“selecting a hosting provider – 7 criteria that must...

A white paper presented by Enterprise Hosting

Enterprise Hosting ¥ http://www.enterprisehostinginc.com 678.317.9019 ¥ 1055 Spring St NW ¥ Atlanta, GA 30309

“Selecting a Hosting Provider –7 Criteria that MUST Be Evaluated”

What Every IT Executive and CEO Needs to Know

Enterprise Hosting • http://www.enterprisehostinginc.com678.317.9019 • 1055 Spring St NW • Atlanta, GA 30309

2

From The Desk of: Mark Scully General Manager, Enterprise Hosting

What’s on the line if you partner with the wrong service provider?

The short answer? Everything. When things go awry and you don’t have a competent IT partner to help you, your organization is the one that will take the fall. Your company’s customers, brand, and reputation in the industry can be in jeopardy, in the blink of an eye.

That’s why we wanted to provide executives with a simple, easy-to-read report that would explain the selection criteria and evaluation factors to consider in order to make the best possible decision when selecting your hosting partner.

But how do you define the characteristics that an optimal provider possesses? What exact capabilities will translate into an edge for you, the customer? What things are more important to look for, and what items aren’t as critical?

It’s a difficult issue to navigate. However, by ensuring you choose the right provider at the outset, you can eliminate significant costs and headaches down the line with respect to compliance, security, service level commitments, transitioning, redundancy, and customer support—in effect, your overall performance and abilities in the marketplace.

Who will you choose? By the end of this report you’ll know, or at least have a much better understanding, of the types of things that should be on your checklist when evaluating IT service providers. Of course, we are always available as a resource for a second opinion or quick question, so please feel free to contact my office directly if we can clarify any points made in this report or answer any questions you have.

Dedicated to serving you,

A Letter from the Author Why Did We Create This Report And Who Should Read It


3

Critical Factors to Evaluate When Selecting the Ideal Service Provider to Host Your Business-Critical Application

In this report I’m going to talk about 7 critical criteria you need to examine before choosing the hosting service provider that will support your IT infrastructure. These criteria include:

1. Customer Service/Support

2. Service Level Agreements

3. IT Service Provider vs. In-House Solution

4. Compliance

5. Data Center Facility Location and Capabilities

6. Solutions / Technologies; and, finally—

7. Cost

At the end of this report you will also have access to the following decision criteria matrices that can be used to help you pursue the optimal service provider for your desired solution:

1) Appendix A: Enterprise Cloud Provider Checklist

2) Appendix B: Service Provider Support Comparison Checklist

3) Appendix C: Data Center Site Selection Checklist

These checklists will aid you in determining the right vendor for your particular solution. I encourage you to take full advantage of this prior to making any decisions in your vendor selection process.

7


4

Are you searching online because you are hosting a business-critical application but are overwhelmed with the breadth of providers and options out there? Take a moment to think about just how critical these systems are to your company, your brand, your customers, employees and even your personal reputation.

Where Do You Start?

What is at stake?Your critical IT environment could be servicing any combination of your employees, vendors and customers. Selecting the best service provider that you can entrust those relationships with makes a little upfront effort worthwhile. Because, let’s face it—if you select the wrong provider, they are not going to come to your rescue when you need them the most, when there is a problem. Investing the effort up front to select a service provider that matches your organizational needs can mean the difference between success and suffering some pretty negative impacts—from losing customers, experiencing brand damage or even damaging your personal or department’s reputation within your organization.

This evaluation process helps you to make an educated, informed decision and feel more confident in how your relationship will progress over time, and consequently, how your business will perform over time. And when making a substantial investment in an IT partnership, why would you want to be anything less than fully confident?


5

There may not be a more important area to evaluate than this one. Customer service and support is essentially *the* most important aspect

of a service provider relationship, because you need to trust that when you need support, it will be there for you.

It all comes down to trust.

So, ensure that you find out the details about the prospective provider’s customer support model. Do you want to be a big fish in a small pond? Most companies do. If so, you may want to consider a smaller, boutique provider that focuses on expert support; these providers typically go the extra mile.

The sad truth is that some providers, big and small, reduce costs by cutting corners on infrastructure and security. Verify that the solution is built to live up to the type of uptime and security capabilities that you require. The infrastructure should be enterprise-class, brand-name infrastructure designed in a fault-tolerant manner. Multiple Tier One Internet backbones should be used for IP transport from a SSAE 16 certified data center. If you feel more comfortable with a larger provider, it is important that they offer the level of support you will require to hold your trust, over time. Consider questions such as:

Are they someone that will give you immediate support, even though you may not be a large organization?

How much migration support will you receive (e.g., if you’re migrating your environment to the cloud or to a hosted solution)? Can you count on your provider to go the extra mile? Will they stay involved in the process to help you ensure avoid downtime during the migration? Can they provide references or case studies of migrations? The initial installation or migration is typically the most difficult and prone to errors. Be sure to select a service provider that is well regarded for their migration support.

