SERVICE LEVEL AGREEMENT PARAMETERS FOR ECOMMERCE CLOUD
AbdelSalam H. Busalim1 Ab Razak Che Hussin 1
1 Universiti Teknologi Malaysia, Faculty of Computing, Skudai, Jorhor Bahru, Malaysia (www.utm.my)
ABSTRACT
Nowadays Services Level Agreement (SLA) became an important aspect between the cloud consumer and cloud provider, the dynamic nature of cloud computing needs to continue monitoring of the services. The restricted choice of appropriate parameters in SLA affects the interacting of end user with cloud services and creates risks of user data. End users are concerned about their data and how it will be stored in cloud and how the data is recovered in the case of failure of disaster. However, none of SLAs consider the end user view while conducting the SLA document. This paper discusses the importance of the parameters which need to be included in SLA when ecommerce companies move to cloud services, In order to verify and validate these parameters in ecommerce cloud, data were collected from105 respondents in faculty of computing in Universiti Teknologi Malaysia. The results indicate that most of the selected parameters are significant from the end users point of view.
Keywords: SLA, Cloud Computing, ecommerce cloud
1. INTRODUCTION
Cloud technology is becoming an increasingly popular trend. As a new concept, cloud computing offer online software and hardware capabilities. It offers a secure online environment for data storage and various e-commerce services that maintain the latest technologies and continuous protections for clients. Many ecommerce companies are turning to cloud computing and services due to the cost-efficiency it offers. According to the Gartner group report, by 2013, 40 % of e-commerce companies will use a complete cloud services (SaaS) solution. It appears that cloud computing is set to change the ways in which businesses operate [1]. Form the business perspective, cloud computing offers a great number of benefits including reduced infrastructure and maintenance costs.
Many e-commerce companies and retailers have moved to cloud services due to the many benefits this shift offers in regards to cost effective and easily accessible storage options, and elastic computing and infrastructure. In 2012, the Gomez application performance monitor report clearly showed that among the 50 well known online retailers, 40% use Amazon cloud-based applications. However, there a number of risks associated with this reliance on outside services, especially from the perspective of end users. For e-commerce cloud companies, the end user is an important capital; therefore, satisfaction of the end user is a major goal of e-commerce cloud service providers. Among the risks the end user potentially faces when engaging in cloud-based e-commerce, is the issue of confidentiality of data, how data is stored, and who has access to this data. Another problem concerns privacy. The dynamic cloud environment makes it difficult for cloud providers to observe current data protection regulations and privacy policies [2]. The majority of current cloud contracts are little concerned with consumer privacy and consumers are often poorly informed about privacy issues [3].
One method of ensuring that the client receives the correct services best suited to its needs is the SLA, which has transformed from being a financial contract into a managerial tool to ensure the expectations of the customer are met [4]. For this mechanism to be effective there is a need for clear definitions of services, and suitable measuring parameters to measure the level of services. In the cloud computing environment, computer resources and infrastructures that are offered are scalable, and the platform, software and infrastructure provided in the form of services can be accessed anytime and anywhere. However, provisioning this paradigm of cloud services requires specific SLAs for every type of services. This can be rather challenging in view of the diverse range of services offered by cloud computing services, the various levels of each service, and the diverse needs of clients. No two clients are identical.
This paper organized as follow. Section 2 highlights the literature review, Section 3 explains the methodology adopted by this paper, Section 4 will cover the results and discussion of the paper, then conclusion of this paper will be in Section 5.
2. LITERATURE REVIEW
A. Risks and Challenges in E-Commerce Cloud
In ecommerce cloud sellers ,a large number of users information is stored in the cloud ,and transmission and processing taking place in cloud, therefore, the problems and risks more than traditional e-commerce model [5]. Increasingly, online retailers are relying on cloud services and applications such as storage, computing, comparison engines, product locators and dynamic imaging to run their businesses. With this relying on outside services high risks raised out . As a result, they are losing control of the end user experience.
The confidentiality of the user’s data is one of the main risks facing ecommerce cloud. In e-commerce cloud, most of the business information is stored in the cloud therefore, e-commerce companies are not able to supervise and monitor user's sensitive information. As virtualization technology been used in cloud computing, e-commerce companies using cloud services are not clear about where the data been stored, and do not even know the physical location of that data.[5]. The European Network and Information Security Agency (ENISA), conducted a survey for the main cloud computing security issues. More than 70 % of the SME (small and medium enterprises) in this study are concerned by the first six criteria and more specifically by confidentiality of data. Privacy are another important issue in Cloud Computing. The dynamic nature and structure of Cloud environment, make it difficult for Cloud providers to follow the current data privacy and protection rules. The main reasons beyond this, the transnational nature of Cloud Computing that has to face the national nature regulation privacy[2].
Transparency towards cloud services users must be the golden rule. Users do not know where the data stored and by whom it will be finally processed. It is compulsory for Cloud services providers to inform the users about the way in which data are processed . In the case of e-commerce Companies concern about the end user personal data, these important and private data may contain names, addresses, e-mail addresses and credit card numbers [2]. As known, that virtualization is one of the backbone of cloud computing technology, therefore there are some security risks in sharing machines for instance, losing control over data location, and who has the right to access to user data. [6]
B. Services Level Agreement (SLA)
To achieve high quality and performance goals in services or products, it may need the enterprise to establish and manage service level agreement (SLA) between the enterprise which provides the business service or product and the consumers, companies are responsible for its shareholders, expectations of the level of service to be offered [7]. The main goal of establishing SLA process is to improve the Quality of Experience of the service or product to the enterprise customer and reach the satisfaction level .
