How to choose an IaaS provider: 4 criteria that you should pay attention to

    According to Gartner, 45% of small organizations and 40% of large global companies plan to transfer their business processes to the cloud over the next three years. And all of them, regardless of size, will have to decide which provider to choose.

    Today we decided to tell you, based on our experience and the experience of our customers, on what aspects you should pay attention to when choosing a reliable IaaS provider. / photo Kin Lane CC




    We look at Tier


    Almost all failures in data centers occur due to errors in the design, testing, maintenance or operation of the facility. Therefore, when choosing a provider, you need to pay attention not only to the available basic characteristics of virtual servers. It is important to evaluate the infrastructure of the provider, its reliability.

    Traveling to data centers and independently checking all aspects is very laborious. Therefore, the most affordable way to verify the IaaS provider is to make sure that you have certification. Uptime Institute

    Data Center Standard Classificationrepresents a tier system of performance indicators for data centers (from Tier I to Tier IV). Since the 1990s, it has been an industry benchmark for providers and a sign of the proper design and implementation of data center systems.

    It evaluates such parameters as duplication of critical systems, fault tolerance, availability of redundant components, etc. For example, a data center with redundancy of refrigeration supply, in which, if one of the existing air conditioning systems fails, the device must be replaced with a spare one, it will be classified as Tier II.

    A higher class, Tier III or Tier IV, will receive a data center, which in case of failure of the cooling system, the backup will be connected automatically. Therefore, such data centers support parallel repair, which increases the level of service availability.

    The IT-GRAD cloud is hosted in Tier III certified data centers. All engineering systems are duplicated here and there are several power distribution channels. For example, in the Moscow DataSpace data center, power is reserved according to the N + 1 scheme.

    However, it must be understood that the classification of data centers according to the UI system is not built on the principle of "from worst to best." The main task of the data center and provider is to provide quality service for the business, to solve its problem. That is, consistent in terms of objectives and scope. Therefore, for small enterprises, for which the availability of duplicate systems is not critical, a data center with a basic level of Tier I or Tier II with redundant components is quite suitable.

    Larger companies for which simple infrastructure is undesirable even for a short time should pay attention to data centers with a confirmed Tier III class (for such data centers, the allowable downtime is about 1.6 hours per year).

    If we talk about certificates like Tier +, then we recommend that you treat them more carefully. In the official UI standard, these advantages are not fixed. However, this does not prevent many companies in commercial offers from adding them to the class designation. Plus says that, perhaps, one of the elements of the infrastructure is implemented according to a more reliable scheme, but this almost does not affect its operation and fault tolerance. This as a buyer does not give you big advantages, and the offer price usually rises in such cases.

    We evaluate the physical security of the data center


    In addition to the UI certificate, you should also pay attention to the physical security of the data center perimeter. One of the most inaccessible data centers in the world is the site of Visa (Tier IV UI standardization). The data center is surrounded by a drainage pond, which serves as a moat. To gain access to the data center premises, employees have to put a finger on the sensors at each door so that the system reads biometric data.

    In most cases, of course, you should not pursue maximum security. However, there are three points that must be taken into account: access control, surveillance cameras, and protected “cells” for server racks.

    For example, the Xelent data center, in which part of the IT-GRAD cloud infrastructure is deployed in St. Petersburg, has an access control and management system (ACS). Visitors and vehicles undergo mandatory registration and verification on the territory of the data center.

    The territory itself is equipped with two hundred surveillance cameras, and the control system includes 5 security perimeters. IT-GRAD servers are under the “supervision” of cameras around the clock. At the same time, all racks are located in a separate room, protected by high-strength grilles and inaccessible to outsiders.

    Pitfalls SLA


    After checking the reliability and security of the data center of the provider, it is important to evaluate the service level agreement ( SLA ), which should guarantee compliance with the previously agreed requirements. It prescribes quantitative indicators of measuring quality of service ( QoS ). For example, availability, response time, and network bandwidth.

    A good starting point for learning can be the standards outlined in ISO / IEC 19086. You can also read the recommendations provided by the National Institute of Standards and Technology ( NIST ).

    And then we briefly give a few points that you need to pay special attention to in the SLA:

    • When assessing the level of service availability, be sure to check the time period so as not to get a conditional hour of downtime per month, and not several minutes per year. Also check the agreed service uptime (SVR) - a provider, for example, can guarantee 99.95% application availability from only 8 a.m. to 10 p.m. on business days;
    • Exceptions and exemptions - a clause that spells out conditions that relieve the supplier of his duties. This may include a subparagraph that the provider is not responsible if the malfunction caused the software installed by the client independently;
    • Examine SLA-defined values ​​for availability metrics, such as average recovery time ( MTTR ) and average time between failures ( MTBF );
    • Check with your IaaS provider where his area of ​​responsibility ends when network delays or packet losses occur, so that in case of network problems you can quickly contact your Internet provider;
    • Evaluate the size and rules for the provision of cash compensation in case of non-compliance with the terms of service. Including in the case of hacking and obtaining company information by third parties.

    We evaluate the work of technical support and add. services


    Within the framework of the signed SLA, the supplier is responsible for downtime, breakdowns, consequences of scheduled work and emergency situations. And in this case, he must promptly respond to all arising failures and restore the infrastructure. To make sure of this, it is worth evaluating the work of technical support (hours of operation, which tools it uses) and the availability of additional services that are responsible for the safety of data (in particular, backup systems).

    For example, at IT-GRAD, technical support works around the clock without holidays and weekends. We useITILv3 methodology and ITSM / MOF practices, as well as the IaaS resource and service model in conjunction with the monitoring system into which the ServiceNow ITSM system is integrated. All this gives a more detailed assessment of the quality of infrastructure.


    / photo by Dennis van Zuijlekom CC

    As for emergencies, many IaaS providers, as already noted, offer a backup service to protect data. Providers often provide such services in BaaS format, which helps companies minimize costs (including specialized hardware devices).

    For example, to work with backups, IT-GRAD customers receivedistributions of special agents for backing up data of required applications. If the customer has his own equipment that can be used to store backups, we offer a hybrid backup model that allows you to reduce backup windows and recovery time. At the same time, if the client uses NetApp storage , it has the ability to configure data backup as often as necessary. We talked about how to restore corporate data using NetApp SnapCenter in one of our materials .

    To summarize


    To summarize what has been said about choosing an IaaS provider:

    • The data center offered by the IaaS provider for deploying the cloud must be certified in accordance with the fault tolerance requirements of the international UI system (classes from Tier I to Tier IV). At the same time, you should be careful about the “+” sign next to the data center class. Such a designation is absent in the standard classification, it does not give much, but it can be the reason for the “price increase”;
    • When checking the physical reliability of the site, it is worth paying special attention to three points: access control, surveillance cameras, rack locations;
    • SLA must guarantee the level of accessibility of services and the procedure for monetary reimbursement in case of non-compliance with the terms of service. It is also necessary that the configuration of the virtual infrastructure meets your needs;
    • Pay attention to the availability and working conditions of additional services. For example, a backup service can serve as a guarantee against crashes and loss of information.



    PS What else are we writing about the First Corporate IaaS Blog:


    PPS Fresh posts from our blog on Habré:


    Also popular now: