How To Choose An IaaS Provider: 4 Criteria, Which Are Worth Paying Attention!
According to the forecasts of the agency Gartner, 45% of small organizations and 40% of large world companies plan to transfer their business processes to the cloud in the next three years. And all of them, regardless of size, will have to decide which provider to choose.
Today we decided to tell, basing on our experience and experience, on what aspects should be paid attention when choosing a reliable IaaS-provider.
1) Look at Tier
Almost all failures in the data centers occur due to errors in the design, testing, maintenance or operation of the facility. Therefore, when selecting a vendor, you need to pay attention not only to the available basic characteristics of virtual servers. It is important to assess the infrastructure of the provider, its reliability.
- Ride on data centers and independently check all aspects very labor-intensive. Therefore, the most accessible way to verify the IaaS-provider is to make sure that there is certification.
The standard Uptime Institute data center classification is a tiered system of data center performance (from Tier I to Tier IV). Since the 1990s, it has been an industry reference for providers and a sign of proper design and implementation of data center systems.
It evaluates such parameters as duplication of critical systems, fault tolerance, availability of spare components, etc. For example, a data center with the redundancy of cooling supply, in which one of the existing air-conditioning plants has to be replaced by a spare one, will be classified as Tier II.
- A higher class, Tier III or Tier IV, will receive a data center, which in the event of a cooling system failure, the backup will be automatically connected. Therefore, such data centers support parallel repair, which increases the level of availability of services.
Cloud “IT GRAD” is located in the data centers certified by the Tier III class. Here, all the engineering systems are duplicated and there are several power distribution channels. For example, in the Moscow DataSpace Data Center, power is reserved in the N + 1 scheme.
However, we must understand that the classification of data centers by the UI system is not built on the principle of “from the worst to the best.” The main task of the data center and the provider is to provide quality service for the business, to solve its problem. That is, it is appropriate in terms of tasks and scales. Therefore, for small businesses, for which the availability of duplicate systems is uncritical, the data center with a Tier I or Tier II base level with standby components is quite suitable.
- For larger companies that do not want simple infrastructure even for a short time, it’s worth paying attention to data centers with a confirmed Tier III class (in such data centers, the allowed idle time is about 1.6 hours per year).
If we talk about certificates like Tier +, then we recommend to treat them more closely. In the official UI standard, these pluses are not fixed. However, this does not prevent many companies in commercial proposals from adding them to the class designation. Plus says that, perhaps, one of the elements of the infrastructure is made on a more reliable scheme, but at its work and fault tolerance it almost does not affect. As a buyer, this does not give you much advantage, and the price of supply usually increases in such cases.
2) Estimate the physical security of the data center
In addition to the UI certificate, it is worth paying extra attention to the physical security of the data center perimeter. One of the most inaccessible data centers in the world is the Visa platform (Tier IV for UI standardization). The data center is surrounded by a drainage pond, which functions as a ditch. To access the data center premises, employees have to apply a finger to the sensors at each door so that the system considers biometric data.
- In most cases, of course, it is not worth pursuing maximum security. However, there are three points that must be taken into account: access mode, surveillance cameras, protected “cells” for server racks.
For example, the data center Xelent, in which part of the cloud infrastructure “IT-GRAD” in St. Petersburg is deployed, has an access control system (ACS). Visitors and transport pass mandatory registration and verification in the territory of the data center.
The territory itself is equipped with two hundred CCTV cameras, and the control system includes 5 perimeters of security. Servers “IT GRAD” are under the “supervision” of cameras around the clock. In this case, all the racks are located in a separate room, protected by high-strength grilles and inaccessible to outsiders.
Special attention to SLA
After checking the reliability and security of the provider’s data center, it is important to evaluate the service level agreement (SLA), which must guarantee the fulfillment of previously agreed requirements. It sets out quantitative indicators of quality of service (QoS) measurement. For example, availability, response time and network bandwidth.
A good starting point for studying can be the standards prescribed in ISO / IEC 19086. You can also read the recommendations provided by the National Institute of Standards and Technology (NIST).
We briefly give a few points to which the SLA should pay special attention:
- When assessing the level of availability of the service, do not forget to check the time period so that you do not get a conditional hour of idle time per month, rather than a few minutes a year. Also, check the agreed service availability time (CBP) – the provider, for example, can guarantee applications availability 99.95% only from 8 am to 22 pm on working days;
- Exceptions and indulgences are the points at which conditions are set that release the supplier from his duties. This may include a subparagraph that the provider is not liable if a failure in the work caused the software installed by the client on its own;
- Learn the SLA-defined values for quality accessibility measures, such as mean recovery time (MTTR) and the average time between failures (MTBF);
- Check with the IaaS-provider, where its zone of responsibility ends when network delays or packet losses occur so that in case of problems with the network, contact your Internet provider promptly;
- Estimate the size and rules for granting monetary compensation for non-compliance with the terms of service. Including in case of hacking and receiving information of the company by third parties.
4) Evaluate the work of technical support and add. services
As part of the signed SLA, the supplier is responsible for downtime, breakdowns, consequences of scheduled operations and emergency situations. And in this case, he must quickly respond to all the failures and restore the efficiency of the infrastructure. To make sure of this, it is worth to evaluate the work of technical support (hours of operation, what tools it uses) and the availability of additional services responsible for data security (in particular, the backup system).
For example, in the company “IT GRAD” technical support is open around the clock without holidays and weekends. We use ITILv3 methodology and ITSM / MOF practices, as well as the IaaS resource-service model in conjunction with the monitoring system into which ITSM-system ServiceNow is integrated. All this gives a more detailed assessment of the quality of the infrastructure.
- As for emergency situations, many IaaS-providers, as already noted, offer a backup service for data protection. Providers often provide such services in BaaS format, which helps companies minimize costs (including specialized hardware devices).
For example, to work with backups, IT-GRAD customers receive special agent distributions to back up the data of the required applications. If the customer has his own equipment that can be used to store backups, we offer a hybrid backup model that reduces backup windows and recovery time. At the same time, if the client uses NetApp storage, it has the ability to configure the data backup as often as necessary. About how we can restore corporate data using NetApp SnapCenter, we told in one of our materials.
Let’s sum up the results
- The data center offered by the IaaS-provider for the deployment of the cloud must be certified in accordance with the requirements of fault tolerance in the international UI system (classes from Tier I to Tier IV). In this case, with care, you should treat the “+” sign next to the data center class. This designation is absent in the standard classification, it does not give much, but it can be the reason for “cheating” the price;
- When checking the physical reliability of the site, special attention should be paid to three points: throughput, surveillance cameras, the location of racks;
- SLA should guarantee the level of availability of services and the order of monetary compensation in case of non-compliance with the terms of service. It is also necessary that the configuration of the virtual infrastructure meets your needs;
- Pay attention to availability and conditions of additional services. For example, a backup service can serve as a guarantee against failures and loss of information.