Does your prospective provider have sophisticated support processes for important phases such as implementation and migration? Ask to see them. Boutique providers will walk you through the processes versus just turning your servers over to you.

Will you have 24/7, direct access to engineering-level staff?

Will you have access to the highest levels of management, if needed?

When something goes wrong, will they own the problem through to completion?

Customer Service/SupportEvaluation Criterion

#1


6

As you read this section, keep in mind that you can control your own destiny, more than you think, in your relationship with your IT service

provider. At least, you can if you do your homework - first.

Your organization’s reputation is built on providing a quality product or service. That’s why it is so important that you keep your reputation in mind when determining what your service provider offers with respect to service levels, should an interruption occur. Although SLAs are not going to cover your lost customers, brand damage, or even your personal reputation within your organization, all of these are being trusted to the hands of your service provider.

It is critical that you thoroughly examine your prospective service provider’s services level agreements, or SLAs, before entering into a contract. What the service provider offers with respect to service level agreements may mean the difference between successfully recovering from an unforeseen event, or losing a lot of customers, down the line.

When investigating a potential provider’s SLAs, ensure they have a proactive stance to delivering reliability for your critical applications. Ensure they offer “five-9” (or 99.999%) reliability with respect to servers, network and storage. Make sure they are committed to fixing problems quickly – and what their resolution measures are to ensure the same problem does not repeat itself. You want a provider that can demonstrate and guarantee consistent high performance, not ebb and flows.

Any provider that you pay to support your environment should give you a written SLA (service level agreement) that outlines exactly how problems get resolved and in what time frame. I would also request that they reveal what their average resolution time has been with current clients over the last 3-6 months.

Also, the experience and certifications of your support staff matter. Ensure your support staff has substantial experience architecting, migrating and managing complex environments and applications. Ask what certifications they have, and find out about their ongoing training programs. Ensure that the provider truly invests in their people, so you benefit from those investments by receiving world-class, customer-centered support.

Service Level AgreementsEvaluation Criterion

#2


7

If you cannot access your application because the Servers are down or due to some other problem, you can’t be waiting around for hours for someone to call you back OR (more importantly) start working on resolving the issue. Make sure you get this in writing; often cheaper or less experienced providers won’t have this or will try and convince you it’s not important or that they can’t offer those types of SLAs. Don’t buy that excuse! They are in the business of providing IT support so they should have some guarantees or standards around this that they can share with you. To sum it up, your chosen provider should have defined SLAs and a full customer lifecycle methodology in place that includes 24/7 customer support, a proven implementation and service delivery model, and expert resources that are experienced and technically certified to assist customers with nearly any IT issue.

I can’t emphasize enough the importance of the “gut-check” when it comes to service level agreements -- what does your gut tell you about your potential provider? Do you have confidence in the outcome of your potential provider’s SLAs? Do they offer you com plete reassurance that they will be there for you and come through for you in the most dire circumstance?

Lastly, and most importantly, ask if they have a customer satisfaction guarantee—if they offer you money back if you’re not satisfied with any aspect of your performance. Some even offer a 100% customer satisfaction guarantee – if you are not satisfied for any reason in the first 30, 60 or 90 days, you can get your money back.

Once you have a compilation of SLAs from a service provider, take a step back and just evaluate the SLAs in totality to determine whether or not you think that, as a whole, this provider really stands behind the services they are providing. Does the collection of SLAs provide confidence in their ability deliver, or are they carving out every little “gotcha” so that very little is actually guaranteed in the SLAs? This is a subjective item in our decision matrix, but I encourage you to ask, is this the provider I want to walk hand-in-hand with during some type of IT event? Are they going to be there for me, or are they going to leave me to resolve the issue, myself?

Find out the details; comb through exactly what level of performance they are committed to in the areas that are important to you, what resolution/notification measures they follow, and what satisfaction guarantee they may offer. By doing your homework and documenting what they offer, it can help you make your choice now, and later it can help you focus simply on running your business, instead of troubleshooting IT problems.

To sum up, make sure the provider does what they’re supposed to do: manage the everyday tactical activities associated with ensuring the uptime of your critical applications. And make sure they back up their promises.

24/7 customer support


8

Many companies struggle with the “in-house versus outsource” decision. It’s comparable to any other “do-it-yourself” decision that you’ve

encountered in your life….for example, you may have decided at some point or another that replacing the bathroom sink, yourself, is cheaper than hiring a plumber. After sinking a significant time investment into doing it yourself, you find a small leak in the pipe. In the end, you end up hiring a professional and spending twice as much as you would have if you had just hired it out in the first place.

We’ve all been there before. It is a parallel situation in IT, only the one discovering the “leak” is a potential customer, or even a hacker, and they don’t bring it to your attention. You lose the business or lose your sensitive data—all because you attempted to keep a critical business function in-house, thinking you were saving money.

