Tips for negotiating vendor maintenance contracts, by David Geer

Contact me at david@geercom.com, via this form or at 440-964-9832 (Fax:440-964-2172).

Data Center Management magazine

Tips for Negotiating Vendor Maintenance Contracts

By David Geer

A malleable and ever-changing vendor maintenance contract is a good thing, as long as you're the one making the changes. These contracts can put you in a bind if you don't know to what you are agreeing. Assume nothing. Rather, address certain contract concerns and follow steps to negotiate the best agreement for your data center.

Roles and Responsibilities: Security and Access

According to Bill Maurer, vice president and research director, IT services and sourcing, Gartner, Inc., Stamford, CT, the contract needs to cover the roles and responsibilities of the data center and the vendor in a way that is specific and clear. What those roles are will depend on what your data center's requirements are for each situation and set of issues.

Two primary concerns addressed here are physical and network security and access. The data center needs to provide the vendor with physical access to the facilities to do its job. The data center is usually responsible for the security of the facilities even with this access, according to Maurer. The data center would, for example, be responsible for the integrity of any spare parts the vendor owns and stores on the premises, "unless they are in a locked room owned by the provider," suggests Maurer.

Security and access need to be addressed from a network perspective as well. The vendor will probably want to dial in to the network to service it remotely, according to Dan Huberty, director of solutions management, Unisys North America data center operations, Blue Bell, PA. Your general counsel and whoever serves the function of security counsel will want to certify that the vendor has the right credentials and certifications for accessing the network securely, explains Huberty.

To do this, you may want to independently audit the vendor for security levels and practices, he adds. And, if they are going to put their own gear within our facility for maintenance, "that gear is audited to make sure it matches the security policies that are in place," stresses Huberty.

Roles and responsibilities also help you clarify and meet expectations. According to Vince Troisi, senior systems engineer at the National Snow and Ice Data Center (NSIDC) in Boulder, you need to ask yourself certain questions:

• If a device fails, how long can you be without it?

• What's the impact going to be to the data center?

• What is your risk tolerance?

Your answers will help you determine proper roles to mitigate these mishaps. "That's one of the things I look at with many of the vendor contracts we have now," shares Troisi.

As part of expectations and mitigation, a warranty should cover you from the start. "What we're doing more these days is purchasing the warranty right up front so that it's part of the purchase agreement. With open systems architectures, you are seeing more and more of the vendors providing that as an opportunity," continues Troisi. (For a definition of open systems architectures see http://www.webopedia.com/TERM/O/open_architecture.html).

Service Level Agreements (SLAs)

The warranty should also speak to specified levels of service. "In the case of our servers, it's a four-hour response, onsite replacement," states Troisi, who weighs the level of service he is getting against what he would get if he went to another vendor. "I look at: What is the proximity of the support? Is there someone local who can come in if we really have a serious problem and address our needs immediately?"

Service levels for software aren't usually an issue for Troisi's team, except when the needs of the data center move in a different direction than the vendor is willing to go.

That can become a problem because you have to integrate your vendor's software with your infrastructure, which is subject to growth and change. "How flexible is their support going to be as we change to add on new and different technology?" inquires Troisi.

Here's an anecdotal example:

Last year, the NSIDC installed a Virtual Tape Library (VTL). While their tape library vendor would support real tape libraries, they would not support VTLs.

"They used specific commands that assumed a real tape device. We wanted them to circumvent some of those commands, remove them from their interface to the VTL emulator," informs Troisi. Though Troisi's team was certain they would see performance gains, the vendor wasn't going to spend the money to do this for only one customer. It wasn't in that business, nor was it moving in that direction.

The SLA should cover trouble ticket escalation and closure as well. When a problem isn't resolved within the time specified in the agreement, it should be escalated to a preset level, person or department. "If it's not closed in 30 days, there is a penalty," explains Huberty. That should be in the SLA.

When measuring the Quality of Service (QoS) you are receiving, Troisi recommends looking at the big picture: "We don't keep metrics. [At contract renewal time], I go to my team and say, 'It's time to renew. Did we get good service this year?'" Your team's responses can weigh heavily on your decision whether to renew the contract.

The Contract Period

The period of the contract should be three to five years with the understanding that you will be constantly looking at ways to reduce the cost of maintenance, recommends Huberty. If, for example, you just bought more software from a vendor, you have become a bigger customer to them, and you will want to get your overall maintenance fees reduced.

