Service Level Agreement Violations in Cloud Storage: Insurance and Compensation Sustainability

Abstract

Service Level Agreements are employed to set availability commitments in cloud services. When a violation occurs as in an outage, cloud providers may be called to compensate customers for the losses incurred. Such compensation may be so large as to erode cloud providers’ profit margins. Insurance may be used to protect cloud providers against such a danger. In this paper, closed formulas are provided through the expected utility paradigm to set the insurance premium under different outage models and QoS metrics (no. of outages, no. of long outages, and unavailability). When the cloud service is paid through a fixed fee, we also provide the maximum unit compensation that a cloud provider can offer so as to meet constraints on its profit loss. The unit compensation is shown to vary approximately as the inverse square of the service fee.

1. Introduction

Service Level Agreements (SLA) are typically employed by cloud providers to provide guarantees on the quality of their services to end customers [1,2,3,4,5,6]. Those agreements, which form a contract or a contract-like relationship between the parties, state the obligations imposed on the cloud provider, through a set of service quality metrics and constraints to be met.

The compliance of cloud providers with those contractual or contractual-like commitments has to be monitored, and several tools have been proposed in the literature for that purpose [7,8,9] or for acting on the basis of monitoring results to reach for compliance [10]. Any tool has to measure a set of parameters related to the quality of service and compare their values against SLAs’ provisions. The foremost among them is availability [11], defined roughly as the percentage of time that the cloud is available.

As it happens, the obligations underwritten in SLAs may not be fulfilled. In that case, the cloud provider is expected to pay penalties, if the contract so prescribes [12], or anyway to compensate its customers for the loss incurred. If violations take place on a wide scale, penalties and compensations may endanger the economic balance of the cloud provider.

The cloud provider should therefore protect itself against such an occurrence. It can basically act in two ways:

• reduce the risk due to unavailability periods;
• be indemnified against possible losses.

The first countermeasure is technical in nature. Reducing the probability of occurrence and/or the amount of damages calls for investments in the infrastructure and better cloud management processes.

The second countermeasure instead relies on buying an insurance policy, whereby the insurer takes on the risk of paying all claims by customers in return for the premium to be paid by the cloud provider, which acts as the insured. The insurance approach to deal with possible excessive claims by cloud users in the framework of a Service Level Agreement has been proposed in [13]. A major problem lies in the definition of the right premium of an insurance policy. In that paper, the correct premium has been computed for the case where the outage phenomenon is described by a Poisson process for occurrence of outages and by the generalized Pareto distribution for their duration. However, an alternative model has been recently introduced in the literature, based on an extensive measurement campaign on a private cloud [14] belonging to a small/medium company. In that paper, the interarrival time between successive outages is modelled through a Pareto distribution, while the duration of an outage is modelled by a lognormal distribution.

In this paper, we again consider the problem of correctly determining the insurance premium against cloud outages. We adopt the expected utility paradigm as in [13], but we consider the outage model recently proposed in [14] in addition to the exponential-Pareto (a.k.a. Poisson–Pareto) examined in [13]. Both outage models are here examined under three QoS metrics. Our main new results are the following:

• we obtain closed formulas for the insurance premiums for all the combinations of outage model and QoS metric (rather than just for the exponential-Pareto model as in [13];
• we obtain a closed formula to set the unit compensation offered to customers so as to avoid compensations (through the resulting premium) eroding the profit margins;
• we show that the maximum unit compensation is related to the service fee through an approximate inverse square law.

The paper is structured as follows. Section 2 is devoted to describing the two models for outages. The quality of service metrics are instead described in Section 3. The statistics of losses resulting from the models of outages are computed in Section 4. The fair premium is derived in Section 5. Finally, the conditions to make the refund process sustainable are derived in Section 6.

2. Models for Outages

Our analysis relies on the use of models that describe the behaviour of the cloud. Here, we rely on a simple ON-OFF description of the service offered by the cloud, which is well suitable for cloud storage. In the ON-OFF model, the cloud alternates between two states: a fully operating period (a.k.a. uptime or ON period) and a no-service period (a.k.a. downtime or OFF period), as shown in Figure 1. No partial performance degradation is considered in the ON-OFF model. The ON-OFF model can also serve as an approximation to more complex quality degradation processes. For example, a cloud storage provider could still be able to deliver the required files to its customers, but with a longer delivery time, i.e., with a delay with respect to normal operating conditions. In that case, a threshold could be imposed on the delivery time so that delays longer than that threshold are considered as service outages. In this section, we describe two models proposed in the literature for the statistics related to the alternance of ON and OFF states. We employ two variables to describe the duration of the two states: we use S for the duration of the ON period and D for that of the OFF period.

2.1. The Exponential-Pareto Model

The Exponential-Pareto model owes its name to the distributions proposed for the two alternating states of the general ON-OFF model. Namely, we have an exponential distribution for the duration of the ON period. The duration of the OFF period is instead governed by a generalized Pareto distribution (GPD). The cumulative distribution functions are therefore

$$F_S\left(x\right)=\mathbb{P}[S<x]=1-\lambda e^{-\lambda x},$$

(1)

$$F_D\left(x\right)=\mathbb{P}[D<x]=\left\{\begin{array}{cc}1-{(1+\xi x/\beta )}^{-1/\xi },\hfill & \mathrm{if}\xi \ne 0,\hfill \\ 1-e^{-x/\beta },\hfill & \mathrm{if}\xi =0,\hfill \end{array}\right.$$

(2)

where $\beta$ is the scale parameter and $\xi$ is the shape parameter of the GPD.

Since the duration of the ON period is the time elapsing before a new failure occurs, the MTTF (mean-time-to-failure) is simply the reciprocal of the parameter of the exponential distribution

$$\mathrm{MTTF}=\mathbb{E}\left[S\right]=\frac{1}{\lambda }.$$

(3)

Similarly, the duration of the OFF period is the time needed to repair the cloud, so that the MTTR (mean-time-to-repair) is the expected value of D

$$\mathrm{MTTR}=\mathbb{E}\left[D\right]=\frac{\beta }{1-\xi }.$$

(4)

The Exponential-Pareto model has first been proposed in [15] through a best-fit procedure on a dataset of customer-reported outages for five major cloud providers (Google, Amazon, Rackspace, Salesforce, Windows Azure). The sources of data were Cloutage (cloutage.org), founded by the Open Security Foundation in April 2010 but now discontinued, and the International Working Group on Cloud Computing Resiliency (IWGCR, a working group with a mission to monitor and analyze cloud computing resiliency.