By selecting a hosted data center over your in-house solution, what benefits do you realize? Typically, companies that leverage the experience and expert support of an IT services provider can experience:

Faster Performance – Service providers typically offer solutions that are designed on enterprise-class technologies that offer scalability. These enterprise-grade technologies are often too expensive to afford as independent infrastructure for one client, whereas a service provider can spread those costs across multiple clients. The benefit to you is better performance, and a solution that can grow with your business.

Compliant Solutions – As we discuss in the next section, service providers offer solutions that can meet a wide range of customer compliance requirements, in the areas of SSAE-16, HIPAA, PCI, SOX, and more. You might have internal compliance requirements, but if you are thinking, my corporation does not fall under any compliance or regulatory requirements; you’re being short-sighted. It’s your Customers that will ask you about these areas of compliance, and they will make their buying decisions based on who meets their compliance requirements objectives. Whether it’s your internal regulatory requirements or requirements derived from your customers, Compliance, needs to be part of your selection process. In most cases, a lack of focus on compliance will result in lost revenue.

Improved Reliability – Experienced service providers offer Service Level Agreements on uptime and reliability, among other things. Their infrastructure is also built for fault

IT Service Provider vs. In-House Solution

Evaluation Criterion

#3


9

tolerance in order to host their customers’ mission-critical applications. Reliability represents your brand to your customers. When your critical applications are unavailable, your customers perceive your company and your brand as unreliable. The same goes for your personal reputation within the company. Whether fair or not, your personal reputation is being staked on this decision as well, do you really have the resources and in-house data center environment to provide application availability to your customers?

Enhanced Focus – Service providers eliminate the mundane tactical IT functions associated with managing your IT infrastructure and enable focus on creating strategic advantages for your business. Increasing the amount of time that you spend on improving your products and services, increasing revenue and acquiring new customers is invaluable. The fundamental question is, does it really add to your core business to spend time managing mundane and tactical processes like backups or applying security patches?

Disaster Recovery Capabilities – Expert providers typically offer customers the capability to recover from a data-impacting event, through full data backup solutions, restoration and disaster recovery solutions. Are you absolutely certain that you could reproduce 100% of your critical customer data if experienced a data loss? Providers should be able to offer you a number of robust solutions to ensure data recovery.

Obviously, you will need to consider the factors most important to your organization when making this complex decision. However, in general, most executives find that outsourcing provides much more certainty about their capability to deliver to their customers and enables them to focus on their own strategic initiatives, while eliminating the headaches associated with managing IT environments internally.

ComplianceEvaluation Criterion

#4 In today’s commercial landscape, compliance touches almost every entity; it’s no longer limited to just public companies, financial institutions or

healthcare providers. Even if your business is not subject to compliance or regulatory authorities, many of your current and future customers will request

compliance and certifications of your data center and IT environment. A capable IT service provider will offer solutions to meet compliance requirements, such as SSAE-16, HIPAA, HITECH, and more.

For example, for healthcare providers, to protect your electronic health information from data breaches and intrusions on patient privacy, you need the expert support of a highly experienced and knowledgeable IT hosting partner who can provide the critical services you need to safeguard your critical personal health information (PHI) and personally identifiable information (PII) and offer the capabilities you need for peace of mind.


10

Most other organizations need to ensure overall general compliance from a data center perspective, which is where the Statement on Standards for Attestation Engagement No. 16, or SSAE-16, comes into play. True compliance typically requires SSAE-16 data centers. The term “SSAE 16” (Statements on Standards for Attestation Engagements No. 16) is the next generation of AICPA standards for reporting on controls at service organizations (including data centers) in the United States. It defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization. Service organizations such as hosted data centers, insurance claims processors, and credit processing companies provide outsourcing services that affect the operation of the contracting enterprise. SSAE 16 replaced and improved the SAS 70 certification by requiring the auditor to obtain a written assertion from management regarding the design and operating effectiveness of the controls being reviewed.

Before you make the mistake of thinking compliance doesn’t apply to you, think about your customers. Your customers are most often the ones that will insist on your environment hosted in a SSAE 16 certified data center, and you do not want to be the one to have to explain to the CEO, VP of Sales or anyone else why you lost a large customer opportunity due to the lack of data center compliance. Additionally, SSAE 16 audits provide a peace of mind that your critical IT assets are operating in a data center that adheres to best practice standards and processes in the industry. Do not settle for anything less.

In addition, many companies need to ensure that their services provider can help protect their business and help prevent breaches of highly sensitive data through a comprehensive suite of Managed Security Services, including Intrusion Detection and Log Review Services, as well as keep an archive of their data via Data Backup Services.

When it comes to ensuring compliance, you can’t afford to take a risk. Securing the right IT partner—one who is knowledgeable about compliance and understands how to successfully achieve it—can quite literally mean the difference between maintaining a successful business position and losing your industry reputation and bottom line. A solid, comprehensive, and secure IT hosting solution developed by knowledgeable experts can help you obtain and maintain compliance.

