Reliability of the Cloud Computing Environments

slicedmitesSecurity

Feb 16, 2014 (7 years and 10 months ago)

382 views

Reliability

of the

Cloud Computing Environments

P.Vidhyalakshmi





Dr. Vikas Kumar

Research scholar, JJT University,




Asia
-
Pacific Institute of Management

Jhunjhunu
-

,333001,
Rajasthan



Jasola, New Delhi
-
110025

vidhyapartha@yahoo.com







prof.vikaskumar@gmail.com


Abstract


The
number of cloud service
providers as well as cloud users is

increasing day by
day with the maturity of this technology.
Cloud Computing offers plenty of
advantages

to the customers, but there are a number of inherent risks as well.
S
ecurity

breach
,
N
on availability of data
,

D
enial of service
s
by

the

providers

and
improper billing are more prominent among these
. The elastic and flexible nature
of the cloud will attra
ct many SME (Small and Medium Enterprise) as they would
like to have the IT advantages with less investment.

However, the inherent risks
are putting
-
up a big barrier to the out

scale proliferation of this technology.

The
whole set of services are managed b
y the cloud providers

and hence the users
have a very limited control with them
.
Due to which, a

mind block in migration
to cloud still persists among entrepreneurs
with
the fear of data security, cloud
service unavailability

and reliability of the cloud
infrastructure and services for
the business operations

The un
-
reliable service can not only make financial losses
to a company, but can
also affect the whole business process of a company. Thus,
reliability is the most important concern, while making a sh
ift from the traditional
computing environment. The present work
r discusses the basic concept of cloud
reliability

and major factors behind the reliable cloud services. T
he reliability
matrix

has also been discussed
to evaluate
the credentials of
cloud
se
r
v
ice
provider. Some of the standards used in the information security and auditing
standards

have also been discussed from the reliability perspective.



Keywords

Cloud Reliability, Cloud Security, Downtime,

Cloud Control Matrix (CCM)

1.

Introduction

Cloud
computing can

be defined as a pool of
virtualized
computing resources that
allow users to gain access to applications and data

in a web
-
based environment on
demand. The National Institute of Standards and Technology defines cloud
computing as a model for e
nabling convenient, on
-
demand network access to a
shared pool of configurable computing resources (e
.
g
.

networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider
interaction
.
[6]

The cloud
architecture can be broadly classified into
IaaS

(Infrastructure as a Service), a
foundation of cloud services that provides client with access to computing
resources,
PaaS

(Platform as a Service) which provides operating system a
nd
platform for the users to develop and use software applications,
SaaS

(
Software as
a Service) that provides users with integrated access to software applications.
These are also referred to as service models (IaaS,PaaS and SaaS).

The deployment method
refers to the way in which these services can be utilized
by the user. They are
private
,
public

and
hybrid

cloud. Private cloud is the one
that is owned by a company itself, mostly used by big organizations where the
whole cloud setup has to be managed and

used by a single organization and is at
least risk. A group of companies can build their own member
-
only cloud called
community cloud. The public clouds are the one that are run by Microsoft,
Amazon, IBM and Google where anyone can place the data, use the

resources or
use the platform. These are high
-
risk clouds because of multi
-
tenancy model
followed t
o serve large number of people.[4]
On the other hand, a group of
companies can build their own members
-
only cloud , which is called as a hybrid
cloud.
[10]

S
ome of the top cloud service providers have been depicted in Fig.1.




Fig.
1

List of Top Cloud Service Providers


Some of the potential risk factors are data security, reliability, down time, loss of
control on data, cost and time
to migrate to cloud, maturity of cloud market, lack
of industry standard, resistance by IT managers and staff, integration with the
existing system and service level agreements and guarantees.
[9]

Of all these
reliability needs attention as attaining reliab
ility will automatically solve many of
the risks mentioned above and will also bring success to providers.

2.