This model has been employed in [13] to assess the sustainability of refunds linked to insurance contracts for cloud services, as well as in [16] to assess the contribution of the network to the overall unavailability. The values obtained for the parameters of the two distributions in that case are reported in

Table 1. Parameters in the Exponential-Pareto model.

Provider	Exponential	Pareto
	$1/\mathit{\lambda }$ [Days]	$\mathit{\beta }$	$\mathit{\xi }$
Google	27.53	405.29	0.39
Amazon	85.6	276.43	−0.12
Rackspace	7.78	381.19	0.3
Salesforce	8.56	192.47	−0.64
Windows Azure	36.67	312.32	−0.35

.

2.2. The Pareto-Lognormal Model

As the name suggests, in the Pareto-Lognormal model the distribution of operating periods is modelled as a Pareto law, while the lognormal distribution describes the duration of outages.

The model has been proposed by Dunne and Malone [14], who analysed 300+ cloud outage events recorded for an enterprise cloud system (not better identified, but belonging to a small/medium enterprise) over an eighteen-month period. They tested seven models (Pareto, loglogistic, lognormal, gamma, exponential, logistic, and Weibull) through the Anderson–Darling test. In the end, they found the Pareto-Lognormal couple to be the best-fit solution.

The cumulative distribution function of operating periods is then

$$F_S\left(x\right)=\left\{\begin{array}{cc}1-{\left(\frac{h}{x}\right)}^{\alpha },\hfill & \mathrm{if}x\ge h,\hfill \\ 0,\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

(5)

The distribution of outage duration is instead

$$F_D\left(x\right)=\left\{\begin{array}{cc}\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right),\hfill & \mathrm{if}x\ge 0,\hfill \\ 0,\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

(6)

The reliability indicators (MTTF and MTTR) are related to the parameters of the two distributions by the following formulas:

$$\begin{array}{cc}\hfill \mathrm{MTTF}& =\frac{\alpha }{\alpha -1}h,\hfill \\ \hfill \mathrm{MTTR}& =e^{\mu +\frac{{\sigma }^2}{2}}.\hfill \end{array}$$

(7)

The values found by Dunne and Malone for the parameters of the two distributions are reported in

Table 2. Parameters in the Pareto-Lognormal model.

Provider	Pareto		Lognormal
	$\mathit{h}$	$\mathbf{\alpha }$	$\mathbf{\mu }$	$\mathbf{\sigma }$
SME	1834	4	4.58	1.3

(where the abbreviation SME—Small/Medium Enterprise—stands for the company whose cloud has been monitored during the measurement campaign, but whose name has been undisclosed); they lead to

$$\begin{array}{cc}\hfill \mathrm{MTTF}& =2445\min ,\hfill \\ \hfill \mathrm{MTTR}& =227\min .\hfill \end{array}$$

(8)

3. Quality of Service Metrics

The assessment of damages and the ensuing compensation must be related to a metric that embodies the quality of service underwritten in the SLA. In this section, we provide three different QoS metrics with specific reference to the performance of the cloud. We adopt the same metrics already considered in [17] to derive the correct price for an insurance policy in the case of a Markovian system, and in [18] to assess the Value-at-Risk, again in the case of a Markovian system.

We consider the following metrics:

• Number of outages;
• Number of long outages;
• Unavailability.

The number of outages is computed as the number of no-service intervals during the observation period T. There are a number of technicalities involved in the detection of the actual instants of time when the cloud goes OFF and then goes back ON. We do not go into detail here and refer the reader interested to delve into the matter to [19], where the complexity of measurements is dealt with. An advantage of this metric is that even the smallest service interruptions are accounted for; on the other hand, the severity of outages is not considered.

The number of long outages is simply the number of outages lasting more than a pre-set threshold w. The rationale for this metric is to avoid considering very short interruptions of service (glitches). Such interruptions could add considerably to the number of outages (hence, the first metric) without being significant for the user. This metric is a good choice if an outage must last some time to provoke a real damage to the company; this means that the company relies on some form of short-term resiliency against outages (this happens, e.g., with TCP where failures at the network layer can easily be recovered if they do not extend too much in space and time).

Finally, the unavailability is the percentage of time the service is OFF. According to this metric, a single long outage counts as a set of shorter outages if their cumulative duration is equal. In this case, damages simply accrue over time without any start effect.

4. Loss Statistics

In Section 3, we have introduced three outage-related metrics to describe the quality of the service delivered by the cloud provider. Any outage turns into an economic loss for the customer, which must be accounted for when setting the insurance premium. In this section, we evaluate the loss that a customer may claim under the QoS metric of choice for the two models at hand. In all cases, we assume a proportional relationship between the QoS metric and the claimed loss. The values depend on the statistical models assumed for the outages; we analyse the cases of the Exponential-Pareto model and the Pareto-Lognormal one in two separate subsections.

4.1. The Exponential-Pareto Model

In this section, we derive the loss statistics, as described by the first two moments of the economic loss, for the three QoS metrics defined in Section 3.