Find out what compliance solutions your provider offers that are necessary for your business. Find out if their solutions were developed with these compliance requirements in mind and can support them into the future. Next, understand their process; for example, a compliance-focused provider will have a methodology for helping you achieve your compliance goals, such as:1. Working with you to first understand your requirements


11

2. Helping your organization to build and implement a fully secure and compliant solution for your critical environment

3. Once implemented, taking over the management of your IT solution and developing a regular status check cadence with you to monitor compliance over time

4. Providing documentation and reporting with respect to compliance and delivering this documentation/reporting to you on a regular basis

Lastly, ensure that in addition to compliance standards, the prospective provider has strong physical security policies in place for its data centers that have been developed with an operational focus and quick resolution in mind.

In short, your optimal vendor will take responsibility for the development and the security and risk controls around your IT solution – so you can worry less about compliance, and more about growing your business.

Data Center Location and Capabilities


#5 The location of your data center can be a critical evaluation factor. If proximity is important to you, perhaps narrow your search to include only

locally operated environments with data centers that you can tour whenever you’d like.

You may be interested in receiving a boutique level of service, rather than being “just another customer” in a “name-brand” data center, but you also want the advantages that come with being in that large-brand data center. This may not seem important at first glance, but consider your customer’s perception of you when you review your data center location with them during a future sales cycle. The ability to tell your customers that you are hosted in a big, brand name data center with a high degree of boutique-level support is very powerful. The two desires don’t really mix that well, unless you find a provider that can offer both. Review all the options, but keep in mind that some larger providers may have a great storefront, but become enormously bureaucratic when providing support. Smaller providers can offer much more robust performance than you may think upon a little more investigation.

There are advantages to a local solution, where you can get to and touch your servers if you want or need to, at any time. Additionally, as part of the sales cycle, you will be able to provide a data center tour for your customers or prospects to show off and differentiate your infrastructure you’re your competition. Examine what the factors are that are most important to you, rank them, and base your data center provider search accordingly.

Secondly, take a close look at the data center capabilities that your prospective provider offers:


12

Does the data center support complete redundancy throughout their infrastructure, from the switch gear, to firewalls, to servers, to the data center itself? Downtime costs your company revenue, customers and brand. Personally, downtime could cost you your job. Tour the data center, request the SSAE 16 audit (discussed earlier), review the infrastructure design to ensure there is complete redundancy designed into your solution.

Are you able to access the data center 24/7 if ever required to do so (for maintenance or in a disaster scenario)?

Does the provider have enterprise-class infrastructure that customers can leverage? And brand-name equipment designed and configured in a fault-tolerant manner?

Review the hosting solution in detail with your prospective provider, and take a tour of the facility to become familiar with its redundancy, network, environmentals, power structure, fire detection/suppression systems, cooling systems, building security/staff, emergency procedures, and staffing. With ample evidence in enough categories, in addition to the local aspect and superior operational support capabilities, you will know when you’ve found the right facility for you.

Solutions/TechnologiesEvaluation Criterion

#6When looking at a prospective service provider, it is important to determine if they offer a range of solutions that support colocation, managed hosting,

cloud environments, and a combination thereof. Even if your needs are more basic now (e.g., purely colo), in time, you may want to move to more of a managed service solution, or even migrate to the cloud. You want a provider that has the capability to grow and evolve with your requirements over time.

What specific solutions do you look for? I would recommend a provider that can provide:

Are you able to access the data center 24/7 if ever required to do so (for maintenance or in a disaster scenario)?

Cloud Services - Cloud providers deliver a computing platform, typically including operating system, database, and web server. Customers can run their IT environments on a cloud platform without the cost and complexity of buying and managing the underlying


13

hardware and software layers. The underlying computer and storage resources are built in a fault-tolerant manner to avoid any unplanned downtime in the event of a hardware failure. The services can scale easily to match application demand to avoid provisioning new equipment to meet increased demand. Cloud services should be offered as both private (dedicated to one customer) or shared (multi-tenant).

Managed Dedicated Servers – An experienced provider will work with you to customize a dedicated server architecture that delivers the fast performance and uptime your business requires, along with co-management or full-management options for the environment. In delivering these services, the prospective provider should offer: v Enterprise-class, brand-name infrastructurev Redundancy with respect to firewalls, Internet

connection, and powerv Dedicated VLANs and IP ranges to segregate

your environment from the environments of other customersv At least nightly backups with frequently tested restorations to ensure your data

restorabilityv Regular vulnerability scansv Industry-leading SLAs 24/7/365 monitoring to prevent problems from turning into downtime, lost data, and

other issues, and24/7/365 engineering-level support

Support for Legacy Line of Business Applications –these services enables easy transformation of older, legacy applications that are critical to the business, but rather difficult to maintain. An example is an application that uses a client-server architecture design. These legacy applications are distributed across the users’ desktops which makes it very difficult to support (patches, version upgrades, troubleshooting, etc. need to occur on the client’s machine rather than at a centralized server). These legacy applications can be transformed so that both the client and the server version are running centrally, resulting in centralized control. End Users will be able to connect to the applications via any device from any location, as access to these legacy applications will be gained via a web browser.

