Managing Vendor Relationships Choosing a Service Provider

1
Managing Vendor RelationshipsChoosing a Service
Provider

• Presentation for UniSA
• August 2007
• Jim Kellett
• Product Manager
• Internode Systems Pty Ltd
• www.internode.on.net

2
A simple start choose an ISP for your companys
Internet connection.
3
Part One Customer Premises

• Internet Firewall
• May be a proprietary appliance (eg Cisco ASA
  series) proprietary software (eg Checkpoint) or
  GPL software (eg Smoothwall).
• Often incorporates VPN concentrator services
  for remote access (hardware encryption s good).
• Router
• This is only mandatory if the transmission
  service is not presented as Ethernet or if
  transmission redundancy is required.
• Often the firewall is incorporated into the
  router (eg Cisco 877).
• DMZ
• For example the corporate web server and/or email
  server note a DMZ is not always required.
• Only certain traffic types as appropriate to
  the servers in the DMZ - are permitted to travel
  from the Internet to DMZ or from the DMZ to the
  LAN.
• LAN
• Internet access to users often via a proxy
  server for authentication, accounting, surf
  control.
• The firewall will impose strict controls on
  traffic types from the Internet to the LAN in
  general, only outbound connections (from the
  LAN to the Internet) are permitted.

4
Part Two Transmission Service

• Permanent Dial
• PSTN (Analogue Modem) - 33 kbps, very cheap, but
  oh so slow!
• ISDN Business 64 or 128 kbps, 300 to 550
  per month . and still too slow.
• ADSL (note typically asymmetric)
• Bandwidths of 256k/64k, 512k/128k, 512k/512k
  (handy for upload), 1.5M/256k 8M/384k widely
  available. These are obtained from wholesaled
  Telstra last mile access and offered by most
  respectable ISPs at over 2,500 exchanges in
  Australia.
• Far more fun - up to 24M/2.5M (dependent on
  distance) with an Internode ADSL Extreme via an
  Agile DSLAM, running ADSL2 Annex M.
• Typically 80 to 250 per month.
• SHDSL (note symmetric good for VPNs, hosting,
  VoIP etc)
• Bandwidths of 1 Mbps, 2, 3 or 4 Mbps symmetrical
  are typical.
• Price range of 500 - 1,000 per month.
• Note also similar bandwidth radio solutions -
  lower prices but subject to contention weather.
• Leased Line
• Generally 2 Mbps symmetrical priced from 1,000
  to 1,500 per month no contention and high
  reliability. But a bit expensive for the
  bandwidth delivered.
• Ethernet
• Bandwidths of 2, 5, 10, 50, 100 1000 Mbps are
  typical priced from 1,000 to 3,000 per month

5
Part Three Internet Service Provider

• Usage Based Charging
• For example, 50 Gbytes included download per
  month for 250 then 0.02 per Mbyte excess.
• Permanent Dial, ADSL SHDSL services are usually
  bundled price includes the transmission link
  and an amount of included usage (mass market
  products).
• Flat Rate Charging
• For example, unlimited traffic for 500 per Mbps
  per month, no excesses. This is bandwidth
  (bits/second), not volume (bytes/month).
• Note this is true unlimited for corporate
  usage, not shaped as with residential services.
• Other Charging Elements
• One static IP address is included additional IP
  addresses attract a small annual charge (and
  after a point must be justified to APNIC).
• Not all ISPs support the BGP protocol, which is
  required for multi-homing connecting to more
  than one ISP for redundancy. Check that if you
  need it.

6
Whats Inside That Internode Cloud?

• MultiMbps connections to The Gang of Four
  Telstra, Optus, MCI Connect/AAPT because all
  backbones have bad hair days!
• MultiMbps connections to major peering points
  PIPE, AARNET, SAIX, VIX, WAIX, Pacific, PIPE, etc
  its about universal connectivity.
• Serious International IP with diverse paths to US
  thats where most of the web sites are!
• A private national backbone (155 Mbps STM-1 to
  622 Mbps STM-4) with redundant links via diverse
  carriers high availability even during major
  Internet outages.
• Cisco Powered Network honking great routers!
• Dual (and geographically diverse) PoPs in each
  major city, interconnected by dual path optical
  fibre active/active failover.
• Lots of switches, muxes and servers more than a
  few obscure acronyms.
• Helpful contactable people who understand how
  it all works.
• Big caches and mirrors are also useful features.

7
OurCloud
8
Would You Like Fries With That?

• Is it just an Internet Connection or is it
  really a transmission link to a Service Provider?

9
Web Serving

• Same platform can be used to provide very high
  bandwidth Internet connection to dedicated
  corporate web server located in high
  availability environment.
• Server ay be either managed hardware, or simple
  co-location.
• Note transmission link is now private
  (non-Internet, unmetered)

10
DRP/BCP/Storage

• Same platform now accesses a high security
  environment for off-site data storage and/or
  disaster recovery (business continuity) systems.
  These servers and storage can be dedicated
  hardware, or virtualised (which is usually
  cheaper and more reliable).