Number of Outages

If the number of outages is adopted as the QoS metric, and an an economic loss $k_{\mathrm{f}}$ is claimed for each outage, the overall economic loss $X_{\mathrm{f}}$ is

$$X_{\mathrm{f}}=k_{\mathrm{f}}{N}_{\mathrm{f}},$$

(9)

which is a random variable, since the number N of outages occurring during a fixed amount of time is itself random. Over the observation period of duration T, its expected value and variance are respectively

$$\begin{array}{cc}\hfill \mathbb{E}\left[X_{\mathrm{f}}\right]& =k_{\mathrm{f}}\lambda T,\hfill \\ \hfill \mathbb{V}\left[X_{\mathrm{f}}\right]& =k_{\mathrm{f}}^2\lambda T.\hfill \end{array}$$

(10)

4.2. Number of Long Outages

By long outages, we mean outages whose duration exceeds a given threshold w. If the economic loss $X_{{}_{\mathrm{lf}}}$ for each long outage is $k_{\mathrm{lf}}$, the overall loss is proportional to the number $N_{\mathrm{lf}}$ of long outages:

$$X_{\mathrm{lf}}=k_{\mathrm{lf}}{N}_{\mathrm{lf}}=k_{\mathrm{lf}}\sum _{i=1}^N{\mathrm{I}}_{[D_i>w]},$$

(11)

where ${\mathrm{I}}_{\left[y\right]}$ is the indicator function, which takes the value 1 if the condition y is satisfied, and the value 0, otherwise. The indicator function is actually a random variable with a Bernoulli distribution, with its first two moments given by

$$\begin{array}{cc}\hfill \mathbb{E}\left[{\mathrm{I}}_{[D_i>w]}\right]& =\mathbb{P}\left[{\mathrm{I}}_{[D_i>w]}=1\right]=1-\mathbb{P}[D_i<w]\hfill \\ & =1-\left[1-{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\right]={\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }},\hfill \end{array}$$

(12)

$$\begin{array}{cc}\hfill \mathbb{V}\left[{\mathrm{I}}_{[D_i>w]}\right]& =\mathbb{P}\left[{\mathrm{I}}_{[D_i>w]}=1\right]\left(1-\mathbb{P}\left[{\mathrm{I}}_{[D_i>w]}=1\right]\right)\hfill \\ & ={\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\left[1-{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\right]\hfill \\ & ={\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}-{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{2}{\xi }}.\hfill \end{array}$$

(13)

Since Equation (11) is a random sum of independent Bernoulli variables, we can obtain the probability distribution of the economic loss (which is now a discrete variable whose possible values are multiples of the unit loss per long outage $k_{\mathrm{lf}}$):

$$\begin{array}{cc}\hfill \mathbb{P}[X_{\mathrm{lf}}=j{k}_{\mathrm{lf}}]& =\sum _{n=1}^{\infty }\mathbb{P}\left[\sum _{i=0}^n{\mathrm{I}}_{[D_i>w]}=j|N_T=n\right]\mathbb{P}[N_T=n]\hfill \\ & =\sum _{n=1}^{\infty }\left(\genfrac{}{}{0pt}{}{n}{j}\right){\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{j}{\xi }}\hfill \\ & \times {\left[1-{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\right]}^{n-j}\times \frac{{\left(\lambda T\right)}^n}{n!}{e}^{-\lambda T}.\hfill \end{array}$$

(14)

We can now use Wald’s identities to obtain a closed form expression. We assume that there is only a weak correlation among the number of summands in the sum (11) and each of the summands: the duration of an outage (e.g., its exceeding w) is independent of the number of outages, while the number of outages is very weakly correlated with the outage duration, as long as we consider services with high availability.

By resorting to Wald’s identities (see, e.g., Section 34.14.2.11 of [20] or Section 1.7.3 of [21]), we can therefore compute the mean and the variance of the economic loss

$$\begin{array}{cc}\hfill \mathbb{E}\left[X_{\mathrm{lf}}\right]& =k_{\mathrm{lf}}\mathbb{E}\left[N_T\right]\mathbb{E}\left[{\mathrm{I}}_{[D_i>w]}\right]=k_{\mathrm{lf}}\lambda T{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }},\hfill \\ \hfill \mathbb{V}\left[X_{\mathrm{lf}}\right]& =k_{\mathrm{lf}}^2\left\{{\mathbb{E}}^2\left[{\mathrm{I}}_{[D_i>w]}\right]\mathbb{V}\left[N_T\right]+\mathbb{V}\left[{\mathrm{I}}_{[D_i>w]}\right]\mathbb{E}\left[N_T\right]\right\}\hfill \\ & =k_{\mathrm{lf}}^2{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{2}{\xi }}\lambda T+k_{\mathrm{lf}}^2{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\left[1-{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\right]\lambda T\hfill \\ & =k_{\mathrm{lf}}^2\lambda T{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\left\{{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}+\left[1-{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\right]\right\}\hfill \\ & =k_{\mathrm{lf}}^2\lambda T{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}.\hfill \end{array}$$

(15)

4.3. Unavailability

Now, the economic loss $X_{\mathrm{u}}$ is proportional to the cumulative unavailability time U over the period T, with a loss $k_{\mathrm{u}}$ for each time unit during which the service is unavailable:

$$X_{\mathrm{u}}=k_{\mathrm{u}}U=k_{\mathrm{u}}\sum _{i=1}^N{D}_i,$$

(16)

where $k_{\mathrm{u}}$ is the loss per unit time. The value of $k_{\mathrm{u}}$ depends of course on the actual company’s business. In

Table 3. Unit loss.

Company	Loss per Minute [US$]
EdiActivity	1
GXS	913
Salesforce	7743
eBay	30,536
Southwest Airlines	35,407
Google	113,641
Amazon	141,647

, an estimate of the loss suffered for each minute of service unavailability is reported, as extracted from [22]. Those values can be taken as values for $k_u$ when the durations $D_i$’s are expressed in minutes. As can be seen, those values exhibit an extremely wide dispersion.