Colocation Services – The provider should offer high-performance, state-of-the-art colocation facilities in which you can physically house your company-owned critical infrastructure. The colocation facilities should offer high-security, including cameras/security staff/badge systems, redundant fire detection and suppression, a reliable network with multiple connection feeds, filtered power, backup power generators, and redundant cooling systems to ensure high-availability which is mandatory for virtually all


14

businesses. These services should be backed by 24/7 expert support at the engineering level. The facility should be examined annually for SSAE 16 compliance.

You want to ensure that your prospective provider provides state-of-the-art services that run on enterprise-class technologies. Ask about the technologies they use for their cloud services, for their firewalls and storage, etc. It’s just not worth cutting corners here to save a few dollars, remember, we have already established exactly what is at stake earlier in the report – It’s Not Worth It. Compare their service offering breadth and depth with your requirements, and other providers, to measure their applicability to your needs as well as their ability to deliver as compared to their competitors.

If you’re not a large company it’s important to determine if the provider specializes in delivering high quality services to small- and medium-sized businesses. Keep in mind that being a small fish in a big pond will not serve you well in the long run as you will likely need to rely on the customer service of your IT provider at some critical moment in the future. If you’re small or midsize organization, you will want evidence that your provider supports customers of your size with the same level of attention and care that is paid to larger customers.


#7Cost

Last, but certainly not least, is the factor of cost. When evaluating costs of

prospective providers, there are a few key questions to keep in mind, such as: do you feel you are being proposed a good price for a true, redundant, enterprise-class solution? A high quality solution will cost a little more, but it shouldn’t break the bank. You want to ensure that you get as close as you can to the “sweet spot,” where the value you perceive the solution and support to have is high, but the price you are offered is lower than what you would expect to pay for such a solution. In short—you need to determine if your solution is one that leverages brand-name infrastructure, brand-name hardware, and engineer-level support, yet is offered at a fair price. Because more often than not, if you feel you are being charged too much for a solution that doesn’t justify the cost, you likely are.

Consider the other benefits of your solution package as well—ensure your solution offers you maximum value in terms of service level agreements, full migration support expert customer support offered as part of the standard contracted services, and fast/quick escalation to management on a 24/7 basis, should the need arise. All of the intangibles such as personal attention, the “above and beyond” factor with respect to customer support, and trust, go a long way to helping you achieve the maximum value from your solution and your IT services provider.


15

A Final Word…

I hope you have found this guide helpful in shedding some light on how to evaluate prospective service providers. As I stated in the opening of this report, my purpose in providing this information was to help you make an informed decision and avoid getting burned by the many incompetent firms offering these services.

In the Appendix, you will find free service provider checklists, to help you evaluate prospective service providers more easily. This is, of course, provided for free with no obligations and no expectations on our part. Our reputation for running an honest and trustworthy business is something we hold very dear. We are simply offering these items to people we haven’t had the pleasure of doing business with. Our goal is to allow you to make an informed and confident decision; offering this information is one way we can help you do that. You should utilize at least the Service Provider Support Comparison checklist and the Enterprise Cloud Provider Checklists for your decision, and add the data center selection checklist if you are looking for a colocation solution.

Thank you for the opportunity to share this information with you. Wishing you best of luck on your search, and please let me know if there is anything we can ever do to help.

Mark ScullyGeneral Manager, Enterprise Hosting678.917.9019 [email protected]

As a prospective customer, we would like to offer you these FREE checklists to use when evaluating your various service provider options—included immediately below. You will want to utilize the checklist that applies to your desired solution. If you need information on multiple solutions, you are welcome to consider each of these checklists.

1) Appendix A: Enterprise Cloud Provider Checklist

2) Appendix B: Service Provider Support Comparison Checklist

3) Appendix C: Data Center Site Selection Checklist

FREE Evaluation Checklists

mailto:[email protected]


16

ITCS Case Study

ITCS Principal Bill Flanagan was beginning to hear the “buzz” about the benefits of cloud solutions. However, he had a few doubts. Bill knew dedicated environments, as he had been managing them for 25 years. With cloud, he didn’t really know what to expect – specifically, he had concerns around how data management worked within a cloud environment.

When Enterprise Hosting CEO Mark Scully offered Bill a 30-day beta period to try cloud services, Bill decided to accept the offer and conduct load testing of the solution before

making a decision. The stats that came back as a result of the testing were astounding. Bill knew then that cloud was not only as good as everyone said it was, but better.

“After I was able to test my cloud solution and got back those kinds of results, it confirmed for me that cloud is as good as everyone said it was. I bounced ideas off of my peers, and everything lined up— the results were icing on the cake,” said Bill.