11
Wide Area Network

• Same platform can be extended to form private
  network links to remote offices, via Private IP
  Virtual Private Network built on MPLS. This gives
  all offices connectivity, security, business
  continuity, management network performance.

12
IP Originated Voice

• Same platform for IP Telephony gateway to the
  public network for voice cost savings, features
  and/or redundancy.

13
Who Does What?

• Systems Integrators will tend to provide the
  Local Area Network and associated equipment,
  software services (internal plant) - LAN
  cabling switches wireless servers, desktops
  notebooks operating systems applications
  voice PBX phone handsets.
• Network Service Providers (including telcos and
  ISPs) provide the network services (external
  plant) - metropolitan wide area network
  Internet connection web hosting domain name
  services co-location voice communication
  services (ISDN, VoIP, mobiles, calls, call
  collection).
• The grey area devices/services that overlap
  include site routers and firewalls
• Integrators consider them as part of the local
  network directly connected to active parts of
  the local area network.
• Network Service Providers considers these as part
  of the wide area network directly connected to
  active parts of the wide area network.
• Your Systems Integrator/s and Network Service
  Provider/s all need to work together to achieve
  an optimal outcome, so clear demarcation is
  critical.

14
How to Choose?

• Your selection process should reflect the value
  of the service to the business not just the
  cost of the service, consider the value to the
  business of the service.
• Small Medium Business generally use a short,
  quick and cheap process and get the vendors to
  do all the hard work. Most service providers
  employ salesgeeks (sales engineers, technical
  consultants, communications consultants) use
  them, they are free competent (if biased!).
• Enterprise Government often use a more formal
  process, follow due diligence corporate
  governance. Maybe use when gt 500K contract.
  Enjoy the acronyms
• RfI Request for Information - very big bids
  only, who wants to bid
• RfP Request for Proposal (or Price) quite
  common in government
• RfT Request for Tender sometimes follows the
  RfP in very large bids
• RfQ Request for Quotation - price only, eg
  paperclips

15
Small Medium Business -1

• For the best result, prepare some documentation
  for the vendors
• wide area network diagrams
• site addresses (PSTN) phone numbers
• quantify the data sources (servers) and sinks
  (uses)
• list the network traffic (VoIP, thin client, key
  fat applications, http, email, data transfer)
  its relative importance
• mention any plans for future growth across
  network and at specific sites
• consider the merits of disaster recovery/off-site
  backup/centralised internet/web servers (cf
  co-location)
• would you prefer a complete LAN to LAN service,
  or external network only
• is there any legacy equipment requiring
  integration
• what contract terms do you require
• how much flexibility do you require for
  adds/moves/changes (particularly site
  relocations)
• consider any value-adds - such as staff broadband
  plans, etc.

16
Small Medium Business - 2

• Talk to your peers internal external who do
  they use, who do they not use, and why?
• Get three quotes, and dont select on price
  alone. Ask for reference customers.
• Dont ever feel you must have a monolithic
  outsource of all networks services to one company
  usually disastrous as you eliminate competition
  within your ecosystem!
• Consider who responded promptly, understood
  addressed your requirements, suggested
  innovations, had a rational price, can deliver
  and support across the geographic spread of your
  organisation, received good recommendations
  who could you form a relationship with?
• Dont forget trust like people, many businesses
  will find someone they trust, and just trust them.

17
Enterprise Government Part 1 - the Request for
Information (RFI)

• Customer will document and provide to the open
  market
• The rules of engagement during the RFI process
  required submission date
• The business network performance objectives
• Network diagrams, existing applications and
  technologies to be replaced, supported or
  expanded.
• Future plans requirements
• Evaluation criteria
• Be careful not to overspecify the expected
  solution keep the mandatories to a minimum.
  Often the customer will accidentally rule out a
  better networking solution!
• Consider who will write the RFI is there
  sufficient in-house skills or if outsourced - is
  there really such a thing as an independent
  telecommunications consultant these days?
• The vendors will respond with
• Documented response to each every point raised
  in the RfI
• Vendor capability statements
• Service specification other supporting
  documentation
• General pricing

18
Enterprise Government Part 2 - The Request for
Proposal (RfP)

• In a big bid, this would follow the RFI or it
  can be used standalone process. It is used to
  
• Present a refined requirements specification,
  based on what the customer learned in the
  responses to their RFI
• Represent some of your requirements so that all
  potential suppliers can respond in a comparable
  way
• Finalise and obtain clarification on any
  ambiguous details
• Add more detail on SLAs, support, legal
  arrangements for vendors agreement
• Enable the selection of one from a limited number
  of potential suppliers (the second gate)
• Hence an RfP should be used only when the
  customer understands what they want and what is
  available either because they have just
  conducted an RfI on this subject or because they
  have clue.

