An official document containing policies and pledges for customers of Oracle's cloud services reveals that many aspects fall in line with industry standards, while others may prompt cause for worry among customers, according to analysts.
The document was last updated Dec. 1 and is marked "confidential," despite being openly available on Oracle's website (PDF). It lays out the rules by which Oracle and its cloud customers must play, apart from any special terms that may exist in individual contract agreements. Oracle launched a wide array of cloud services this year, including its Fusion Applications as well as a PaaS (platform as a service), IaaS (infrastructure as a service) and social network.
[ Stay on top of the current state of the cloud with InfoWorld's special report, "Cloud computing in 2012." Download it today! | Also check out our "Private Cloud Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
Analyst Ray Wang, CEO of Constellation Research, offered a measured perspective after viewing the document this week.
In many respects, Oracle's policies fall in line with principles spelled out in a cloud customer "bill of rights" document Wang recently created, he said.
But customers should be mindful of other policies, such as one that allows Oracle to turn off access to accounts in the event of a dispute or account violation. "Customers may want to get clarity on the type of incidents that would result in a temporary turn-off of service," Wang said. "Unlike on-premises software, this is a potential concern, so the process and triggers should be carefully outlined."
But another analyst took a more critical view of Oracle's cloud policies.
Oracle's pledge of 99.5 percent availability "sounds pretty good, until you understand that it is only measured against planned availability," said analyst Frank Scavo, president of IT consulting firm Strativa. Oracle grants itself a number of exceptions with respect to "unplanned downtime," some of which seem overly generous, Scavo noted.
For example, one gives Oracle an exception in the event of the "unavailability of management, auxiliary or administration services, including administration tools, reporting services, utilities, or other services supporting core transaction processing," Scavo noted. "Inasmuch as the availability of system components are under Oracle's control, why does Oracle grant itself an exception for their unavailability?"
In another instance, Oracle dictates that it is taking responsibility for cloud security, including system hardening, Scavo said. "But it then turns around and grants itself an exception to its service level agreement in the event of 'a hacker or virus attack.'" The vendor is also more than capable of thwarting a denial-of-service attack, and therefore such attacks should not be grounds for Oracle to fall short of its availability promise, Scavo added.
Scavo also took issue with Oracle's apparent reluctance to allow customers to perform independent monitoring of its cloud services. "Exceptions to this are the Oracle Database Cloud Service and Oracle Java Cloud Service or if otherwise expressly permitted in the ordering document," the policy sheet states.
"Oracle's stated reason here is to ensure that any such monitoring tools do not adversely impact the cloud services," he said. "However, it would seem to also preclude a low-impact automated script running in the customer's own data center to merely ping the cloud system, say, once a minute, to ensure that the system is available and to notify the customer if it is down. This [policy] seems to me to go beyond what is necessary." Customers should push for the right to independent monitoring during contract talks, Scavo added.
Another eye-opener for Scavo was the fact that Oracle reserves the right to perform "major changes" to its cloud infrastructure up to twice a year. "Each such change event is considered planned maintenance and may cause the Cloud Services to be unavailable for up to 24 hours," the document states. Customers with the most stringent high-availability needs should take special heed of this clause, Scavo said.
Customers would be wise to make sure they get in writing that Oracle will suffer some agreed-upon penalty for falling short of its service availability pledge, according to Scavo.
Many early adopters of Oracle's Fusion Applications are going with the cloud deployment option, at least in part because of the complexity involved with installing them on-premises.
Oracle is taking a careful approach to selling Fusion, telling customers now running its E-Business Suite, JD Edwards, and PeopleSoft applications that they can adopt the new software at their own pace.
But given the monumental effort Oracle put into developing Fusion Applications, it seems apparent that over time, it hopes to move the bulk of its installed base over to them. Thus, the way Oracle defines its cloud services policies could get even closer scrutiny over time.
An Oracle spokeswoman declined to comment for this story.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com