420 likes | 560 Views
Cloud Computing and its Impact on Software Licensing. Floyd Groce | DONCIO IT Efficiencies Branch Tom Crawford | Contractor support to the DONCIO May 15, 2013. DCO URL: https://connectcol.dco.dod.mil/ cloudcomputing15may2013v1 Dial Up: 1-866-783-7350; passcode : 6928919#.
E N D
Cloud Computing and its Impact on Software Licensing Floyd Groce | DONCIO IT Efficiencies Branch Tom Crawford | Contractor support to the DONCIO May 15, 2013 DCO URL: https://connectcol.dco.dod.mil/cloudcomputing15may2013v1 Dial Up: 1-866-783-7350; passcode: 6928919#
Continuous Learning Points (CLPs) You must have signed in DCO for this course Please email - Bruce Whiteman : (david.whiteman.ctr@navy.mil) with your contact data (Please include: Full Name, Rank if Applicable, Email Address, and Primary Phone Number), which course you participated in (Cloud Computing and its Impact on Software Licensing), and date/time of the course
What You Will Learn • Evolution & Characteristics of Cloud Computing • Cloud / Virtualization Models • Cloud Deployment Models • Key Considerations & Agreements When Moving to the Cloud
What is Cloud Computing? • Model for enabling: • On-demand network access • A shared pool of configurable computing resources e.g., networks, servers, storage, applications, and services • Rapid provisioning • Less management or service provider interaction Source: National Institute of Standards and Technology (NIST)
Evolution of Cloud Computing Easily demonstrate license compliance and trace proof-of-purchase records.
Changing Characteristics Need collaboration for service Some network access Multiple resources Broader scalability Optimization tools
Cloud / Virtualization Models Managed By Vendor Managed By Vendor You Manage Managed By Vendor You Manage You Manage
Discussion • How many of you participated in procuring or deploying applications to a cloud? • Were the applications hosted by the cloud service provider (CSP) or a third party?
Forecast: CloudyPosted by Daniel Moeller at December 25, 2012, 6:38 pm in Tech
1. Cost Reduction • Reduced cost of building andmaintaining IT infrastructure • Specific use scenario should be analyzedto determine whether or not a cloud deliverymodel may result in greater cost avoidance
2. Speed & Mobility • Reduction of complex procurementand deployment cycles • Self-service provisioning for addingfunctionality and new users • Ability to scale up and down as needed • Access your software and inherent data fromany device that has access to the Internet
3. Easier Collaboration • Pre-established application programminginterfaces (APIs) • Integrates popular applications for sharing of information to drive results
4. Heightened Security • CSPs often have cutting-edge, secure, and traceable data access trails • Most cloud servers will be hosted in physically secure data centers with strict access control for their own staff and no access for unauthorized personnel • Some question the heightened security
Discussion • Share the results you obtained by deploying applications in a cloud: • Any cost savings? • Better speed and flexibility? • Greater collaboration across entities? • Ease of user provisioning?
Rights to Use the Service • Subscription-based • Normally includes the right to use the service plus support and maintenance, hosting and storage fees • Extend the “internal use only” definition • Ensure third party contractors can use the service • Contract example: Users may include but are not limited to employees, consultants, contractors and agents of Organization, or third parties with which Organization transacts. • Ensure there are no hidden or additional fees
Payment Terms • Monthly or annual payment schedule • Locked in for an extended term • Achieve greater discount by locking in longer • Minimum number of user commitments • Payment usually starts upon contract signing even for a sandbox or other non-production use • Negotiate 2+ user types: read only and full • Ensure you have the administrative ability to add and remove users without CSP’s assistance • Fees are usually not based on actual usage
Future Fees • More users • Volume tiered pricing • Pure tiers and not step-through • More storage • Per user or instance • “New” functionality • Substantially similar or enhancement • Part of core product or CSP’s original intent • Energy surcharge
Application Capabilities Matrix Contract example: • Standard: Included in current version or a configuration • Custom: Needs to be developed • Future: On current 1-2 year roadmap • NA: No plans to develop In the “3rd Party” column, please designate whether or not such IP for the functionality is owned/controlled by a third party.