"What I see go wrong is that people make a purchase; they put a maintenance contract on it, and they forget about it for three years. They make another purchase from that vendor and get another maintenance contract," explains Huberty. The solution: a master service contract, which your procurement office should be using to continually renegotiate maintenance service fees.

Finally, make sure you have outs in the contract so you can terminate at any time. You have to look at it from the perspective of why you would want to terminate. "Termination for non-performance?" concludes Maurer.

Read the Fine Print

You may get cost estimates easily enough, but you have to check every inch of the contract for clarity so you know what you are getting.

Here's a case in point: Two years ago, the NSIDC entered into an agreement with a company that monitors the health and safety of their data storage equipment. The got-ya happened when the data center's IT team needed security updates to the onsite controller interface used for the monitoring. "It's not really specified [in the contract] who has responsibility for that," claims Troisi.

During a two-week period, Troisi and his people would rather have taken care of the security updates themselves so that the interface was up-to-date with other data center technologies. At the time, NSIDC had been experiencing denial-of-service attacks on that piece of equipment, and they wanted it patched as soon as possible. However, the provider owned the interface.

"We had to pack it up and ship it out to them," explains Troisi. The NSIDC was without storage monitoring for quite some time because they didn't realize where the absence of a clear statement of responsibility for maintenance would lead.

Go Bargain Hunting

You need "an effective discount" built into the contract, suggests Huberty. Those are hard dollars that impact your bottom line.

In fact, according to Troisi, one of the few reasons to switch vendors is because you are not getting the service and maintenance discounts you have earned over time.

If you have become a bigger customer to that vendor as you have grown your data center, you have earned those discounts; someone else is sure to provide them if your current vendor will not.

Sidebar

Steps to a Good Vendor Maintenance Contract

Step 1 – Start with the vendor's contract.

The vendor should have a good contract available, since this is their business. Start with that, then add and subtract what you need. What doesn't work, according to Dan Huberty, director of solutions management, Unisys North America data center operations, Blue Bell, PA, is when the data center manager says to the vendor, “Here, I will give you our legal contract and you fit everything into that.” “That turns into a very long and laborious process,” he states.

Step 2 – Let your procurement office take the lead.

"The one thing I have learned through my years is that, if you are going to do maintenance negotiations, you let procurement lead," shares Huberty. While you need to support the efforts of procurement, you should take full advantage of their finely tuned negotiating skills. You may end up getting more than you could have bargained for on your own, according to Huberty.

When Huberty works with his procurement team, he lets them know what needs maintenance, what the elements of maintenance are, and what other companies are getting in the way of a good baseline of service, based on best practices. He recommends that they start there. If they can get anything extra in that contract, that's even better—that's what they're there for.

Step 3 – Make sure your legal department is involved.

Work with legal. Legal is your contract interpreter and your assurance of the meaning of contract language. They are the "insurers," too, add Vince Troisi, senior systems engineer at the National Snow and Ice Data Center (NSIDC) in Boulder. "I don't want to be legally bound with any of these contracts because the contract really is with the University of Colorado [which is parent to the NSIDC]," says Troisi.

Step 4 – Evaluate new technologies and incumbent maintenance contracts simultaneously.

According to Troisi, you should evaluate the technology and everything that comes with it at the same time, including the maintenance contract. "It's a package," he says, and one you eventually have to accept or reject overall.

Sidebar 2

Things to be Aware of When Using Open Source Software

1. Open-source software can help you avoid a major contract hassle: the inability to get something customized to your needs.

"I've never had a problem with a vendor, except when I want something customizable. That's why we're moving away from custom technologies and more into open source. The maintenance and the service agreements become pretty vanilla across the board [for open-source technologies]," comments Vince Troisi, senior systems engineer, the National Snow and Ice Data Center (NSIDC), Boulder.

2. Be prepared to maintain it yourself (if you can afford to).

Troisi likes to keep his people trained on vendor technologies. "We feel we can probably do a lot of the troubleshooting and problem resolution if we have sufficient training," explains Troisi. However, cost is a factor. Troisi looks at the cost of the training compared to the value it adds and the cost already incurred by the maintenance contract.

3. Who should support the technology: the original equipment manufacturer (OEM) or a third party?

When weighing whether to contract the OEM (or the value-added reseller (VAR)) vs. a third party, realize that third parties don't own the technology; they simply purchase the license, informs Troisi. "Their support folks are not as well versed in the technology as you would find going to the original engineering group."