While service-level agreements (SLAs) are still a requirement of most customers before they sign on the dotted line, uptime and system availability are no longer their central concerns. This is because, like security issues, customers have begun to realize their ASP probably has better systems in place than they could reasonable purchase themselves. They are looking at SLAs more as a guide to the ASP/client relationship than as a way to penalize their ASP for not providing a predetermined level of service.

Anatomy of an SLA

Tell us what you think are the checklist items for today's SLAs. Comment in the 99.999-reliable ASPnews Discussion Forum

"The old uptime SLA is not as important to customers anymore," Craig Whetstone, senior director of Business Practices at San Carlos, Calif.-based Corio, told ASPnews. It's "table stakes" to get into the ASP game.

"What's more important is the actual service that you are offering," agreed Margaret Rimmler, director of Product Marketing for Lexington, Mass.-based ASP Surebridge. "It's good for setting up the expectations as to how we are going to work together."

Five-9's Not Financially Feasible
The exuberant era when ASPs were trying to promise five-9's availability (i.e., 99.999 guaranteed uptime reliability) has past. Most customers don't want to pay for it. Technologically speaking, five-9's is an elusive and costly target for most ASPs or their associated hosting provider to attain. At the same time, few customers actually require that level of reliability.

"It's a trade off between diminishing returns," Whetstone said. "The approach that we take is we want to offer the customer the most cost effective solution. It sounds great to get five-9's but it's going to cost you a lot get there. Is it really worth it to your business?"

Like other ASPs that have survived the recent industry upheaval, Corio has been around long enough to have developed basic SLAs that are then customized for each client. Some clients are very happy with Corio's basic uptime guarantee of 99.4 percent, but want robust disaster-recovery services instead, while others require uptime into the 9's.

This same is true for Surebridge, USinternetworking, and IT outsourcer and healthcare ASP Antares Management Solutions.

"The key is more than just 98 percent (uptime). It's what two-percent were you down? What time of day was it?," Ed Hartzell, CEO of Cleveland, Ohio-based Antares, told ASPnews.

From Availability to Applications
SLAs are now slowly moving beyond just availability agreements to cover the applications that are being delivered. This is an emerging trend. As customers become more confident they can get to their ASP-supplied applications, they are starting to want their ASP to cover how well those applications function when in use.

Some off-the-shelf products that accommodate this request are beginning to emerge, but the technology is still in its infancy, Corio's Whetstone said. Because of this, Corio is now working on in-house solutions that will track the progess of a purchase order, for example, and allow Corio to guarantee responsibility for the functionality of the e-commerce applications they are fielding.

"We're not guaranteeing the software won't loose the purchase order, we're guaranteeing we're going to do these processes around keeping the application working in a manner that minimizes the chance that will happen," Whetstone said.

Antares has similar initiatives in place. Surebridge, however, takes full responsibility for the applications they field. If a problem occurs, its first priority, regardless of who is at fault, is to get things up and running again. Once that is accomplished, they then go back and reverse-engineer the problem to find its source. But, application functionality is not a penalty-related event in their current SLAs, Rimmler said.

It Ends at the End User
As an full-service provider with its own data centers, USinternetworking also offers its customers application support, but they do not cover "end-user functionality expectations," Dave Collier, vice president of Business Operations for Annapolis, Md.-based USi, told ASPnews. This is unless data is inaccessible or unusable due to some fault on the part of USi. USi does offer helpdesk staff trained in the various applications that it offers.

"Someday, in the future, when the tools are right, we could possibly do some more application-layer-performance-type SLAs, but we're not there yet on the technology side; we're not there yet on the customer demand side," Collier said.

ASPs are still in the process of addressing the current crop of corporate pain points to sell their services and those customers have yet to start asking for promises that the applications they are buying from USi perform better than the ones they have in house. As these requests become more common and other issues fall by the wayside — like security, for example — this may well spur the next generation of SLA, the Application Service Level Agreement or ASLA, to coin a new acronym.

"The technologies for doing this are beginning to exist," Collier said. "But ASPs will respond [with] SLAs around that when the market starts to ask for those and [when] I'm able to increase my sales by 40, 50, 80 percent because I have that differentiation."