We have again a random sum, for which we can apply Wald’s identities, following the same considerations introduced in Section 4.2. The mean economic loss and its variance are respectively

$$\begin{array}{cc}\hfill \mathbb{E}\left[X_{\mathrm{u}}\right]& =k_{\mathrm{u}}\mathbb{E}\left[U\right]=k_{\mathrm{u}}\mathbb{E}\left[D_i\right]\mathbb{E}\left[N_T\right]\hfill \\ & =k_{\mathrm{u}}\frac{\beta }{1-\xi }\lambda T,\hfill \end{array}$$

(17)

$$\begin{array}{cc}\hfill \mathbb{V}\left[X_{\mathrm{u}}\right]& =k_{\mathrm{u}}^2\mathbb{V}\left[U_T\right]=k_{\mathrm{u}}^2\left\{{\mathbb{E}}^2\left[D_i\right]\mathbb{V}\left[N_T\right]+\mathbb{V}\left[D_i\right]\mathbb{E}\left[N_T\right]\right\}\hfill \\ & =k_{\mathrm{u}}^2\left[\frac{{\beta }^2}{{(1-\xi )}^2}\lambda T+\lambda T\frac{{\beta }^2}{{(1-\xi )}^2(1-2\xi )}\right]\hfill \\ & =k_{\mathrm{u}}^2\frac{{\beta }^2}{{(1-\xi )}^2}\lambda T\left(1+\frac{1}{1-2\xi }\right)\hfill \\ & =k_{\mathrm{u}}^2\frac{{\beta }^2}{{(1-\xi )}^2}\lambda T\frac{2-2\xi }{1-2\xi }\hfill \\ & =\frac{2k_{\mathrm{u}}^2{\beta }^2\lambda T}{(1-\xi )(1-2\xi )}.\hfill \end{array}$$

(18)

4.4. The Pareto-Lognormal Model

Similarly to what we have done for the Exponential-Pareto model, in this subsection, we derive the loss statistics for the Pareto-Lognormal model.

4.4.1. Number of Outages

In order to derive the expected value and the variance of the number of outages $N_{\mathrm{f}}$, we first derive its probability distribution.

We describe the behaviour of the cloud during the observation interval T through the two sequence of alternating operating periods and outages:

$$\begin{array}{cc}\hfill \mathcal{S}& =\{S_1,S_2,\dots ,S_i,\dots \},\hfill \\ \hfill \mathcal{D}& =\{D_1,D_2,\dots ,D_i,\dots \},\hfill \end{array}$$

(19)

where all the $S_i$’s are i.i.d.random variables following a Pareto distribution, while the $D_i$’s are i.i.d. random variables following a lognormal distribution. The details of the two distribution are described in Section 2.2.

We start by considering the probability that there are no outages during the observation interval, which is tantamount to saying that the first operating period $S_1$ lasts more than the observation interval:

$$\mathbb{P}[N_{\mathrm{f}}=0]=\mathbb{P}(S_1>T)={\left(\frac{h}{T}\right)}^{\alpha }.$$

(20)

The probability that a single outage takes place over T is instead the probability that there is at least an outage minus the probability that there are at least two outages:

$$\begin{array}{cc}\hfill \mathbb{P}[N_{\mathrm{f}}=1]& =\mathbb{P}[N_{\mathrm{f}}\ge 1]-\mathbb{P}[N_{\mathrm{f}}\ge 2]\hfill \\ & =1-\mathbb{P}(N_{\mathrm{f}}=0)-\mathbb{P}[S_1+D_1+S_2<T].\hfill \end{array}$$

(21)

Similarly, we have

$$\begin{array}{cc}\hfill \mathbb{P}[N_{\mathrm{f}}=2]& =1-\mathbb{P}[N_{\mathrm{f}}=0]-\mathbb{P}(N_{\mathrm{f}}=1)\hfill \\ & -\mathbb{P}[S_1+D_1+S_2+D_2+S_3<T],\hfill \end{array}$$

(22)

so that we can write the general recursive expression

$$\begin{array}{c}\mathbb{P}[N_{\mathrm{f}}=i]=1-\sum _{j=0}^{i-1}\mathbb{P}[N_{\mathrm{f}}=j]-\mathbb{P}\left[\sum _{k=1}^{i+1}{S}_k+\sum _{k=1}^i{D}_k<T\right]\hfill \\ i=1,2,\dots \hfill \end{array}$$

(23)

Unfortunately, Equation (23) involves the distribution of a sum of Pareto and lognormal random variables, for which no simple expression is known. However, since the third term in that equation involves a number of variables, we can define the sequence of variables

$$Z_i=\sum _{k=1}^{i+1}{S}_k+\sum _{k=1}^i{D}_{k}i=1,2,\dots$$

(24)

and invoke the central limit theorem for it, so that we approximate the distribution of each $Z_i$ by a normal distribution with moments

$$\begin{array}{cc}\hfill \mathbb{E}\left[Z_i\right]& =\sum _{k=1}^{i+1}\mathbb{E}\left[S_k\right]+\sum _{k=1}^i\mathbb{E}\left[D_k\right]=(i+1)\mathbb{E}\left[S_1\right]+i\mathbb{E}\left[D_1\right]\hfill \\ & =(i+1)\mathrm{MTTF}+i·\mathrm{MTTR}\hfill \\ & =(i+1)\frac{\alpha }{\alpha -1}h+i·e^{\mu +\frac{{\sigma }^2}{2}},\hfill \end{array}$$

(25)

$$\begin{array}{cc}\hfill \mathbb{V}\left[Z_i\right]& =\sum _{k=1}^{i+1}\mathbb{V}\left[S_k\right]+\sum _{k=1}^i\mathbb{V}\left[D_k\right]=(i+1)\mathbb{V}\left[S_1\right]+i\mathbb{V}\left[D_1\right]\hfill \\ & =(i+1)\frac{\alpha }{{(\alpha -1)}^2(\alpha -2)}{h}^2+i(e^{{\sigma }^2}-1)e^{2\mu +{\sigma }^2},\hfill \end{array}$$

(26)

after recalling Equation (7).

