SLA 104: Choosing the service hardware

Computerworld - In this installment of a series on understanding service-level agreements, I'll look at what you need to consider when choosing the hardware used to provide the services.

Service providers offer various hardware options depending on the nature of the security service for which users sign up. Some services will require the installation of dedicated hardware at the customer’s site or, if the service provider will be providing hosting services, in their cage. Some service providers host their own hardware in their own network operations center. Some provide the security service through hardware that is shared with many other customers.

Which option is better for your business depends on many factors, including your security policies, budget, trust in the service provider and the actual products used. In many cases, dedicated hardware may be more expensive than shared hardware.

Dedicated hardware may be a better option if you are a large financial or health care organization that does not want to sacrifice security for a cheaper application. Using dedicated hardware ensures that your infrastructure won’t be compromised because of misconfigurations or software bugs. For example, misconfigured firewall settings or defects in the firewall software could cause your traffic to be routed to the wrong interface, in which case the content of your applications will be exposed. These are not common problems, but they are considerations to keep in mind, especially if you have to comply with regulations such as the Sarbanes-Oxley Act of 2002 or the Health Insurance Portability and Accountability Act, where data protection is the most important requirement.

Dedicated hardware considerations

Dedicated hardware applications may come in the form of appliances that the product vendor sells, or dedicated hardware that the service provider has installed the security software. Either way, it's a piece of hardware you are not sharing with any other SLA customers.

Many providers offer different hardware set-ups depending on your performance requirements. The hardware at each level differs in terms of CPU, RAM, disk space and so on. Service providers will usually help you identify the hardware that best fits your environment, based on, for example, traffic volume on the network, or number of connections or users required.

Service providers don't always provide details about their hardware configurations in their SLA. This is because of the rate in which hardware installations can change. Not committing to specifics allows service providers to switch to other hardware when certain units are no longer available or when there are cheaper alternatives, or to upgrade hardware as replacement parts for older units become expensive or obsolete.