By utilizing Enterprise Hosting’s cloud platform, ITCS was able to:

¥ Increase the speed of its reporting by 16%

¥ Increase the speed of its database inserts (writes to the database) by 34%

¥ Increase the database exports by 58%

¥ Enhance end-user website usability by 36%

¥ Increase efficiency of navigation on the ITCS website by 36%

After a seamless move to Enterprise Hosting’s cloud solution, ITCS was pleased that it could now improve its performance, business, and operations – and achieve a more satisfied client base.

“Customers conceptually understand cloud and its benefits— even at the user level. For me, the load testing was the decision maker . Once that occurred, we knew that moving to this solution was what we wanted to do,” Flanagan said.

Enterprise Hosting ¥ http://www.enterprisehostinginc.com 18678.317.9019 ¥ 1055 Spring St NW ¥ Atlanta, GA 30309

“The stats that came back as a result of the testing were astounding.”

Our Customers Can Attest....


17

“I got the feeling that with a couple of the other companies, I would be ‘out on a raft,’ somewhat – doing everything myself,” said Flanagan. “Enterprise Hosting provides a higher level of service. They understand my challenges and work hard to help me solve them.”

Another advantage for Enterprise Hosting, according to Bill, was the company’s leader, Mark Scully.

“I am very performance-sensitive – I have to feel that our organization is high-performing in everything it does, from customer service to the best possible price for our services,” Flanagan said. “I feel that Mark understands that and matches my level of performance with a similar level of performance from his company. Enterprise Hosting services me well, so I can then service my customers well. They charge me fairly, which allows me to charge my customers fairly.”

~ Bill Flanagan, Founder

NetUniform Case Study

Customer Challenge: Ensuring a Successful Transition from Previous Provider

Netuniform was with its former service provider, AppSite, for several years before Enterprise Hosting acquired AppSite in 2011. Netuniform has a dedicated server that it uses to support its online uniform business – and because it was just one server, it was critical that the transition to Enterprise Hosting be performed seamlessly.

“We transitioned over to the new server in May, 2011 – ahead of the deadline,” said Mindi Katz, owner of Netuniform. “We had no issues whatsoever in the transition – Enterprise Hosting took care of everything that we needed and it went very, very smoothly. The company’s CEO, Mark Scully, personally reached out to me a number of times to make sure everything was going ok – he made sure that there would be no data loss in the transition by personally going out of his way to check on everything for us. I was particularly grateful for that.”

Enterprise Hosting’s Performance, Low Cost and Personal Attention = Success

Mindi started up the uniform business in the late 1990s and has been running it online ever since. Because the company offers a wide selection of uniforms from leading manufacturers on its website, it is imperative that the company’s hosting solution achieves the highest levels of uptime and performance possible.

“We have an affordable rate and feel that we’ve received excellent value for our IT spend.”


18

“We’ve been very pleased with our IT spend at Enterprise Hosting. We have an affordable rate and feel that we’ve received excellent value for our IT spend,” Mindi said.

By utilizing Enterprise Hosting’s managed IT hosting solutions, Netuniform was able to:

¥ Achieve a seamless transition to Enterprise Hosting from its previous provider

¥ Increase its level of performance

¥ Obtain a good value for its IT spend

¥ Receive personalized attention that provides a high level of comfort and peace of mind

Added Mindi, “My impression is that our experience is common to many customers of Enterprise Hosting – if you have somebody that you know you can call that is familiar with your environment, it’s very comforting because the server is such a critical part of our online business. Having the security that the person who is responding to you actually knows you and your environment – that is a wonderful feature.”

~ Mindi Katz, CEO

Clarity Case Study

“Enterprise Hosting's Capabilities and Knowledge Resulted in Astonishing Service.”

Enterprise Hosting has provided managed hosting IT services to Chattanooga, Tennessee-based Clarity since 2009. However, one of the major things that Enterprise Hosting did for Clarity was in the very beginning -- to help the company with its newly developed product that used Asterisk-based technology. (Asterisk is an open-source PBX system – the most popular open source telephone

system in the world.) Clarity needed to know how to get its product up and running, and Mark Scully, Enterprise Hosting General Manager, knew just the partner to put them in touch with.

"It was an extremely fortunate string of events – just like dominos," said Doug. "As soon as we started talking to Mark Scully, everything immediately fell into place. Now that we look back on it, we are astonished at how quickly we were able to go from a circuit board prototype into a piece of software inside an open-sourced PBX. We meet up with Mark, everything works together, and a couple of years later, our Asterisk PBX application is an award winner."

~ Doug Kilgore, Systems Engineer


19

Mark Scully graduated from the University of Wisconsin – Eau Claire in 1995 with a Bachelor’s degree in Management Information Systems. After college, he pursued computer programming positions at Rayovac Corporation, Aurum Corporation and Inflow, Inc.