Cloud Reliability

In general terms, the reliability of a product is defined as the “probability of the
product to work up

to the satisfaction of the

user, over a given period of time. It
also denotes the trustworthiness or dependability of the product. Reliab
i
lity is
highly user
-
oriented and also depends on how the product is used by a particular
user. If a person uses only, one particular part of the

program without any errors,
then none of the errors will be exposed and the perceived reliability of the
software will be high in that particular context. However if the situation is
reversed, then the perceived reliability will be very low. Due to this u
ser
-
centric
approach, it becomes difficult to quantify the reliability in absolute terms. The
situation becomes more critical due to the non
-
tangible nature of the software
products.
[8]

Reliability of the Cloud computing platforms is very much critical for

the
outsta
n
ding proliferation of this technology. A reliable cloud is of great
importance in SaaS model of cloud as the whole business operation will be
dependent on cloud.
[1]
In this model, the software is provisioned as a service and
the whole applicat
ion is owned, managed and operated by service providers. Any
problem in this model of cloud operations like down time, hacking etc. will have a
huge impact on the business processes and activities. The level of cloud reliability
expected also varies with c
loud development models. The different activities
involved in IT services of an organization are listed below in fig 1., which gives
comparison between on
-
premise operations, IaaS, PaaS and SaaS. In the figure
the activities marked in green are carried out

by the Cloud Service Providers
(CSP). In other word these activities are in complete control of CSPs. The IT
services hosted on premises are in complete control of the user.
[1]

It is evident
from the figure that the reliability expectations of IaaS are le
ss when compared to
SaaS.










Cloud computing is an emerging technology
offering plenty of
advantages
, still
there are a number of concerns associated with its acceptance to a large user base.

The advantage is that rather than installing software or packages or security
patches for each computer, users would have to load only one application.
[1]

This
would allow users to log on to a web
-
based service which in turn will host all the
programs nee
ded by the user. The vendors who provide these facilities to the user
in pay
-
as
-
per
-
use model are also called as service providers. The remote servers
owned by the service providers will run everything from e
-
mail to word
processing to complex data analysi
s program. This is called as cloud computing,
an important utility which would change the way individuals and company
operates. Reliability and security are the key features that need to be duly and
Applications

Data

Run Time

Middleware

OS

Virtualization

Storage

Server

Networking

Applications

Data

Run Time

Middleware

OS

Virtualization

Storage

Server

Networking

Applications

Data

Run Time

Middleware

OS

Virtualization

Storage

Server

Networking

Applications

Data

Run Time

Middleware

OS

Storage

Server

Networking

Virtualization

On Premise
s

IaaS

PaaS

SaaS

Fig.
2

Comparison between on premise computing, IaaS, PaaS and SaaS

timely assessed in order to manage the new model of distr
ibuted computing called
the Cloud. Cloud reliability analysis and modeling are not easy tasks because of
the complexity and large scale of the system.

The recent

outage

of Microsoft’s Azure Cloud Platform
-
as
-
a
-
Service (PaaS) has
reopened a persistent question about the reliability of Cloud services. Microsoft’s
most recent service disruption is just the latest evidence that Cloud alter
natives
are not immune to problems.
[13]

The overall uptime record of all the major Cloud
service providers is far greater than most enterprise data centers.

The leading
Cloud vendors are generally better at keeping their customers informed about the
status

of their services than in
-
house IT departments have been.

But, no service
provider can achieve 100% uptime. Therefore, it is important for IT and corporate
decision
-
makers to fully understand the potential pitfalls and put in place a series
of back
-
up and

recovery capabilities to minimize the short
-
term and long
-
term
impact on their business.

[13]

The vulnerabilities associated with relying on a third
-
party for an important
business function are obvious. But, the remedy isn’t avoiding the opportunity to
ta
ke advantage of a potentially valuable service entirely. Instead, it is to put in
place the right contingency plans to anticipate and mitigate the risks.

Mid
-
size
businesses face a tough challenge because they generally lack the in
-
house skills
to assess t
hese risks and develop an effective plan to address them.
[13]

They
should turn to service providers who can openly discuss these issues and learn
about the pieces they’ve put in place to support their customers in the event of a
problem.

3.

Factors
Govern
i
ng the
Cloud Reliability

For the cloud services whether it is IaaS or PaaS or SaaS
, the reliability is defined
based on the services provided by the cloud. The cloud users are not concerned
with the resources but are concerned with the services they are using.
The
reliability of the cloud computing is very critical but hard to analyze d
ue to its
characteristics of massive
-
scale service sharing, wide
-
area network,
heterogeneous

s
oftware / hardware components and complicated interactions
among them. Hence, the reliability models for pure software/hardware or
conventional networks cannot be

simply applied to study the cloud reliability.

[12]

This paper defines the cloud reliability based on the below given factors. The
factors are:

1.

A
vailability

2.

Backup Storage

3.

Monitoring

4.

Security

5.

Failure Time

3
.1.1 Availability of
S
ervices

IT managers speak
about the reliability in terms of nines. If it is two nines (i.e)
99% reliable system may have 3.65 days of downtime in a year (
(
100%
-

99%) *
365 = 3.65) This down time can be planned or unplanned, but from the
customer’s point of view, it is mere service

unavailability
.
Planned downtime is
usually the result of having to do some sort of software maintenance or release
process, which is usually outside the domain of the cloud vendor, unless that
vendor also offers IT operations services.


Other sources of
planned downtime are
upgrades or scheduled equipment repairs.


Most cloud vendors have some
planned downtime, but because their business is based on providing high uptime,
scheduled downtimes are kept to a minimum.

[11]

Unplanned downtime is where cloud vendors have the most to offer, and also the
most to lo
o
se.


Recent large outages at Amazon and Google have shown that even
the largest cloud vendors can still have glitches that take considerable time to
repair and give p
otential cloud customers a scare
.

On the other hand, cloud
vendors have the experienced staff and proven processes that should produce
overall hardware and network reliability that meets or exceeds that of the average
corporate data center.


However, despi
te claims of reliability, few cloud vendors
have tight SLAs (
S
ervice
L
evel
A
greements) that promise controlled downtime or
offer rebates for excess downtime.


Amazon
and Window Azure guarantees 99.9
% uptime per month during a billing cycle, Google App Eng
ine, Rackspace and
go Grid guarantees 100% uptime.
[10]

AppLogic
-
based clouds, provided by
companies such as ENKI, are capable of offering better guarantees of uptime
because of its inherent self
-
healing capabilities that c
an enable 3
-
4 nines of
uptime.

[11
]

However, any cloud computing system, even those based on
AppLogic or similar technologies can experience unplanned downtime for a
variety of reasons, including the common culprit of human error.


I
t is possible to
produce a cloud computing
with less unpl
anned downtime, but

the costs would be
so high that few would buy it when they compared the price to the average clo
ud
offering.

The cloud reliability has to be designed in such a way that the users should be
given an option to choose their reliability lev
els according to their budget as it is
obvious that higher cloud reliability comes with a cost. As mentioned above nines
are used in reliability to mention the efficiency level of reliability. 99% reliable
systems have 3.65 days /year of down time, three n
ines (i.e) 99.9% reliable
systems have 0.365 days/ year means 8.7 hrs/year of down time. For four nines
99.99% reliable systems have 52.56 min/year of down time and for five nines (i.e)
99.999% reliable systems the down time is 5.256 min/year of down time.

[11]

Each addition of nine in cloud reliability would double the cost as this is achieved
with the help of better backup storage. The other way out is to design a system
architecture that handles the failovers during cloud outages. These can be
implemented in a
ny cloud technology with an extra design and configuration
effort and should be tested rigorously.


Failover solutions are generally less
expensive to implement in the Cloud because of the on
-
demand or pay
-
as
-
you go
nature of cloud services
.

3
.1.2 Backup
Storage

A good backup strategy is an important aspect to be considered for cloud
reliability. Reliable storage comes as a package from the vendors and will be
mentioned specifically in the Service Level Agreement (SLA). The highly reliable
storage offering by the
vendors may tempt the customers to skip data backup.
But
data loss and the resulting unplanned downtime can result not just from failures in
the cloud platform, but also software bugs, human error, or malfeasance such as
hacking.

The advantages of cloud so
lutions is that there is usually an inexpensive
and large storage facility coupled with the cloud computing offering which gives
a convenient place to store
data

backups.

Backing up data from one cloud vendor
to another provides
an

extra measure of securit
y.

[11]
If cloud vendor
s

ha
ve

a
backup offering, usually they
would
have found a way to make backup affordable
even if
the
application consists of many compute instances.

Cloud users who are
using critical data centric applications would find those provide
rs reliable if they
offer extra backup storage feature. Amazon provides automatic backup of data but
does not maintain back up of inactive data beyond certain number of days. Google
Apps and Azure does not take the responsibility of data backup. It is sole
ly on the
user’s responsibility. Sales Force.com guarantees double backup storage facility
of data. The backup storage is mirrored across different storage cabinets. They
also have a good disaster recovery plans.

[10][14]

3.1.3

Monitoring

It becomes

very hard to

react to unplanned downtime
,

if
the user is not aware that
the
system is down.


It

is

also hard to avoid unplanned
downtime,

if
the user is not
aware of the memory space shortage or about data corruption.
A remote
monitoring service can scan
the
servers i
n the cloud on a regular basis for faults,
application problems, or even measure the performance of
the
application (like
how long it takes to buy a widget in
a

web store) and report to
the user
if anything
is out of the ordinary.


The
monitoring service
should be
hosted in a separate data
center and under a different software environment than
the
primary cloud hosting
service.

Incident service reports given by the leading cloud providers keeps the
customers info
rmed about the service updates.[11]
Amazon p
ublishes the incident
report in its service health dashboard, Google provides this information on
subscription and Azure notifies the user about this report through e
-
mail.

[10]

3
.1.4 Security

This is an important and never ending process in any environmen
t. In cloud this
needs more attention as the whole working is based on Internet, which is having
security as a pertinent issue. Using cloud services means moving the customers’
data and applications out of the company security premises thus increases
compa
ny’s overall security risks.
[11]

Multi
-
tenancy and virtualization add up
threats from the co
-
tenants. The current isolation facility within cloud i.e.
virtualization is weak and can be easily attacked.
[2]

The service providers must
assure the customers that their data and applications are really secured and the
risks are mitigated to t
he customer’s acceptable level. [3]

There are various international standards
existing that
cover

the security area.
Obtain
ing ISO/IEC 2700
5, NIST
-
FISMA
, or SSAE 16
certification
, or achieving
PCI DSS or HIPAA compliance, can help
the service providers
to improve
end
users

trustworthiness in their cloud platforms’ security.
[7]

However, these
standards are still far from coveri
ng the full complexity of the cloud computing
model
. ISO/IEC 27005 specifies the guidelines for information security risk
management, NIST
-
FISMA (National Institute of Standards and Technology


Federal Information Security Management Act) governs the in
formation security
policy and SSAE 16 (Statements on Standards for Attestation Engagement)
r
eport
s

on
c
ontrols at a
s
ervice
o
rganization
.

[7][6]

This also eliminates the
auditing of the service providers by multiple end users.

One of the greatest challenges that the electronic transactions industry faces today
is the issue of security requirements under various rules and regulations. For most
people in the industry, the issue is focused on the specifics of the Payment Card
Indus
try Data Security Standard (PCI DSS), but the issue may be much broader
than that. Many other security sets are currently operative and they interface with
the merchant population that the industry serves. Federal legislation with security
requirements
als
o
include
s

HIPAA (the Hospital Insurance Portability and
Accountability Act)
.
[7]

The cloud provider should have compliance with any one
of these to compete in the market and win the trustworthiness of the end users.

3.1.5
Failure time

The failure time in
the cloud services affects the probability to provide successful
services, which will in turn affect the reliability of cloud. The failure time could
be classified as request stage failure and execution stage failure. The former
occurs before the job reque
st is assigned to the computing / data resources and the
later occurs after the job request has been successfully assigned and during the
execution of the sub task.
[12]

Google and widows Azure offer service credit for
outages. If the service level falls be
low the guaranteed level then 10% to 25%
discount will be given to the customers in their monthly bill.

[10]


4

Reliability Matrix

A reliability matrix proposed can be used by the end users to evaluate the reliable
vendor for them. A
lmost all main cloud
service providers (CSPs) are ISO
27001:2005 certified, at minimum.

The providers have to be evaluated based on
the factors of reliability. CSA (Cloud Security Alliance) is a member
-
driven
organization chartered with promoting the use of best practices for
providing
security alliance within cloud computing environment.
It provides security
guidelines for the providers and evaluation guidelines for end users.

T
hey also
provide toolkits to access the
private and public cloud against the industry

e
stablished

se
curity rules.
[4]
Cloud Control Matrix (CCM), a part of toolkit is a
set of security controls created by CSA, which will help the consumers to assess
the risks associated with the cloud service provider. CCM is aligned with different
areas as such as data
center operations, application security, access management,
ISO 2700
5
, different industry standards and regulations that an enterprise should
follow.
[5]

The different
versions of Cloud Control Matrix have come up with the first
version 1.1 having 96
control
areas under which cloud
services
ha
ve

to be
analyzed
.
T
his
lists the security controls mapped to the
different
industry
standards
such as COBIT, HIPAA/HITECH, ISO/IEC 27001
-
2005, FedRAMP,
PCI DSS v2.0 and
BITS Shared Assessments AUP v5.0/SIG v6.0
.
[4]

The latest
updated version is
1.3. The
table

given below shows the major control area
with

the
detailed specification
taken from cloud control matrix v1.3
to be studied for
reliability of the cloud.

Th
e given control areas are
applicable
for all cloud service
delivery models such as IaaS, PaaS and SaaS.

[5]

The level of dependency of the
user on Cloud providers varies with the model but even then reliability of cloud is
a must to ensure that their dependency is trustworthy.


Control Area

S
pecification

Operations
management &
Service
Availability

The availability, quality and capacity
of
resources sh
ould

be
planned

and
prepared to deliver the required system
performance in accordance with
contract

and business
requirements. Projections of future capacity requirements
sh
ould also

be made to mitigate the risk of system overload.

Policy to maintain equipments should also be included to
maintain continuity of services

and availability of
operations
.

En
terprise risk management frame work should be
developed and maintained to manage outages and security
breaches.

Assessment of risk and likely hood of impact
should be done periodically
and should be communicated to
the users.

Updations

to the security policy, procedures and standards
should be incorporated according to the changes in needs
and technology.

Data Governance

and security

Data and objects containing data can be categorized based
on their type, value, sensitivity and critic
ality to the
organization.
Strong security mechanism
should b
e
implemented to prevent data leakage.
This must also ensure
storage and retention. The redundancy mechanism for data
has to be studied and periodic testing of backup recovery
should be conducted. This must also include mechanisms
for the secure disposal of unwanted data. Assurance must be
give
n that the deleted data cannot be retrieved by any
computer forensic means.

Physical Security

&

Information
Security

This deals with setting policy and procedure for ensuring
secure working environment, giving physical access to
authenticated users and
support personnel, providing
physical security parameters like guards, gate and electric
surveillance, monitoring entry of unauthorized users, etc. A
complete inventory of intellectual asset should be
maintained along with ownership definition and has to b
e
documented.

An Information Security Management Program (ISMP) has
been developed, documented, approved, and implemented
by CCM
that includes administrative, technical, and
physical safeguards to protect assets and data from loss,
misuse, unauthorized a
ccess, disclosure, alteration, and
destruction.

Compliance with security baseline requirements
Control Area

S
pecification

must be reassessed at least annually or upon significant
changes

to ensure effective continuity and accuracy
.

Baseline security requirements sh
ould

be establishe
d and
applied to the design and implementation of (developed or
purchased) applications, databases, systems, and network
infrastructure and information processing that comply with
policies, standards and applicable regulatory requirements.

A
ppropriate awar
eness training and regular updates in
organizational procedures, process and policies, relating to
their function relative to the organization

should be given to
all related employees.


Encryption

Policies and procedures sh
ould

be established and
implemented for encrypting sensitive data in storage (e.g.,
file servers, databases, and end
-
user workstations) and data
in transmission (e.g., system interfaces, over public
networks, and electronic messaging).

Effective key
management

should be provided for the data in storage and
also in transit.


Incident

management
and
reporting

Any updation in the software or vulnerability should be
reported to the users immediately.
Information security
activities should be reported in timely manner and through
predefined communication channels.
Mechanisms sh
ould

be
put in place to monitor and quantify the types, volumes, and
costs of information security incidents.

E
-
commerce
activit
ies should be protected
from
fraudulent activities,
unauthorized disclosure
or modification.

A clear documentation of infrastructure
capacity, security
levels and
business or customer requirements should be
made prior to the start of the business process.

Restriction if any for remote access by the user through
mobiles or PDA should be clearly mentioned as these may
possess higher risk than desktop access.

Resiliency

Policies defining business continuity, d
isaster prevention
and recovery techniques should
be clearly documented
. The
plan should be done to minimize the impact of the risk
which may be the result of natural disaster, equipment
failure

(outages)
, accidents or

deliberate human actions.