Infrastructure & Information Security • Multi-tenant vs. single tenant environments • Ensure multi-tenant environments have adequate security measures to protect apps & data • Perform an onsite risk assessment and incorporate ongoing standards & checks • Set secure code development standards—ability to test • Identify who can access your data—user permission roles
Data Rights & Responsibilities • Address ownership of data at rest and data in transit • Government data always belongs to the government • Incorporate data flow diagram and levelsof encryption into the agreement • Specify destruction and return of data requirements • Require data will be returned in usable format • NOTE: Many Infrastructure & Data Security matters are addressed by Federal Cloud Compliance Committee
Other Important SaaS Agreement Topics • Intellectual property indemnification • Rights to request software customizations • Cost and ownership of any such software customizations (work product) • Disaster recovery and business continuity • Termination conditions and cooperation • Also see Service Level Agreement termination
Additional SaaS Agreements • Support & Maintenance Agreement • Levels of support available and severity of issues • Response and resolution times • Remedies • Service Level Agreement • Uptime and performance levels • Remedies • Professional Services Agreement • Terms & Conditions for engagements with CSP • Training options
Support & Maintenance: Product • Identify: • Severity levels and ensure you have discretion over them • Response and resolution times • CSP’s escalation process and contacts • Notice period before all releases or ability to “opt-out” • Ensure support for third party integrations are included • Define remedies for failed turnaround times • How to submit a claim for a refund or credit • Ability to terminate the entire agreement without further liability under certain circumstances
Service Level Agreements: Hosting • Define uptime calculation and planned maintenance • Identify the CSP’s standard maintenance window • Request at least 48 hours’ notice • Define performance level and testing mechanism • Content load ping test • Third party tools
Service Level Agreements: Hosting • Confirm what monitoring and alerts are available • Define remedies for failed uptime or performance • How to submit a claim for a refund or credit • Ensure refund or credit for every hour or day of delay • Ability to terminate the entire agreement without further liability under certain circumstances
Measuring the SLA for Maintenance System Availability Example – 99.9%
Importance of Uptime Percentage 95.00% = 98.00% = 99.00% = 99.90% = 99.96% = 107 hours of downtime 43 hours of downtime 21 hours of downtime 2 hours of downtime 51 minutes of downtime
Example: SLA Termination Language • If Customer experiences: • More than 6 unexpected downtime hours resulting from 3 or more non-consecutive service interruption events during any rolling 30 calendar day period; or • More than 24 consecutive unexpected downtime hours due to any single event Customer shall be allowed to immediately terminate the Agreement and any Order Forms with Provider, and shall not be liable for any future committed fees beyond the termination date.
Discussion • Who has experience managingresponse time and uptime SLAs? • Discuss variations you have seen onSLAs, penalties, termination rights, etc.
Wrap-Up • Cloud computing is a broad and evolving term • Each software application and use has different contractual concerns, including data risks and ownership rights • Ensure strict security controls and protections are in place • Include a Applications Capabilities Matrix as part of your selection process and final contract • Ensure the Service Level Agreement has teeth • Document and track the support and escalation process and performance with the CSP • Plan for the worst—ensure cooperation during a data breach or termination
Resources • DoD ESI SaaS Toolkit • www.esi.mil/saas_toolkit • DoD ESI SaaS Agreement Template • DoD ESI White Paper: Best Practices for Negotiating Cloud-Based Software Contracts • http://www.esi.mil/contentview.aspx?preview=true&id=273&type=1 • CIO Council Guide: Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service • 5 Incredible Cloud Computing Statistics Posted by Daniel Moellerat December 25, 2012, 6:38 pm in Tech
Further Questions Tom Crawford IT Contracting SpecialistBUYSIDE PARTNERSEmail: tom1972@comcast.net Phone: 484-832-2037
For Continuous Learning Points (CLPs), please email: Bruce Whiteman (david.whiteman.ctr@navy.mil) and provide contact data (Please include: Full Name, Rank if Applicable, Email Address, and Primary Phone Number), which course you participated in(Cloud Computing and its Impact on Software Licensing), and date/time of the courseSubj: Request for Continuous Learning Points for: Cloud Computing and its Impact on Software Licensing, Presented May 15, 2013.