Mark was introduced to the hosting industry in 1998 during his tenure at Inflow Mark held various roles at Inflow (Director of IT, General Manager of New Markets, and Regional General Manager). His tenure there began before Inflow had its first data center, and lasted until the company and its 13 data centers were acquired by SunGard Availability Services in 2005. Inflow grew revenues to over $50 million while Mark was with the company.

Mark is the founder of Enterprise Hosting and has served as General Manager of the company since 2005. Enterprise Hosting was founded on the principle of delivering the highest degree of customer service to customers looking for hosted IT solutions. Enterprise Hosting’s customer service engine is made up of key operational procedures and automation systems that work together to ensure a consistent implementation, configuration and service delivery approach for new and existing customers.

In his spare time, Mark is an avid mountain and road biker. He enjoys spending time on outdoor activities, including running, boating and adventure racing.

Customer Service Philosophy

“Over the course of my career, I have seen many service providers that traditionally had served small- and medium-sized enterprises acquired by larger telecommunications or IT outsourcing organizations. While watching this firsthand, I realized that such acquisitions typically result in a deterioration of service for the customer. The larger, acquiring companies often provided slower response times, simply due to the sheer size of their organizations. Subsequently, the customer experience would suffer. When some of these customers began approaching me, seeking a better solution, I started Enterprise Hosting. I decided that the foundation of Enterprise Hosting would be to serve small- and medium-sized businesses with critical IT applications, and we would serve them with a commitment to customer service excellence. Customer satisfaction would be the driver of our service model, while providing solutions at a reasonable cost to our customers.

Today, Enterprise Hosting service has 200+ clients hosting mission-critical applications with us. When asked, customers primarily cite our consistent uptime track record along with our boutique level of service as our company’s greatest assets.”

- Mark Scully, General Manager

About The Author


20

Service Provider Support Comparison Chart

21 Questions You MUST Ask Before Hiring Anyone to Host Your Critical Business Application

Company A ________

Company B ________

Company C _______

Do they offer a 100% Customer Satisfaction Guarantee with your Money Back?Do they offer at least 99.999% Uptime SLA with the track record to back it up?

Are the data centers SSAE 16 Certified?

Do they offer (new) ways to improve your application and server performance?Do they provide detailed invoices explaining what you are paying for? Do they offer a range of solutions, Colocation, Managed Hosting and Cloud environments?Do they offer full migration support from your existing environment?Do they insist on monitoring your network 24-7-365 to PREVENT problems from turning into downtime, lost data & other issues?Do they conduct monthly vulnerability scans to proactively warn you of potential security and vulnerability exposures?Will you have access to executives, or are you just a small fish in a big pond and cannot escalate when it’s desperately needed?Do you get access to Tier 3 engineers to resolve problems, rather than the normal escalation process through the ranks of helpdesk employees? Do they have complete redundancy throughout their environment (switch gear, firewalls, servers, datacenter, etc.)?

Do they insist on monitoring onsite AND offsite backups?

Do they insist on doing periodic test restores of your backups?

Do they offer HIPAA, SOX & PCI compliance solutions with Intrusion Detection and Intrusion Prevention Services?Are you able to access the data center 24x7 if ever required to do so (disaster or maintenance)?Are they a local operated environment, can you tour the local data center?Do their technicians maintain certifications & participate in ongoing training?Do they offer disaster recovery options and protection for your critical data?When something goes wrong, do they own the problem through to completion?

Your Choice…

Appendix A


21

Enterprise Cloud Profider Checklist

Appendix B

Customer Service and Support

Direct Access to Dedicated Team of Tier 3 Engineers

Long Track Record of architecting, Migrating and Managing Complex Environments and Applications

Achieves Passing Grade (all Checked Boxes) on Service Provider Checklist (See Website for Document)

Provide Full Migration Support From Existing Environment

Service Level Agreements

99.999% SLA with Provent Track Record of Attainment

100% Customer Satisfaction SLA - Money Back Guarantee

Overall Gut Feel and Confidence that they Deliver at or Above their stated SLAs

Security and Compliance

Private Cloud Offering: Dedicated Cloud Servers and Storage Operating in Segregated Environment with Secure Connections

Public Cloud Offering - Secure Architecture with Segregate Networks, Storage and Server Resources to Ensure Security and Compliance

SSAE 16 Audited Data Center, Can Support HIPAA and PCI Compliance

Enterprise Branded Firewalls with Custom Security Configuration

Monthly Vulnerability Scans

Intrusion Detection Services & Log Review to Achieve Compliance

Data Center Facility Location and Capabilities

Passing Grade on Data Center Colocation Checklist Document (see our website)

Global Network of Data Centers for Region-Specific DR Plans

At Least an N+1 Design for Power, HVAC, Water (Cooling), UPSs, Fiber Optic Connections

Multi-Homed Internet Offering Using BGP to Ensure High Performance

Solutions / Technologies

Enterprise Branded Infrastructure (No Cutting Corners with White Label Devices)

Vmware vCloud powered for easy integration with on-premise systems

Multiple image deployment templates

Disaster Recovery Options with automated rolling 14 day backups

Data Replication options to geographically diverse data centers

Costs

Fixed Monthly Fees rather than Variable Usage Fees & Surprise Invoices

Good Value - The Cheapest Solution is Cheap for a Reason, but Verify You are Not Paying a Premium Because of Large Corporate Overhead - Rates Should be Fair Market


22

Introduction: How to Use This Tool

Use this checklist to get a better understanding of how secure the new facility is, whether it’s in an existing building or under construction. This checklist will allow IT to document and capture anything that is non-compliant and/or needing remediation.

