now getting to explore a number of them.

99.9999% or 100% uptime guarantee”

A Service Level Agreement (SLA) may be a measure of availability, which is usually described through percentage statements like ’99.999% SLA’. When these statements are explored in real-time, this is often the outcome: This information is all excellent, but without watching the fine print it's actually a meaningless and empty promise on the part of the provider. [pullquote]…without watching the fine print it's actually a meaningless and empty promise on the part of the provider…[/pullquote]Failure to satisfy an SLA is typically backed by a penalty clause and penalties as an industry-standard aren't normally too onerous for service providers. Traditionally, the provider gives a percentage of the general monthly fee back to the user, counting on the length of the outage.

Below may be a table showing what a customer could commonly expect to reclaim: The calculation is: (Total hours – Total hours Unavailable)/Total hours) x 100

Other important factors to notice when looking into the SLA include:

1) The penalty often doesn't ask for the service as an entire . Your business may have an internet server but the SLA may only be for either network or server availability, therefore the incontrovertible fact that your website isn't working might not be relevant.

2) The advertised SLA doesn't actually match the penalty clause. information technology schools, for instance, your business may are told it'll receive 99.999% availability but the penalty clause starts at 99% availability, so you'd never be fully compensated.

3) it's also important to explore what period of time the penalty is measured over. it's common that providers use a period of 12 weeks, which actually means on a 99% SLA that your business might be offline for 21.6 hours, or on a 99.9% SLA just over 2 hours and still be within the service level.

4) How is that the availability measured? Monitoring commonly checks servers at various intervals, e.g. every quarter-hour, every 5 minutes, or every minute. supported these tests, short outages may often go unnoticed and it's often impractical to see with a better frequency. 99.999% uptime checked every minute will mean that only longer outages are going to be spotted or that a brief 2-second glitch will show up as a moment long outage.

5) it's usually the customer’s responsibility to request service credit checks and SLA’s are therefore not honest thanks to determining the standard of service.

Unlimited bandwidth included” or “1000 GB bandwidth included”

What do these statements actually mean? Well, they might mean any number of things, and statements like these often have an * next to them, referring you to a suitable use policy where they really restrict you to 400GB of throughput. However, more often the most important concern is really how quickly you'll get this bandwidth, how big is that the Internet connection?

[pullquote]…the biggest pipe will move more Water.[/pullquote]To illustrate this further, if we equate Water to Internet traffic and a Hose Pipe to the web connection, the most important pipe will move more water and it really doesn't matter if your contract allows you to maneuver a gallon of water or not. If the Pipe can only move three gallons and you're sharing it with 1,000 people then the internet result is going to be a negative experience.

We have ISO 27001 for information security”

 There are few points which you would like to understand about ISO 27001. Firstly it's an information security management system (ISMS) which suggests that it's a framework for managing security, it's not a type that ensures that an organization is really secure. Only standards like PCI actually provide any guarantees, as they're prescriptive about processes, not just suggestive.

Due to the very fact that it's a system, people can just buy an off the shelf set of processes and procedures and quickly demonstrate an ISMS without actually really properly implementing it. However, there are some new legislation guidelines being released soon, which can mean that the auditor is going to be paying much more attention to the ‘monitor and measurement’ section which can hopefully improve things.

[pullquote]…you clearly got to ask quite “do you've got an IS0 27001 accreditation?[/pullquote]When you set up an ISMS the business also sets the scope of the system and a few Cloud providers are known to use this to their advantage. for instance, the business could limit the system scope to the ‘spare parts’ management element of the business then publically broadcast that it's IS0 27001 compliant but conveniently not mention rebuke. There are positive and negative elements to IS0 27001 and although it's an honest indicator of the strengths of a hosting provider, you clearly got to ask quite “do you've got an IS0 27001 accreditation?”

See terms and Conditions”

Remember, what a business offers on the web site isn't necessarily what you get. as an example, I recently witnessed a corporation offering a Hosted Email solution and on its, The calculation is: (Total hours – Total hours Unavailable)/Total hours) x 100

Other important factors to notice when looking into the SLA include:

1) The penalty often doesn't ask for the service as an entire . Your business may have an internet server but the SLA may only be for either network or server availability, therefore the incontrovertible fact that your website isn't working might not be relevant.

2) The advertised SLA doesn't actually match the penalty clause. for instance, your business may are told it'll receive 99.999% availability but the penalty clause starts at 99% availability, so you'd never be fully compensated.

3) it's also important to explore what period of time the penalty is measured over. it's common that providers use a period of 12 weeks, which actually means on a 99% SLA that your business might be offline for 21.6 hours, or on a 99.9% SLA just over 2 hours and still be within the service level.

4) How is that the availability measured? Monitoring commonly checks servers at various intervals, e.g. every quarter-hour, every 5 minutes, or every minute. supported these tests, short outages may often go unnoticed and it's often impractical to see with a better frequency. 99.999% uptime checked every minute will mean that only longer outages are going to be spotted or that a brief 2-second glitch will show up as a moment long outage.

5) it's usually the customer’s responsibility to request service credit checks and SLA’s are therefore not honest thanks to determining the standard of service.

Unlimited bandwidth included” or “1000 GB bandwidth included”

What do these statements actually mean? Well, they might mean any number of things, and statements like these often have an * next to them, referring you to a suitable use policy where they really restrict you to 400GB of throughput. However, more often the most important concern is really how quickly you'll get this bandwidth, how big is that the Internet connection?

[pullquote]…the biggest pipe will move more Water.[/pullquote]To illustrate this further, if we equate Water to Internet traffic and a Hose Pipe to the web connection, the most important pipe will move more water and it really doesn't matter if your contract allows you to maneuver a gallon of water or not. If the Pipe can only move three gallons and you're sharing it with 1,000 people then internet results are going to be a negative experience.

“We have ISO 27001 for information security”

 There are few points which you would like to understand about ISO 27001. Firstly it's an information security management system (ISMS) which suggests that it's a framework for managing security, it's not a type that ensures that an organization is really secure. Only standards like PCI actually provide any guarantees, as they're prescriptive about processes, not just suggestive.

Due to the very fact that it's a system, people can just buy an off the shelf set of processes and procedures and quickly demonstrate an ISMS without actually really properly implementing it. However, there are some new legislation guidelines being released soon, which can mean that the auditor is going to be paying much more attention to the ‘monitor and measurement’ section which can hopefully improve things.

[pullquote]…you clearly got to ask quite “do you've got an IS0 27001 accreditatio[/pullquote]When you set up an ISMS the business also sets the scope of the system and a few Cloud providers are known to use this to their advantage. for instance, the business could limit the system scope to the ‘spare parts’ management element of the business then publically broadcast that it's IS0 27001 compliant but conveniently not mention rebuke. There are positive and negative elements to IS0 27001 and although it's an honest indicator of the strengths of a hosting provider, you clearly got to ask quite “do you've got an IS0 27001 accreditation?”

See terms and Conditions”

Remember, what a business offers on the web site isn't necessarily what you get. as an example, I recently witnessed a corporation offering a Hosted Email solution and on its homepage, the provider boldly stated that they offered a free backup service. I couldn't find this mentioned anywhere else on the website and after further inspection, I discovered that their terms and conditions actually stated that backup wasn't included within the service unless expressly mentioned in your selected email package. I will be able to allow you to draw your own conclusions on this.

Your business must check the terms and conditions closely so as to explore the complete nature of the service being provided, particularly on longer contracts. information technology degree you'll check-in for a service which allegedly offers UK Hosting on dedicated hardware, fully IS0 27001 audited facilities, but if the supplier then decides that they wished to migrate over to Amazon Web service, you'll not be ready to legally stop him. Equally, you'll be contractually obliged to still use the service no matter any changes. Contracts should give your business the proper to cancel if there's any fundamental change to the character of the service delivery.

You are nearly always ultimately responsible for your own data and most contracts will state that the service provider shall not be liable for loss or corruption of knowledge or information. [pullquote]…most contracts will state that the service provider shall not be responsible for loss or corruption of knowledge or information.[/pullquote]This isn't necessarily because they're a poor provider but actually because it's hard, if not impossible, to urge insurance against that sort of loss – especially when it's so difficult to put a worth on data.

I hope that by reading this blog you've got realized that it's easy for providers to cover behind the web world during which we sleep, so closely check what you're buying. simply because the web site looks good and you recognize the brand, it doesn't guarantee that you simply receive the extent of service which you're expecting. it's also important to recollect that a lot of the technologies utilized in the Cloud is new and long-standing, strong brands also will be new to these technologies, and their previous ethos might not necessarily add to the new Cloud world. Many companies historically may be excellent at providing break-fix style contracts, but can they stop things breaking within the first place?

Did you miss Part 1 of Richard’s “What makes a top-quality cloud hosting provider” series – read it here?

homepage the provider boldly stated that they