Service-level agreement (SLA) - Hybrid Connectivity

Service-level agreement (SLA)


Enterprise organizations often require a service provider to specify an SLA for each service the organization may consume. The organization in turn builds its own service(s) on top and may offer their own consumers an SLA. The SLA is important as it describes how the service is provided, operated, and it often includes specific measurable characteristics such as availability. Should the service break the defined SLA, a service provider usually offers a financial compensation under the SLA. The SLA defines the type of measure, the requirement, and measurement period. As example, refer to uptime target definition under AWS Direct Connect SLA.

Impact on design decision

SLA can be a non-negotiable consideration that can force other tradeoffs. If the connectivity is not available, resources running in the cloud could not be accessed. If a formal SLA with applicable service credits for the connectivity is required, appropriate connectivity to satisfy this requirement should be selected.

It could be possible that only a subset of cloud resources requires an SLA, such as the ones used for production applications. Other environments such as development and testing may not require SLAs. This is where a mix of connectivity options could be considered.

Requirement definition

  • Is hybrid connectivity connection SLA with service credits required?

  • Does the entire hybrid network need to adhere to the uptime target?

Technical solutions

Connectivity type – internet connectivity as underlying transport doesn’t provide an SLA. While great care is taken to have multiple links in place with diverse set of Service Providers (ISPs), control of network resources outside the respective administrative domain of AWS or single ISP is simply not possible. There is limited amount of traffic engineering a cloud provider can do once the traffic exit the border of their network.

AWS Direct Connect offers a formal SLA with service credits. This is the recommended transport if an SLA is required. AWS Direct Connect SLA lists specific minimal configuration requirements for each uptime target such as number of AWS Direct Connect locations, connections, and other configuration details. The failure to satisfy the requirements means that service credits cannot be offered should the service breach defined SLAs. At the time of writing, dedicated AWS Direct Connect links are required at a minimum of 2 locations. Make sure to review the requirements as they may change overtime.

Importantly, even if the service selected to provide the hybrid connectivity is configured to meet the SLA requirements, the rest of the network may not provide the same level of SLA. The AWS responsibility ends at the AWS Direct Connect location, more specifically at the AWS Direct Connect port. Once traffic is handed over to your organization’s network, it is no longer the responsibility of AWS. If you use a service provider between AWS and your on-premises network, connectivity is subject to SLA between yourself and the service provider, if applicable. Keep in mind that entire hybrid network is just as good as the weakest part of it when designing hybrid connectivity.

AWS Direct Connect partners also offer AWS Direct Connect connectivity. The partner may offer an SLA with service credits based on their product offering up to the demarcation point with AWS. The option should be evaluated and further researched directly with APN Partners. Refer to the APN list for more details.

Logical design: In addition to the connectivity type you also have to consider other building blocks as part of your overall design. As example, AWS Transit Gateway has its own SLA as does AWS S2S VPN. You might be using AWS Transit Gateway for scale and AWS S2S VPN for security reasons but both have to be designed in a certain way to be eligible for service credits with each respective service.

SLA consideration decision tree

Figure 1 – SLA consideration decision tree