Fill in Table 1 with the sites details on location, ownership, and size.

To use Table 2, check off the appropriate columns for each item as they are assessed. Columns are recorded using the following:

• N/A – Not applicable

• Yes – the site fully conforms.

• PAR – Partial conformity. NOTE: If a partial conformity exists, an explanation describing the partial conformity along with planned actions to remediate should be entered in the comments field.

• No – Does not conform. NOTE: If a non-conformity exists describe the non-conformity and if any action to remediate is planned. Also, note where no remediation is possible.

Table 1. Site Details

Site Address:Location Type:(i.e. Urban, Suburban, Industrial complex)Is it in an existing building or a new building?Floor numberLeased or owned?Floor space (square feet):

Table 2. Data Center Security and Access Control Checklist

Site Selection

Item #

Item N/A YES PAR NO Comments

1Is the site in an area that is low risk from environmental threats such as:

1.1 a) Aircraft traffic?1.2 b) Earthquakes?

Appendix C


23

Item #


1.3 c) Flood?1.4 d) Hurricane or tornado?1.5 e) Heavy ice or snow?1.6 f) Nearby hazardous industry?

2Are there secure (underground) electric and communications utility service entries?

3Is computer room(s) supplied by separate power feed?

4Does the building layout present the ability to limit or restrict physical access to the data center?

5Are multiple-grid commercial power services available?

6

Are there data/voice communications nearby and are they capable of supporting requirements?

7Is there nearby public transportation available?

8 Is there adequate parking available?

9Is the parking area equipped with barriers or landscaping to segregate vehicles from the external walls?

10Is the labor market adequate to support requirements?

11Does the external profile of the building conceal the existence of a data center facility?

12Are the external walls of the facility constructed to prevent unauthorized access?

13Do ground floor windows exist in the facility?

14Is the loading dock access at truck bed height?


24

Item #


15Are there ramps for the loading dock?

16Is loading dock and staging area secure and segregated from sensitive areas?

17Are there local ordinance restricting truck/delivery traffic?

18Is the parking area equipment with barriers or landscaping to segregate vehicles from the external walls?

19Can elevators, ramps, doors, and other passageways accommodate large equipment?

20Is the stand-by generator physically isolated and secured?

21Is special floor loading required for UPS, generators, cooling or other heavy equipment?

22Is the UPS (batteries) located in a separate, secured and ventilated area?

23Is there secure, building code compliant fuel storage for generators?

24No external windows in computer room(s)?

25If there are external windows, are they shatter-proof and secure?

26Are equipment staging areas secure, conditioned and physically separated from computer room(s)?

27Is the flooring surface able to withstand freight handling equipment without damage?

28Does adequate hot water supply exist for humidifiers servicing the data center?


25

Item #


29Are equipment staging areas secure, conditioned and physically separated from computer room(s)?

30

Is external cooling equipment (chillers, pumps, towers) able to be secured and made accessible only by authorized personnel?

31

Is there evidence of frequent or extended power outages to the facility? If evidence of outages exists describe frequency and durations.

32

Does power to the facility appear clean? Visual evidence of light flicker, or the existence of motors and other industrial equipment on the site.

33Can the electrical utility’s performance data be reviewed (i.e. interruptions)?

34Does the site have power metering and monitoring solutions?

35Is the facility protected from transient ground faults and lighting?

36

Is external cooling equipment (chillers, pumps, towers) able to be secured and made accessible only by authorized personnel?

37Does the site have temperature and humidity metering and monitoring solutions?

38Does the facility utilize a conduit to protect data communications?

39 Is there room for expansion?


26

Building Security

Item #


40Has the landlord or the enterprise made use of security guards?

41Are security personnel trained to handle bomb threats?

42Are background checks performed on all new employees or contractors?

43Is the security perimeter clearly marked and defined (inside the facility and outside)?

44Are all external perimeter fire doors alarmed?

45Are all external perimeter fire doors monitored?

46Does the facility use physical entry controls to project secured spaces?

47Do the physical entry controls restrict access to only authorized personnel?

48Is the physical entry control system recording entry and exit for secure areas (date, time)?

49Do all parties accessing the facility (employees, contractors, visitors, etc.) wear visible identification?

“selecting a hosting provider – 7 criteria that must...

Documents