The probability distribution of the number of outages over a period T can therefore be computed through the following general recursive expression, derived from Equation (23) with the starting point given by Equation (20):

$$\mathbb{P}[N_{\mathrm{f}}=i]\simeq 1-\sum _{j=0}^{i-1}\mathbb{P}[N_{\mathrm{f}}=j]-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)i=1,2,\dots$$

(27)

$G(·)$ being the cumulative distribution function of the standard normal variable. Rolling out the recursive expression we get

$$\begin{array}{cc}\hfill \mathbb{P}[N_{\mathrm{f}}=1]& =1-{\left(\frac{h}{T}\right)}^{\alpha }-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_1\right]}{\sqrt{\mathbb{V}\left[Z_1\right]}}\right)\hfill \\ \hfill \mathbb{P}[N_{\mathrm{f}}=2]& =\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_1\right]}{\sqrt{\mathbb{V}\left[Z_1\right]}}\right)-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_2\right]}{\sqrt{\mathbb{V}\left[Z_2\right]}}\right)\hfill \\ \hfill \mathbb{P}[N_{\mathrm{f}}=3]& =\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_2\right]}{\sqrt{\mathbb{V}\left[Z_2\right]}}\right)-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_3\right]}{\sqrt{\mathbb{V}\left[Z_3\right]}}\right)\hfill \\ \hfill \cdots \end{array}$$

(28)

so that we end up with the general expression

$$\begin{array}{c}\mathbb{P}[N_{\mathrm{f}}=i]=\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_{i-1}\right]}{\sqrt{\mathbb{V}\left[Z_{i-1}\right]}}\right)-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\hfill \\ i=2,3,\dots \hfill \end{array}$$

(29)

We can now compute the first two moments of the number of outages over the interval T. The expected value is

$$\begin{array}{cc}\hfill \mathbb{E}\left[N_{\mathrm{f}}\right]& =\sum _{i=0}^{\infty }i\mathbb{P}[N_{\mathrm{f}}=i]\hfill \\ & =1-{\left(\frac{h}{T}\right)}^{\alpha }-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_1\right]}{\sqrt{\mathbb{V}\left[Z_1\right]}}\right)+\sum _{i=2}^{\infty }i\mathbb{P}[N_f=i]\hfill \\ & =1-{\left(\frac{h}{T}\right)}^{\alpha }-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_1\right]}{\sqrt{\mathbb{V}\left[Z_1\right]}}\right)+\hfill \\ & \sum _{i=2}^{\infty }i\left[\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_{i-1}\right]}{\sqrt{\mathbb{V}\left[Z_{i-1}\right]}}\right)-\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ & =1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right),\hfill \end{array}$$

(30)

where $\mathbb{E}\left[Z_i\right]$ and $\mathbb{V}\left[Z_i\right]$ are provided respectively by Equations (25) and (26).

Similarly, the variance is

$$\begin{array}{cc}\hfill \mathbb{V}\left[N_{\mathrm{f}}\right]& {\displaystyle =\sum _{i=0}^{\infty }{(i-\mathbb{E}\left[N_{\mathrm{f}}\right])}^2\mathbb{P}[N_{\mathrm{f}}=i]}\hfill \\ & =\sum _{i=0}^{\infty }{i}^2\mathbb{P}[N_{\mathrm{f}}=i]-2\mathbb{E}\left[N_{\mathrm{f}}\right]\sum _{i=0}^{\infty }i\mathbb{P}[N_{\mathrm{f}}=i]+{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\sum _{i=0}^{\infty }\mathbb{P}[N_{\mathrm{f}}=i]\hfill \\ & =\sum _{i=0}^{\infty }{i}^2\mathbb{P}[N_{\mathrm{f}}=i]-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\hfill \\ & =1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right],\hfill \end{array}$$

(31)

where, again, $\mathbb{E}\left[Z_i\right]$ and $\mathbb{V}\left[Z_i\right]$ are provided respectively by Equations (25) and (26).

It is now fairly straightforward to get the first two moments of the economic loss X:

$$\mathbb{E}\left[X_{\mathrm{f}}\right]=k_{\mathrm{f}}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right],$$

(32)

$$\mathbb{V}\left[X_{\mathrm{f}}\right]=k_{\mathrm{f}}^2\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\right].$$

(33)

4.4.2. Number of Long Outages

For the expected number of long outages, we go back to the general expression in Equation (11). Since the number of outages is a random variable, we can again exploit the product of averages. After recalling Equation (30) for the expected number of outages and the tail of the lognormal distribution, we have

$$\begin{array}{cc}\hfill \mathbb{E}\left[N_{\mathrm{lf}}\right]& =\mathbb{E}\left[N_{\mathrm{f}}\right]\mathbb{E}\left[{\mathbb{I}}_{[D_i>w]}\right]=\mathbb{E}\left[N_{\mathrm{f}}\right]\mathbb{P}(D_i>w)\hfill \\ & =\mathbb{E}\left[N_{\mathrm{f}}\right]\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\hfill \\ & =\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ & \times \left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right].\hfill \end{array}$$

(34)

As to the variance, we adopt the same approach as in Section 4.2:

$$\begin{array}{cc}\hfill \mathbb{V}\left[N_{\mathrm{lf}}\right]& ={\mathbb{E}}^2\left[{\mathbb{I}}_{[D_i>w]}\right]\mathbb{V}ar\left[N_{\mathrm{f}}\right]+\mathbb{V}\left[{\mathbb{I}}_{[D_i>w]}\right]\mathbb{E}\left[N_{\mathrm{f}}\right]\hfill \\ & ={\mathbb{P}}^2(D_i>w)\mathbb{V}\left[N_{\mathrm{f}}\right]+(1-\mathbb{P}(D_i>w))\mathbb{P}(D_i>w)\mathbb{E}\left[N_{\mathrm{f}}\right]\hfill \\ & ={\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]}^2\hfill \\ & \times \left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-\mathbb{E}{\left[N_{\mathrm{f}}\right]}^2\right]\hfill \\ & +\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\left[\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\hfill \\ & \times \left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right].\hfill \end{array}$$

(35)

Again, we can now easily get the expected value and the variance of the economic loss X:

$$\begin{array}{cc}\hfill \mathbb{E}\left[X_{\mathrm{lf}}\right]& =k_{\mathrm{lf}}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right],\hfill \end{array}$$

(36)

$$\begin{array}{cc}\hfill \mathbb{V}\left[X_{\mathrm{lf}}\right]& =k_{\mathrm{lf}}^2{\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]}^2\hfill \\ & \times \left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-\mathbb{E}{\left[N_{\mathrm{f}}\right]}^2\right]\hfill \\ & +k_{\mathrm{lf}}^2\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\left[\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\hfill \\ & \times \left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right].\hfill \end{array}$$

