Chapter 7: The Dark Side of Outsourcing

• Use the strategies in this book-particularly service level agreements-to create the proactive controls you want now, rather than at the time you need to exercise them, i.e., when problems occur.
• To avoid lock-in and reduce switching costs, always have an exit strategy-a plan for how you’ll switch vendors if necessary.
• If you need tools and utilities, try to find them independently and include them in your site in a manner that’s, therefore, portable.
• Don’t be afraid to use a mix-and-match approach to fulfilling your requirements.
• Use selective third-party outsourcing that can transcend and outlast the relationship with a specific web-hosting service or MSP to minimize your lock-in to that vendor.
• Register your domain name yourself and check it regularly to ensure that neither your vendor nor anyone else has hijacked it.
• Ask prospective vendors how they evaluate and reward their employees. Is everyone’s compensation-even the hands-on engineers’-based at least in part on customer satisfaction? On your satisfaction? Also ask about their rates of employee turnover.
• Evaluate each of the service components independently. Quality and value in one are not guarantees of quality or value in others.
• Beware of service components with unusually high prices. These may be components that the vendor rarely provides.

Chapter 8: Getting it Right

• Aim to be on the leading edge (e.g., higher-budget side) of your vendor’s sweet spot.
• To avoid biasing vendors’ sales pitches, always find out what they’re selling before you tell them what you’re buying. Of course, they’ll try to do the opposite, so start by asking questions rather than by answering them.
• A service that’s described in a vendor’s literature and has a standard price is often preferable to one that’s custom or delivered via “professional services.” If there’s any doubt, ask for reference customers who have been using the service in question for some period of time, and contact those customers yourself.
• Don’t ask a vendor to support hardware or software beyond what’s contained in its published list. Doing so is both expensive and risky. If you really need that component, find another vendor who can support it. (If you can’t find one, consider it an omen.) Otherwise depend on the manufacturer, a third party, or plan to support it yourself.
• Make sure your vendor will profit from a successful relationship with you, and will likewise incur a loss if there are problems caused by inadequate vendor services. Rather than adopt this logic globally, apply it to each service component individually.
• Protect against being dumped by a vendor by constantly reviewing your value to that vendor. Put yourself in its shoes.
• Don’t ask vendors to do things your way (even if your way is better) unless you consider the additional cost and risks.
• Use shared resources and services where appropriate as a way of creating a greater urgency for the vendor in case of failure.
• Consider renting servers if the vendor has both 24x7 on-site maintenance staff and on-site spares.
• Favor renting if you anticipate early or frequent upgrades.
• Use renting as part of your exit strategy by mitigating lock-in and reducing your switching costs. Renting gives you the option of operating your web site simultaneously at old and new locations without the need to purchase duplicate hardware.
• If rental is your first choice, be prepared to negotiate for a fair price. Consider the total cost of ownership (including the value of spares, upgrade flexibility, and mitigation of lock-in and switching costs) in your evaluation.
• Use leasing (a) when preservation of short-term cash is your primary concern, (b) if you have a large configuration, or (c) when you require non-standard components.
• Make use of your web-hosting vendors procurement services when buying hardware and software.
• Assume that no matter who developed the customized applications and content for your web site, you’ll have to take responsibility for its maintenance, including if necessary, 24x7 support.

Chapter 9: Risk Management

• Ask each vendor for the average actual uptime percentage its customers have achieved for the past twelve months. Use the range between this value and the uptime promised by the vendor’s SLA as the basis of your risk analysis.
• Confer with your company’s financial management to determine (a) what loss multiplier should be used for estimating your losses, and (b) whether to model losses and risk-reduction costs relative to the top line (revenues) or the bottom line (profits).
• Use formal modeling to estimate the cost of downtime and to determine which increases in uptime guarantees will save more than they cost.
• Review web-hosting contract provisions for force majeur more carefully than you would when considering a typical business contract.
• Your risk management plan should include specific risk-reduction strategies to avoid and reduce the frequency, impact, and duration of failures.
• Vendors that offer risk transfer are more expensive, but the additional cost may be justified. Use risk analysis to determine whether the services of such a vendor are worthwhile.
• If you intend to purchase insurance to cover losses due to web-site outages and other failures, consider using a web-hosting vendor that already has a relationship with an insurance company.
• Since they cause 80% of unplanned downtime, due diligence of vendors’ staff and processes should be included in your risk-reduction strategy plan.

Chapter 10: Service Level Agreements

• Don’t rely on SLAs in lieu of actual due diligence. It’s more important to research a web-hosting vendor to determine whether it can actually achieve the service levels to which it commits.
• Require vendors to assume responsibility for things beyond their control to the extent that these things can be measured by an objective third party and compared to industry averages.
• Don’t accept SLAs in which the vendor determines whether it has achieved its performance service levels. If possible, use a third party.
• Require vendors to refund or credit up to 100% of their fees if they miss their service levels.
• If you have no choice but to accept an SLA that places the burden of initiating a claim on you, make sure you know precisely what supporting data you must supply. Also watch out for time limits for making your claims.
• Avoid SLAs whose remedies don’t take effect unless failures occur continuously and over consecutive periods.
• Scheduled or preventive maintenance should be counted as downtime when calculating a connectivity service level.
• Don’t accept exclusions for third-party network problems. Instead ask for an SLA that’s based on objective measurements of user experience compared to an industry average.
• Challenge prospective vendors to exclude from Acts of God any services that they claim are particularly robust during their sales cycles or in their marketing materials. Whatever their reaction, protect yourself against Acts of God by purchasing insurance.
• Watch out for general exclusions of causes. Any causes that are excluded should be done so explicitly.
• At the very least, require vendors to refund or credit fees for missed service levels on a pro-rata basis. An accelerated schedule will increase their motivation to deliver as promised.
• Include incentive bonuses for vendors that exceed expected service levels.
• Ask vendors for written definitions of the classification of incidents by severity and for an explanation of the rules for their use.
• Every reactive SLA should clearly state who’s responsible for monitoring, dispatch, problem determination, and problem resolution.
• Look for SLAs that commit to resolution of problems, not merely initiation of a response.
• Don’t include (even by reference) an SLA in a web-hosting or managed-services agreement unless it expresses the levels of service you’ll accept. If you and your vendor can’t agree on the wording of an SLA, it may be preferable not to have one at all. Better yet, find another vendor who will put better service levels in writing.
• Don’t let vendors exclude liability for the very things you’re paying them to do for you.
• Insist that vendors accept responsibility and liability for the actions of their sub-contractors to the same extent they would if no sub-contractors were involved.
• Ask for provisions in your contracts giving you the option to terminate in case of a problem with the vendor’s colocation or managed service partners.
• Negotiate a cap on annual price increases of 10% per year on a per-line item basis.
• Request provisions that give you the option to cancel your web-hosting agreements in case another company acquires a controlling interest in one of your vendors.
• Make sure contracts and SLAs include a formal process for the escalation and resolution of disputes.
• Negotiate clear and unambiguous definitions that give you the option to terminate agreements if service levels are consistently missed.
• Make sure vendors are required to assist you with the relocation of your site if you exercise an option to terminate your web-hosting or managed services agreement.

Chapter 11: Traffic Models

• If your web-hosting service is going to charge you for additional bandwidth, you should know how much in advance.
• Ask prospective vendors how they measure traffic, and specifically whether they include protocol overhead and inbound traffic in their measurements.
• Most sites generate log files that take up much more disk space than their content. Plan ahead for log-file space requirements, and develop and follow a log-file rotation and deletion plan.

Got another tip you think we should add to the list? Email it to tips.