On Tue, 23 Jan 2001, Al Potter wrote:
[And a great time was had by all, so they decided to spread the fun to
all their friends...]
> Greetings:
>
> We're debating what is reasonable for a fortune 500 customer to demand from a
> high-end firewall vendor in terms of support, and have the following questions:
>
Having participated in the internal debate up at the Labs, I'd like to
throw my assumptions out for the general firewall community at large.
I've also spent some time pondering this on the drive home so I can add
some points to my perspective without another long drive :)
[Please note that I'm assuming that the criteria are the lowest common
denominator with room above that for vendors to do better.]
> 1. What is the reasonable minimum for response time on a support contract?
I'd say that 2 hours is a good minimum time. Having carried a pager for
about 11 years total, I know that there are times when 10-20 minutes is
achievable, but if there are other times when cellular batteries have
died, or I've been a distance from a phone and on foot. 2 hours can be a
long time for a critical emergency, but at 3am on a holiday with phone
service out, dashing to the office during an ice storm may be an hour and
a half drive. I think going under an hour is unrealistic, and the lower
down the number goes, the less clue will be at the other end of the phone.
> 2. What are normal parameters for required escalation to a higher level of
> support?
The biggest issues I've seen in the past have been in the "ability for
the customer to escalate" side of things. Some first-line support staff
don't like to escalate if they believe that the customer is wrong, or if
they simply don't understand the problem. Having a defined path and
visibility for it on the vendor side makes all your issues get solved
much, much more quickly.
> 3. Is it reasonable to have an absolute contractual deadline for final issue
> resolution, and if so, what is a reasonable amount of time for this?
Reasonable? Nope. Would it be nice- absolutely. Having had "fixed by
changing the documentation" things happen in the past, I can't imagine a
criteria that would adaquately meet the goals of both vendors and
end-users and have real teeth. Deadlines also tend to produce "quick fix
before the deadline." Including "losing the report and opening another
one" type solutions. #2 should make the entire situation better, and the
more of a ladder there is (the higher up it goes) the better off the
customer is.
> Labs Firewall Certification Criteria. If you have strong feelings, here is
> your chance to let them be known. We may solicit more input on related issues
> in the near future.
Disclaimer: I work for TruSecure Corporation- ICSA Labs is a division of
TruSecure, and I've been involved in the discussions about proposed
criteria. I just wanted to publicly state my perspective as a long-time
firewall user to give people an idea of the discussion from my perspective
so far. Don't forget this is "large-scale" stuff, not intended to be
criteria for a home office network appliance.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