(37)

4.4.3. Unavailability

We adopt the same approach as in Section 4.3. We obtain:

$$\begin{array}{cc}\hfill \mathbb{E}\left[U\right]& =\mathbb{E}\left[N_{\mathrm{f}}\right]\mathbb{E}\left[D_i\right]=\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]e^{\mu +\frac{{\sigma }^2}{2}},\hfill \end{array}$$

(38)

$$\begin{array}{cc}\hfill \mathbb{V}\left[U\right]& ={\mathbb{E}}^2\left[D_i\right]\mathbb{V}\left[N_{\mathrm{f}}\right]+\mathbb{V}\left[D_i\right]\mathbb{E}\left[N_{\mathrm{f}}\right]=e^{2\mu +{\sigma }^2}\hfill \\ & \times \left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\right]\hfill \\ & +\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]e^{2\mu +{\sigma }^2}(e^{{\sigma }^2}-1).\hfill \end{array}$$

(39)

The corresponding moments of the economic loss X are then:

$$\mathbb{E}\left[X_u\right]=k_u\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]e^{\mu +\frac{{\sigma }^2}{2}},$$

(40)

$$\begin{array}{cc}\hfill \mathbb{V}\left[X_u\right]& =k_u^2{e}^{2\mu +{\sigma }^2}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\right]\hfill \\ & +k_u^2\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]e^{2\mu +{\sigma }^2}(e^{{\sigma }^2}-1).\hfill \end{array}$$

(41)

5. Insurance Pricing

In Section 4, we have seen how outages result in economic losses for the cloud provider. These losses have been evaluated for three quality metrics (number of outages, number of long outages, and unavailability), which account for most of the cases that may be encountered in practice. Since these losses may endanger the economic balance of the cloud provider, the latter may wish to hedge against such losses. A natural way to hedge is through an insurance policy. In this section, we derive the fair price for such a policy. We first describe the general pricing methodology based on the expected utility approach as described in [23] and then apply that approach to the failure models described in Section 2 and the QoS metrics described in Section 3.

We consider a cloud provider whose assets are worth $\omega \in R^{+}$. This provider faces a possible monetary loss $X\in R^{+}$ and wishes to buy an insurance policy. In that case, it has to pay the insurance premium P to be fully indemnified against that loss.

We assume that the cloud provider’s perception of the loss of the amount of money x is described by its utility function $u\left(x\right)$. The perception may be dramatically different, depending on the economic conditions of the insured cloud provider. For example, if even a modest loss changes the overall economic balance from a profit condition to a loss one, even that small amount of money leads to a large decay of the utility. On the other hand, if the cloud provider is making a large profit, it will be able to withstand larger losses without a significant reduction of its utility.

Since the loss X is a random variable, we must consider the expected utility of the residual value of the company’s assets when the loss X is suffered. We have to compare the provider’s utility under two conditions: incurring the uncertain loss versus paying the certain insurance premium. The maximum tolerable premium P is the value that makes the two utilities equal. The equilibrium equation is then

$$\mathbb{E}\left[u\right(\omega -X\left)\right]=u(\omega -P).$$

(42)

The equilibrium equation may not be amenable to a closed form solution, depending on the nonlinear nature of the utility function. We can find an approximate solution by expanding both terms through a Taylor series in the neighbourhood of $\omega -\mathbb{E}\left[X\right]$:

$$\begin{array}{cc}\hfill u(\omega -P)& \simeq u(\omega -\mathbb{E}\left[X\right])+(\mathbb{E}\left[X\right]-P)u^{\prime }(\omega -\mathbb{E}\left[X\right]),\hfill \\ \hfill u(\omega -X)& \simeq u(\omega -\mathbb{E}\left[X\right])+(\mathbb{E}\left[X\right]-X)u^{\prime }(\omega -\mathbb{E}\left[X\right]),\hfill \\ & +\frac{{(\mathbb{E}\left[X\right]-X)}^2}{2}{u}^{″}(\omega -\mathbb{E}\left[X\right]).\hfill \end{array}$$

(43)

By employing the second of these Taylor expansions, we get

$$\begin{array}{cc}\hfill \mathbb{E}\left[u\right(\omega -X\left)\right]& \simeq u(\omega -\mathbb{E}\left[X\right])+(\mathbb{E}\left[X\right]-\mathbb{E}\left[X\right])u^{\prime }(\omega -\mathbb{E}\left[X\right])\hfill \\ & +\frac{\mathbb{V}\left[X\right]}{2}{u}^{″}(\omega -\mathbb{E}\left[X\right])\hfill \\ & =u(\omega -\mathbb{E}\left[X\right])+\frac{\mathbb{V}\left[X\right]}{2}{u}^{″}(\omega -\mathbb{E}\left[X\right]).\hfill \end{array}$$

(44)

Finally, by replacing those expressions in the equilibrium Equation (42), we obtain the maximum tolerable premium

$$P\simeq \mathbb{E}\left[X\right]+\frac{\mathbb{V}\left[X\right]}{2}r(\omega -\mathbb{E}\left[X\right]),$$

(45)

where we have introduced the risk aversion function r, which takes into account the effect of the utility function:

$$r\left(x\right)=-\frac{u^{″}\left(x\right)}{u^{\prime }\left(x\right)}.$$

(46)

Though several options are possible for the utility function (see, e.g., Section 1.3 in [23]), a typical assumption is to consider a constant risk aversion coefficient

$$r\left(x\right)=\delta >0.$$

(47)

In that case, the utility function exhibits the Constant Absolute Risk Aversion (CARA) property [24]; the only function that satisfies the CARA property is the exponential function $u\left(x\right)=1-e^{-\delta x}$, which leads to the maximum tolerable premium

$$P\simeq \mathbb{E}\left[X\right]+\delta \frac{\mathbb{V}\left[X\right]}{2}.$$

(48)

The CARA property has been assumed, e.g., in [13,25].

Under the CARA property, the premium formulation is therefore of the mean-variance type, where the risk-aversion coefficient is to be defined to obtain the premium: higher values of $\delta$ are associated with a growing aversion for risk and then to the willingness to pay a higher premium: in [26], the risk-aversion coefficient is assumed to take values in the [0.5,4] range. However, its assessment is rather sensitive, since it can significantly contribute to the premium. In [27], a procedure is indicated to compute its value for a CARA utility function. Namely, it is set as

$$\delta =\frac{ln\frac{1+2\eta }{1-2\eta }}{\mathbb{E}\left[X\right]},$$

(49)

where $\eta$ is the probability premium, i.e., the increase in probability above 0.5 that an individual requires to maintain a constant level of utility equal to the utility of status quo; it takes a value in the [0, 0.5] range.

In the following subsections, we derive the pricing formula for the two models described in Section 2.

5.1. The Exponential-Pareto Model

Following the same approach adopted for the computation of the economic loss in Section 4, we evaluate the resulting insurance premium for the three QoS metrics. In order to get a numeric feeling for the outcome, we consider the parameter values shown in

Table 4. Sample parameter values for the Exponential-Pareto model.

Exponential	Pareto		Time
$\frac{\mathbf{1}}{\mathbf{\lambda }}$ [Days]	$\mathbf{\xi }$	$\mathbf{\beta }$	T [Days]
27.5	0.4	405	365

, which are fairly representative of the experiments leading to the models of Section 2.

5.1.1. Number of Outages

Replacing the results of Equation (10) in Equation (48), we get the premium (actually the maximum tolerable premium) for the coverage period T when the loss is proportional to the number of outages:

$$P_{\mathrm{f}}=k_{\mathrm{f}}\lambda T+\frac{\delta k_{\mathrm{f}}^2}{2}\lambda T=k_{\mathrm{f}}\lambda T\left(1+\frac{\delta k_{\mathrm{f}}}{2}\right).$$

(50)

The resulting premium is proportional to the average number of outages and a quadratic function of the unit loss per outage.

5.1.2. Number of Long Outages

If the loss is proportional to the number of outages whose duration exceeds the threshold w, after recalling Equation (15), we obtain the premium

$$\begin{array}{cc}\hfill P_{\mathrm{lf}}& =k_{\mathrm{lf}}\lambda T{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}+\frac{\delta }{2}{k}_{\mathrm{lf}}^2\lambda T{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\hfill \\ & =k_{\mathrm{lf}}\lambda T{\left(1+\frac{\xi w}{\beta }\right)}^{-\frac{1}{\xi }}\left(1+\frac{\delta k_{\mathrm{lf}}}{2}\right).\hfill \end{array}$$

(51)

Similarly to what we found for the case where the QoS metric is the number of outages, here the premium is a linear function of the average number of outages and a quadratic function of the unit loss per long outage. Instead, in Figure 2, we see that the premium is a nearly linear function of the threshold w that defines long outages. The picture has been obtained for the values of Table 4 when the loss per minute is $k_{\mathrm{U}}=10,000\$$, which lies in the low range among the values reported in Table 3. The unit loss per long outage has been set according to the equation

$$k_{\mathrm{lf}}\mathbb{E}\left[N_{\mathrm{lf}}\right]=k_{\mathrm{U}}\mathbb{E}\left[\mathrm{U}\right].$$

(52)

Aside from its absolute value, we can get a feeling for the size of the premium if we compare it with the expected loss, i.e., the excess premium defined as

$$E{P}_{\mathrm{lf}}=\frac{P_{\mathrm{lf}}-\mathbb{E}\left[X_{lf}\right]}{\mathbb{E}\left[X_{lf}\right]}=\frac{\delta k_{\mathrm{lf}}}{2}.$$

(53)

The excess premium is shown in Figure 3 for the same case of Figure 2. We can see that the coverage of risk requires an excess premium of the order of some percentage points; its dependence on the outage duration threshold w is again roughly linear.

5.1.3. Unavailability

If a loss is experienced for each minute of no service, after recalling Equations (17) and (18), we have the premium

$$\begin{array}{cc}\hfill P_{\mathrm{u}}& =k_{\mathrm{u}}\frac{\beta }{1-\xi }\lambda T+\frac{\delta }{2}\frac{2k_{\mathrm{u}}^2{\beta }^2\lambda T}{(1-\xi )(1-2\xi )}\hfill \\ & =\frac{k_{\mathrm{u}}\beta \lambda T}{1-\xi }\left(1+\frac{\delta k_{\mathrm{u}}\beta }{1-2\xi }\right).\hfill \end{array}$$

(54)

The excess premium is then

$$E{P}_{\mathrm{u}}=\frac{P_{\mathrm{u}}-\mathbb{E}\left[X_u\right]}{\mathbb{E}\left[X_u\right]}=\frac{\delta k_{\mathrm{u}}\beta }{1-2\xi }.$$

(55)

For the values in Table 4, we have the excess premium $E{P}_{\mathrm{u}}\simeq 0.226$, which represents a fairly large premium for risk.

5.2. The Pareto-Lognormal Model

Similarly to what we have done in Section 5.1, in this section, we compute the premium when outages are described by the Pareto-Lognormal model. Again, we proceed separately for the three QoS metrics. As for the Exponential-Pareto model, we report the parameter values used for numerical examples in

Table 5. Sample parameter values for the Pareto-Lognormal model.

Pareto		Lognormal		Time
$\mathit{h}$	$\mathbf{\alpha }$	$\mathbf{\mu }$	$\mathbf{\sigma }$	T [Days]
1834	4	4.6	1.3	365

.

