Service Level Management of Cloud Computing – Part VII

Commercial cloud computing vendors are expected to meet achievable QoS requirements, and if the entity is vigilant, sign legally binding SLAs promoting expectation fulfillment. To ensure effective SLAs, OLAs must be defined and developed prior to deploying any cloud computing service. These OLAs should cover expectations that assist the entity’s IT organizational structure in services delivery and contractual negotiations.

Commonly, OLA utilization requires explaining how services will be technically delivered to support the SLA(s) in an optimal manner — with provisions for timely updating related to service quality. Consequently, an OLA should specify technical processes in terms meaningful to the cloud computing provider, and can support several SLAs.

“View Part I of the Service Level Management of Cloud Computing series here“

Service Level Management of Cloud Computing – Part VI

SLR recording dictates identifying performance as well as capacity requirements and placing them in a SLM registry. These SLRs can encompass:

• Scalability
• Maintainability
• Reliability
• Availability
• Performance
• Security

During the initial cloud computing acquisition phases, an IT architect should define the QoS measurements for each of the SLRs.  Furthermore, an entity’s IT clients should agree on: guidelines for dealing with reported problems that may require extended timeframes to resolve as well as information detailing the impact of problems on business processes, other IT configurations and service users.

“View Part I of the Service Level Management of Cloud Computing series here“

Service Level Management of Cloud Computing – Part V

To enable SLM, customers as well as internal and external suppliers should be identified and managed. For most service providers, cloud computing infrastructure consists of services delivered through central sites utilizing configured servers. Whereby, IT services often appear as single access points to clients.

Descriptively, establishing sound SLM necessitates clear service specifications and interfaces defined with customers (Service Level Requirements (SLRs)). Furthermore, internal Operational Level Agreements (OLAs) and contracts with external suppliers will facilitate adherence to negotiated SLAs.

“View Part I of the Service Level Management of Cloud Computing series here“

Service Level Management of Cloud Computing – Part IV

SLM can be considered QoS monitoring and management based on key performance indicators (KPIs). QoS KPIs can range from generic availability and usage statistics to entity-centric per-interaction indictors. Adequate SLM requires potential problems identification — such as gradual performance degradation — and alerts creation enabling downtime risk minimization. Consequently, SLM practices should include comparing actual performance to pre-defined expectations, determining appropriate actions and generating expressive reports to permit service improvement.

“View Part I of the Service Level Management of Cloud Computing series here“

Service Level Management of Cloud Computing – Part III

Usually the rapid growth of virtualized resources across multiple domains begets heightened IT service delivery expectations. To reconcile this perspective, management normally insists on increased quality, functionality and ease of use; decreased deployment time; and continuously improving service levels — with multilateral cost containment or abatement.

For the entity’s IT service delivery personnel, business expectations generally translate into providing appropriate SLM of cloud computing. Typically, SLM is considered the primary IT managerial area that ensures promised services are delivered when and where expected at agreed-upon cost. As with most managerial endeavors, there should be a well formulated plan. Consequently, assisting in actualizing expectations for SLM processes is the Service Quality Plan (SQP) addressing specific managerial objectives.

“View Part I of the Service Level Management of Cloud Computing series here“

Service Level Management of Cloud Computing – Part II

IT assets are complex to manage and continually change due to the nature of technology and changing business requirements. Effective life cycle management of hardware, software licenses and service agreements; as well as permanent and contracted human resources are critical success factors (CSFs) not only for optimizing the IT cost-base, but also for managing changes, minimizing service incidents and assuring a reliable quality of service (QoS).

As suggested by International Business Machines (IBM), cloud computing enables entities to provision reliable, on-demand services in a flexible and affordable manner; thus, offering the benefits of open standards, scalable systems and service oriented architecture. However, there are potential challenges associated with managing a cloud environment, including:

• rapid growth of virtualized resources across multiple domains
• linkage of dynamic resources to underlying IT infrastructure
• operational monitoring and problem determination across the physical and virtualized infrastructure

“View Part I of the Service Level Management of Cloud Computing series here“

Service Level Management of Cloud Computing – Part I

Service Level Management (SLM) defines, negotiates, controls, reports and monitors agreed-upon service levels within predefined standard service parameters. Usually, effective IT service delivery is considered adequate when system issues are swiftly redressed to the satisfaction of users. An entity’s ability to sustain appropriate IT service is heavily dependent on building service commitments and managing service levels.

SLM deployments can flounder because IT management skews service focus towards technology centric measurements specific to categorized domains. Correctively, the IT service department should provide circumspective insight into service levels that management understands. Furthermore, objective achievement should reflect building and measuring service-based contractual arrangements. Not only do service-based negotiations encourage directed dialog between IT and business units, but also promote IT practices unification across configuration items supporting computer applications and business processes.

Compliance through Automation: Continuous Monitoring – Part VIII

Since management is responsible for the entity’s controls, they should have the means to determine, on an ongoing basis, whether selected controls are operating as designed. Continuous monitoring typically addresses management’s responsibility to assess the adequacy and effectiveness of controls. It enhances managerial capabilities and entity-level controls, while striving to enable maintaining acceptable performance levels. Furthermore, with the ability to identify and correct control problems on a timely basis, automated continuous monitoring enriches an entity’s compliance program. Nonetheless, the key to a successful deployment of automated continuous monitoring is process ownership by personnel assigned responsibility for responding to reported exception conditions.

“View Part I of the Compliance through Automation: Continuous Monitoring series here“

Compliance through Automation: Continuous Monitoring – Part VII

Continuous monitoring allows management to have greater insight into the entity’s current state of compliance. Typically, for IT, continuous monitoring involves ongoing automated testing of selected datum within a given process area against a suite of control protocols. Management can utilize this information to set or reset process guidelines, rules and tests; through applied analytics identifying performance gaps or unusual events that may suggest control failures. This type of continuous monitoring can exist in IT hardware, firmware or software enabled to observe and record automated activities. Therefore, automated continuous monitoring provides a timely feedback mechanism for management to ensure that configuration items and controls are operating as designed and datum are processed appropriately.

“View Part I of the Compliance through Automation: Continuous Monitoring series here“

Compliance through Automation: Continuous Monitoring – Part VI

To ensure effective continuous monitoring, adequate segregation-of-functions must be sustained. Continuous monitoring and segregation-of-functions are not new control concepts. Yet, technological integration issues can be a barrier to implementing continuous monitoring systems that are: independent of operational processes and capable of easy configuration for specific risk tolerance requirements. Procedurally, achieving appropriate functional independence in an automated system necessitates defining IT and operational user work units considering control context. As a result, when properly deployed, segregation-of-functions assures organizational responsibilities do not impinge upon independence or corrupt information system asset integrity while tracking and collecting datum regarding individual processes.

“View Part I of the Compliance through Automation: Continuous Monitoring series here“