Impact analysis on critical data, maximum tolerable period
Control Area

S
pecification

of

disruption and time required to resumption of services
(uptime) must be clearly given.

Business continuity plan must be kept in place fr
o
m the user
side for lessening the impact of outages.

Telecommunication devices, cabling should be protected
from unauthorized access to prevent intrusions and periodic
maintenance record must be followed. Power resource
alternatives should be planned
and documented
ahead to
avoid
disruption of service during

outages.

Compliance Audit

This covers the audit plan, activities and actions for the data
security, access and data boundary limitation. Independent
reviews and assessment has to be performed periodically to
ensure the provider is operating in compliant

with the
policies drafted. Internal/ external audits, vulnerability and
penetration testing should also be done to ensure data
security.
The services used by the cloud users such as d
ata,
objects, applications, infrastructure and hardware
should

be
assign
ed legislative domain and jurisdiction to facilitate
proper compliance points of contact

in case of failure of
services

by the provider
.

Th
e audit plan

also covers the above mentioned
control
areas

to be audited periodically

and documented.


Table
1

: A Reliability Matrix with
C
ontrol Area

5.
Conclusion
s

and

Future Scope

Cloud computing environment must be truly robust and reliable, in order to find
significant applications in the business domain.

T
o
achieve
very good
reliability

in cloud,

traditional approaches of redundancy and observability that have been
used in physical data centers for decades

must be applied
or
the user
have to find
a cloud computing services

provider that can implement the
se aspects for them
.

To

keep up with the competition, the cloud providers try to maintain reliability of
their services to the maximum level. Even then a

standard metric should be
designed for the cloud environment that will be common for all cloud providers
and with different l
evel of user. A more reliable cloud environment will always
comes with a cost and the reliability level will vary depending on the user budget.
Hence the differentiation in user levels is important.

The control areas mentioned
above may be of great help to

the users to assess their providers. But these control
areas should also be assigned with a numbering scale against which the vendors
may be evaluated.
The weightage for a control area has to be fixed depending on
their influence on reliability.
More fact
ors have to be identified and studied to
define reliability of cloud in quantitative method.

References

[1]

C
loud Computing Security in Business
I
nformation Systems”
International Journal
of Network Security & Its Applications (IJNSA), Vol.4, No.2,
March 2012

[2]

Z. Afoulki, A. Bousquet, J. Rouzaud
-
cornabas “
A Security
-
Aware Scheduler
forVirtual Machines on IaaS Clouds

.
RR
-
2011
-
08, http://www.univorleans.

fr/lifo/rapports.php

[3] G. Singh, A. Sharma and M. S. Lehal, (2011) “Security Apprehensions in

Different
Regions of Cloud Captious Grounds”,
International Journal of Network Security & Its
Applications

(IJNSA)
, Vol. 3, No. 4, pp48
-
57.

[4]
http://www.cloudcontrols.org/cloud
-
standard
-
information/standards
-
and
-
regulations/ccm/


[
5
]
Cloud Controls Matrix (CCM): Cloud Security Alliance

cloudsecurityalliance.org

[6]

csrc.nist.gov/groups/SNS/cloud
-
computing

[7]

ISO/IEC 27001:2005, "Information technology
-

Security techniques
-

Information
security management systems
-

Requirements",

http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm

[8]

John D. Musa, “Software Reliability Engineering”
,

S
econd Edition, TATA Mc Graw
-
H
ill Publication

[9]

P.Vidhyalakshmi “Cloud Risk Management”, International Journal of Research in IT
& Management

IJRIM Volume 2, Issue 2 (February 2012) (ISSN 2231
-
4334)

[10]

“Cloud Computing Services


A Comparison” by Torry

Harris

www.thbs.com/
cloud
-
integration.html

[11]

http://www.enki.co/blog/reliability
-
and
-
cloud
-
computing.html

[12]

Yuan
-
Shun Dai, Bo Yang, Jack Dongarra, Gewei Zhang


Cloud Service Reliability:
Modeling and Analysis”

[13]
http://www.aonetwork.com/AOStory/Microsoft
-
Service
-
Outage
-
Raises
-
New
-
Cloud
-
Reliability
-
Concerns

[14]

http://www.salesforce.com/platform/cloud
-
infrastructure/reliability.jsp