Cloud Computing has reshaped the IT industry, and has the potential to change businesses and the economy by enabling higher IT efficiency and reliability IT, as well as the potential to boost growth, high-quality jobs and competitiveness in Europe. For this to happen it is fundamental that Cloud services become completely reliable, trustworthy and secure for all users. Service Level Agreements (SLAs) play a key role by being the mechanism that users have to enforce guarantees around performance, transparency, conformance and data protection. As cloud adoption increases, cloud users, from both private enterprises and the public sector, will be seeking more tightly defined SLAs as a mean to build up dependable and trustworthy relationship terms with cloud providers. Common concerns with regards cloud adoption; compliance, security, privacy and integrity, rely on the inability for users to measure, monitor and control activities and operations in Cloud’s third party infrastructure. This is commonly understood as provider’s lack of transparency. Improving transparency of Cloud services increases uptake of cloud, and this is beneficial for everyone: users and providers. SLA terms must be defined in a way that all parties have the same understanding of what is being provided. The need for a consistent definition will only become more important as time goes on. The ecosystem which the cloud supports will be supported by model terms, as creating a common understanding is needed in complex relationships as interdependency will increase: a SaaS provider may use a PaaS provider for services, which in turn is using one or more IaaS providers, all of which is unknown to the end user.
Atos has elaborated on a European industry perspective on Service Level Agreements to support more detailed definitions, applicable to both private and public sector, and bridging the two domains together with a standard taxonomy of SLA terms.
The proposed approach is to “pull requirements through the stack” by starting with terms which describe a user’s needs with an application, and maintain this viewpoint of the needs of the user and application when defining service level terms on the underlying platform(s). Model terms must not only be able to describe the existing “good enough” SLAs of many advertising-sponsored cloud business models, but also more robust models more closely mirroring the desires of large enterprises and public sector organizations. These attributes aim to define standard options for SLAs and contracts and are detailed according to three main categories: Access, Trust and Security. Access to service has to consider: Availability of service, problem resolution, Incident Response mechanisms, reporting , quality of service and data portability. Trust aspects focus on: service auditability, certification and compliance, limitations and penalties. While security aspects relies on data privacy conditions and security Provisions including backup and disaster recovery.
Atos perspective has been contributed to current works Cloud Select Industry Group on Service Level Agreements and as part of Atos contributions to European Cloud Partnership Steering board. Atos perspective strongly relies on Atos contributions to related F7 Research Projects such as OPTIMIS, OPTIMIS: Optimized Infrastructure Services (257115) and Cloud4SOA (257953).
Analysis of Legal aspects of cloud computing: Specifically issues of data protection, data security, intellectual property and green aspect of cloud computing, as well as, contractual and Service Level Agreement (SLA) issues in cloud services that relate to privacy. It considers how the contracts between the layers of cloud services (SaaS and Paas, Paas and Iaas) take care of data protection and data security compliance.
Clou4SOA approach focuses on dynamically establishing service level agreements and methods to supervise that QoS policies are respected at runtime. It leverages on a range of standardized and unified metrics of different types based on disparate underlying cloud providers that allows the runtime monitoring of the deployed application so as to assure the end-to-end QoS of the complex application.
*** Disclaimer: This blog post is written by an external contributor. The author is not part of the staff of the European Commission.