Coping with the New Era of Application SLAs

Jim Frey is Vice President of Research, Network Management for Enterprise Management Associates (EMA) and is a featured guest blogger.

The steady moves toward internal/external cloud computing, virtualization, more complex web applications, BYOD, the App economy and new strategies for dealing with cyber attacks are bringing disruptive change to IT.  These changes are mostly for the good, but along the way that have created a litany of new pain points and challenges.  On the positive side, these forces are combining to move IT towards greater application awareness – in most cases is an effective proxy for business value awareness – and towards a more service-oriented mindset.  In a small but growing number of shops, these shifts have even resulted in the use of application SLAs, by which IT teams commit to go beyond best efforts and “assure” that applications will be up, available, and performing to levels required by the business. 

How can organizations prepare to support application SLAs?

To most, they would seem implausible at best, but the good news is that there is plenty that can be done to make progress in that direction, and to lay the groundwork for success.
Essential to this transition is establishing full application awareness among IT engineering and operations. Application awareness is what allows teams to align viewpoints and recognize how the physical/virtual delivery infrastructure (network, servers, and storage) is doing its job, enabling IT end users, customers, and partners to conduct business and do their work.  Recent EMA research revealed that fully two thirds of enterprise network management teams consider service quality to be an increasing priority, and well over half said the same regarding end user experience and application performance.
That same study indicated that fully 40% of enterprises have folded their traditional NOC into a converged, cross-domain operations function, spanning network, systems, storage, applications, and oftentimes security. These types of organizational and priority shifts acknowledge the need to embrace service-oriented thinking to better understand and protect the ultimate output of IT.

What if you aren’t there yet?

The reality is that choosing the right place for establishing the application-aware visibility and application-oriented controls that will be necessary to underpin application SLAs is not always a simple matter. Most management technologies are not automated, and thus are prone to be best effort/reactive — always too late to get ahead of application performance issues.

The best answer is to take a structured, strategic approach to preparing for Application SLAs. 

  • First, learn from those who understand the concept of SLAs – the service provider community.  I recently had the chance to speak with a healthcare IT outsourcer that monitors all infrastructure and applications for a number of hospitals, clinics and medical offices.  They entered into SLAs with their clients that are purely based on application responsiveness, and don’t even report what is happening with the underlying infrastructure!  To do this, they had to rally around the applications and tie together monitoring data across multiple technologies, so they could relate everything back to those key/core applications.  For your organization, try a similar approach – identify your key applications and what the expectations are among the line of business and user community.  Start with agreed service level objectives (SLOs) while you work out how to measure and approach service quality, and work your way towards the more stringent approach of committed SLAs over time.
  • Strictly define the SLA in your organization / per application – this should take place prior to monitoring/management the SLA.
  • Next, take a look at your infrastructure and management technologies. Can they deliver the visibility you need into application activity and health (such as transaction and response times) in order to determine if you are in compliance with SLOs or SLAs?  Can those tools and technologies tell you directly if are in danger of breaching a service level commitment?
  • Third, the ability to automatically adapt to changing environmental conditions and implement capacity and traffic controls will be more important as applications multiply and the managed environment itself gets more and more dynamic.  Most organizations are not ready to embrace fully autonomous infrastructure systems, but even incremental, field-proven automations such as rate limiting, load balancing, and dynamic capacity management are very helpful.
  • Be able to optimize app delivery and accelerate apps response time – with WPO technologies, etc.
  • Most application SLAs will focus on known good traffic, but do not ignore the threat of malicious influences and cyber attacks. Security strategies need to be embedded into the plan, so that unexpected attacks cannot derail SLA compliance.  This means finding approaches that can provide a solid defense while also applying access policies that can be monitored and enforced.

While there are a number of ways to approach these steps, you will be better off if you can meet multiple goals with a single/unified technology approach.  For instance, some of these steps can be addressed via holistic solutions that are designed to provide application awareness, application optimization, and security in a single system.  Today’s advanced application delivery controllers are a great example, such as Radware’s Alteon NG, which can be configured and tuned to monitor and assure specific application SLA objectives while also implementing both defensive and policy-based security measures.

Application SLAs may well be the bellwether of the transition to IT as an internal cloud provider, and organizations large and small are steadily leaning in that direction.  There is no time better than now to prepare, by understanding your application mix, focusing on key applications of greatest value, and evaluating how you can start now to prepare. 

Like this article? Receive similar articles by subscribing to our blog today!

Jim Frey

Jim has over 20 years of experience with network management tools, technologies, and practices for enterprises and service providers. As VP Strategic Alliances at Kentik, Jim is responsible for building and leveraging relationships with external organizations of all types, including Technical, Marketing, and Channel alliances. Most recently prior, Jim was VP Research at Enterprise Management Associates, where he covered network planning, monitoring, troubleshooting, and optimization in the context of how those functions serve the higher-level goals of service-centric IT operations and strategy. Before EMA, he held executive marketing and partner management roles at NetScout and Micromuse, and prior to that held product development, management, and marketing roles at Agilent and Cabletron. Jim got his start in tech by spending eight years as a software engineer in the oilfield industry.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center