19
Enterprise Government The RfP Structure

• RfPs can be very large documents, and must
  include
• RfP rules of engagement, customers business
  objectives and overall scope of works
• Terms conditions of contract, timelines for
  delivery, installation and project management
  requirements, performance objectives and service
  level agreements
• Current customer systems, network, applications,
  hardware, services, architecture, etc. and
  requirements for planned future enhancements
• Legal requirements, warranties, payment
  arrangements, training and hand-over requirements
• Request for details of vendors qualifications,
  reference customers, etc.
• Document management and audit trails are
  important.
• You can see that it is not worth the customers
  nor the vendors time to wade through all of this
  for a low value project!

20
Enterprise Government The RfP Response

• The responses received to an RfP can also be very
  large documents sometimes delivered via a sack
  truck and generally contain huge quantities of
  boilerplate bumpf. In amongst this the customer
  should find
• The price performance specification of the
  products services
• The establishment and monthly recurring charges,
  as well as the variable charges
• Warranties, service level agreements rebates
• The customers obligations (typically every site
  router will need a clean weatherproof secure
  environment with 240V AC power and no SLA
  rebate applies if the customer doesnt provide
  this)
• Delivery timelines - sometimes with progress
  payments specified
• Documentation (usually not handed over until
  project completion)
• Reference customers and any other requested
  information
• In general you will get it cheaper of you specify
  a longer contract term, discounts usually start
  for 24 months and up, anything beyond 5 years is
  uncommon.

21
Enterprise Government The RfP Evaluation

• Usually respondents are asked to indicate
  Comply, Partially Comply, Will Comply, or
  Do Not Comply in a formal process. Minimise the
  mandatory compliances.
• Customers will generally base their selection on
  an auditable process using weighting price
  might get a high weighting, call itemisation
  might get a low weighting. You should be able to
  arrive at a numerical result for each bid,
  reflecting the appropriateness of the various
  offered solutions to your specific business.
• Beware of proprietary solutions, when an industry
  or open standard is also available the dreaded
  vendor lock-in. Common exceptions however are
  Microsoft Cisco!
• Vendor support levels are critical 24x7,
  logistics arrangements for remote offices
  (usually outsourced), Service Level Agreements
  (more on that later!), management reporting,
  staff training documentation.
• Do you just want a customer-supplier
  relationship, or a more strategic partnership
  can you stay ahead of your competitors through
  the use of leading-edge network services?

22
The Truth About SLAs

• Service Level Agreements are a blunt tool, rather
  than a panacea
• Packet loss, latency jitter measured from
  where? By whom? Over what period? Applying to
  what Class of Service?
• Availability Percentages does an outage at 300
  am Sunday morning cost your business the same as
  one at 1100 am Monday morning? Does a 500
  rebate really achieve anything?
• Targets versus Guarantees why isnt every
  target 100?
• Specify high availability design if you need high
  availability at specific sites.
• Think of bandwidth - can 0.128 Mbps ISDN really
  protect 24/2.5 Mbps ADSL?
• Think of diverse physical plant - will the
  backhoe take out one copper pair, but not the
  other? Optical/wireless/copper are the options.
• Larger companies use carrier diversity as well
  (but with the same considerations as above).
• Should that business-critical server be in a high
  availability data centre, rather than your
  office?

23
Routers Firewalls

• Back to the demarcation point who manages the
  site router?
• The customer do you have the skills, 24x7
  coverage, hands feet, spares, security patches
• The integrator but beware of finger-pointing
• The service provider and have the network
  managed LAN to LAN.
• Similar thoughts on the Internet firewall, though
  this is increasingly out-sourced to the network
  better topology/availability/bandwidth - and
  hence becomes a service provider responsibility.
  And then consider virtualised hosted servers, etc.

24
Class of Service / Quality of Service

• Its likely youll choose a private IP wide
  area network (unless you dont use IP!) so
  think on Quality of Service (QoS).
• Remember that its differential prioritisation
  not magic bandwidth expander!
• Highest priority routing protocols, then
  Voice-over-IP
• Medium priority thin client (eg Citrix)
  telnet
• Low priority http email
• Scavenger bulk file transfer
• Keep it simple dont over analyse it!

25
Summary

• A companys relationship with its Network
  Service Provider is a long-term (multi-year)
  arrangement of services that are
  business-critical 24x7.
• Since it is quite complex time-consuming to
  change service providers, selecting the right one
  is a very important business decision.
• Cost is only one of many criteria.
• A proven track record, reference customers and
  local support should be part of your decision.
• Its a fast-changing industry, so if you need the
  latest technologies to enable your business
  success, look for innovation.
• Think beyond the bitpipe Network Service
  Providers can become a fundamental part of your
  business continuity strategy IT enablement, and
  their expertise can improve your customer service.