However Service level Agreement (SLA) is a document describes the level of service expected by a customer from a services provider, based on metrics or policies by which that services are measured, and penalties if any, should the agreed-upon levels not be achieved. Usually, SLA is between companies and external suppliers[8].A service level agreement can be an extremely effective communication tool for creating a common understanding between two parties regarding services , expectation , responsibilities and priorities [9]. Cloud technology as new paradigm of computing where available computing resources are delivered as a service. These resources are generally offered under the concept of pay-as-you-use, therefore cloud services become attractive to cost conscious customers. In order for Cloud providers to provide customers with services that meet their demands, both sides need to negotiate the client's requirements and the provider's services capabilities, and then they agree to certain conditions and terms which is the services level agreement [10]. The figure below shows the SLA parties in cloud environment.
Figure 1: SLA parties in cloud environment
.
The main purpose of SLAs is to set a framework for the providing services and for the cooperation among service providers and service consumers[2]. However the concept of "everything-as- services" offered by in cloud manner, this paradigm has made the establishment of SLA more challenging and makes the relation among the cloud providers and users getting more complex.
C. Services Level Agreement Parameters
The SLA in cloud computing It consists of a set of measurable attributes called SLA parameters which are established by some objectively measurable conditions, termed as Service Level Objectives (SLOs)[11]. The parameters used to measure and manage performance compliance to SLA commitments are the key of successful agreements and are a critical long term success factor[12]. There are examples include the parameters of throughput and timing, also the percentage of availability of virtual machines and other resources, these objectives can be written in the SLA in the form below: [13].
· Availability of a service X is 99.5%
· Response time of a database query Q is between 3 to 5 seconds
· Throughput of a server S at peak load time is 0.875.
There are several many studies have been conducted related to SLA in cloud computing environment. [11] pointed out that the SLAs provided by the presented cloud providers are relatively biased towards cloud providers and do not provide any formal method of verifying if the guarantees are complying or not, therefore the author attempted to identify the SLA parameters for Storage-as-a-Service in cloud delivery model and also the objectives for measuring these parameters and finally he proposed a monitoring framework for compliance checking.[14] proposed a framework to minimize the issues of trustworthiness among the cloud service provider and cloud consumer, by using a quantitative model of trust. They identified and formalized several parameters which has derived from SLA, these parameters to estimate trust. In this framework, the identified set of parameters have categorized into two sets. The first set of parameters obtained from the SLA description and named as Pre-SAL parameters. These parameters are obtained in trust estimation before signing the SLA contract, which can to help to build the consumer’s initial trust on the cloud provider. However, most of cloud service providers focus only on small set of parameters, namely Availability, request completion rate and response time.[15] conducted a study to break down the Cloud SLA into easy and understandable components and compare the SLAs of the considered public cloud provider. By comparing the SLA of Amazon, Rackspace, Microsoft, Terremark vCloud Express and Storm on demand, the study highlighted that none of those providers offer nay performance guarantee for the services nevertheless, none of the providers automatically credit the consumer for SLA violation, consumer should detect the SLA violation. The problems and unfulfilled expectations during accomplishing the SLA are the result of , poor choice of parameters[12].
As we mentioned in our previous paper [16] that In ecommerce cloud, to alleviate the risks and challenges facing the end user during using ecommerce cloud websites, suitable parameters need to be included in SLA to consider the end user perspective. The table below describes the extracted parameters for E-commerce cloud SLA, which can be used for Managing and monitoring the Quality of services delivered by cloud providers.
Parameters / Description / CitationsAvailability / The uptime of the services for the user in specific time / [15, 17] [18] [19] [11] [20] [21]
Scalability / Ability to increase and decrease the storage space / [21] [19] [18]
Portability / The services working on different devices or different platforms / [21] [19] [18]
Performance / The duration of time to respond on user's requests / [17] [20] [19] [18] [15] [14]
Security / The security of user data and the safety of the environment in the cloud / [17] [19] [18]
Reliability / Services ability to operate over the time without failure / [21] [19] [18]
Usability / The ability of the service to be attractive ,understandable, learnable, operable / [19] [21] [18]
Backup & Recovery / How the Service store the image of user data and the ability to recover data in disaster. / [17] [18] [15] [14]
Data location / Availability zones in which the data are stored / [18]
Table 1 : Deriving Cloud SLA Parameters
3. METHODOLOGY
This section basically illustrates the activities for every phase in the research, which should be carried out for this paper. There are four phase in the research methodology which are illustrated in the figure 2 below. From the literature review phase we have found out some potential limitations in the SLA parameters and frameworks provided by cloud services providers, especially in the context of the e-commerce cloud. The current SLAs mentioned only the availability of the service and the performance level of the services, in e-commerce environment most of the companies have moved to cloud service, however the ecommerce end user in cloud computing environment facing risks during communicating with ecommerce cloud websites and, the SLA between the cloud provider and ecommerce company does not consider these risks, and the user should be aware for this SLA. After
identifying the main SLA parameters which is based on the risk and challenging in ecommerce
cloud, a questionnaire is constructed to verify the end user perceptions regarding the importance of these parameters. This research is using quantitative method for collecting data. The questionnaire consist of two parts, the first part is the demographic part and part B is questions which related to parameters. Content validity process has been conducted before distributing the questionnaire, by asking two experts in faculty of computing in Universiti Teknologi Malaysia (UTM), to make sure that the questionnaire is well organized and the questions is easy to understand. The final modified questionnaire has been distributed online using Survey Monkey tool. The sample size of the respondents after distributing the final questionnaire is 105 students, and the time for collecting the data was around two weeks The respondents are the postgraduate and undergraduate students of computing faculty in UTM.