5.2.1. Number of Outages

By recalling the general expression of the premium in Equation (48) and the first two moments of the economic loss in Equations (32) and (33), we get the following premium:

$$\begin{array}{cc}\hfill P_{\mathrm{f}}& =k_{\mathrm{f}}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ & +\delta \frac{k_{\mathrm{f}}^2}{2}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\right]\hfill \\ & =\left[k_{\mathrm{f}}+\delta \frac{k_{\mathrm{f}}^2}{2}\left[{\left(\frac{h}{T}\right)}^{\alpha }-\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\right]\hfill \\ & \times \left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ & +\delta \frac{k_{\mathrm{f}}^2}{2}\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right).\hfill \end{array}$$

(56)

5.2.2. Number of Long Outages

Here, we combine the general expression of the premium in Equation (48) and the first two moments of the economic loss provided by Equations (36) and (37), which gives us the premium

$$\begin{array}{cc}\hfill P_{\mathrm{lf}}& =k_{\mathrm{lf}}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\hfill \\ & +\delta \frac{k_{\mathrm{lf}}^2}{2}{\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]}^2\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-\mathbb{E}{\left[N_{\mathrm{f}}\right]}^2\right]\hfill \\ & +\delta \frac{k_{\mathrm{lf}}^2}{2}\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\left[\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ & =\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]\left(k_{\mathrm{f}}+\delta \frac{k_{\mathrm{lf}}^2}{2}\right)\hfill \\ & -\delta \frac{k_{\mathrm{lf}}^2}{2}{\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]}^2{\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]}^2\hfill \\ & +\delta \frac{k_{\mathrm{lf}}^2}{2}{\left[1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right]}^2\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right).\hfill \end{array}$$

(57)

The excess premium can be computed as in Equation (54). Its behaviour as the outage duration threshold grows is however shown in Figure 4.

5.2.3. Unavailability

Again, we employ here the general expression of the premium in Equation (48) and the first two moments of the economic loss provided by Equations (40) and (41) to get

$$\begin{array}{c}{P}_{\mathrm{u}}=k_u\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]e^{\mu +\frac{{\sigma }^2}{2}}\hfill \\ +\delta \frac{k_u^2}{2}{e}^{2\mu +{\sigma }^2}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]\right]\hfill \\ +\delta \frac{k_u^2}{2}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]e^{2\mu +{\sigma }^2}(e^{{\sigma }^2}-1)\hfill \\ =k_u{e}^{\mu +\frac{{\sigma }^2}{2}}\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ +\left[1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)\right]\hfill \\ \times \left[\delta \frac{k_u^2}{2}{e}^{\mu +\frac{{\sigma }^2}{2}}\left[{\left(\frac{h}{T}\right)}^{\alpha }-\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)+e^{{\sigma }^2}-1\right]\right]\hfill \\ +\delta \frac{k_u^2}{2}{e}^{2\mu +{\sigma }^2}\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right).\hfill \end{array}$$

(58)

For the values in Table 5, we have an excess premium equal to $E{P}_u\simeq 0.117$, which is roughly half that obtained under the Exponential-Pareto model.

6. Refund Sustainability

In Section 5, we have seen that the insurance premium is a function of the unit compensation (i.e., $k_f$, $k_{lf}$ or $k_u$, depending on the QoS metric adopted). The relationship is typically of the quadratic kind. This means that the premium will go up with the unit compensation (and faster than that) that the cloud provider is bound to pay its customer. As a consequence, large unit compensations lead to high premiums, which may become unsustainable for the cloud provider: premiums represent a fixed (deterministic) outcome that erodes the profit margin of the cloud provider and, if large, may even turn a potential profit into a sure loss. In Table 3, we have seen how large the unit loss per minute can be; though those values may represent a basis for setting the unit compensation (in that case for $k_u$), this way of acting may lead to an exceedingly high liability for the cloud provider. We suggest here a possible way to limit the liability of the cloud provider so as to make it sustainable. This involves setting a limit for the unit compensation that the cloud provider may pay. In this section, we derive such a limit for the two failure models and the three QoS metrics that we have considered so far. After obtaining the general expression for the maximum unit refund, we follow therefore the same approach as in Section 3 and Section 5, dealing separately with each subcase.

6.1. Unit Refund Limit

As hinted above, the compensation that cloud providers may pay their customers should be bounded, so that it does not pose a significant threat to the overall economic balance of the company. In many cases, the compensation is set as a percentage (well below 100%) of the service fee (the compensation is therefore a partial refund); this limit guarantees that the outflow related to refunds cannot exceed that same percentage of the revenues. In

Table 6. Refunds as a percentage of the service fee.

Cloud Provider	Monthly Uptime [%]	Service Credit [%]
Amazon ${}^1$	99–99.99	10
	$<99$	30
Google ${}^2$	99–99.99	10
	95–99	25
	<95	50
Microsoft Azure ${}^3$	99–99.9	10
	$<99$	25
Rackspace ${}^4$	99.5–99.9	10
	99–99.49	25
	98–98.99	40
	97.5–97.99	55
	97–97.49	70
	96.5–96.99	85
	<96.5	100

${}^1$https://aws.amazon.com/it/compute/sla/; ${}^2$https://cloud.google.com/functions/sla; ${}^3$https://azure.microsoft.com/en-us/support/legal/sla/summary/; ${}^4$https://www.rackspace.com/sites/default/files/legal/cloud_slas_global_08_feb_2016.pdf.

, the percentage values set by some providers are reported for the case where the QoS metric is the availability. All providers allow for a larger refund percentage as the QoS degrades more and more. However, for three out of four providers, the refund can never be full.

In order to limit the liability of cloud providers within safe bounds, we consider here a similar approach by limiting the unit refund. We set therefore

$$k_{*}=\gamma F\gamma \in (0,1),$$

(59)

where the asterisk is a jolly character so that the expression may be applied to any of the three performance parameters, and $\gamma$ defines the fraction of the fee that the cloud provider may accept to lose due to compensation for each QoS violation.

On the other hand, the cloud provider cannot be led to pay too high a premium, since the premium is a fixed periodic payment that erodes the provider’s profit. In order to guarantee that the revenues represented by the service fees are not overly reduced, we can set the premium so as not to be larger than a predefined fraction of the service fee itself:

$$P_{*}<\rho F\rho \in (0,1).$$

(60)

Since the economic loss $X_{*}$ is proportional to the QoS metric (which is either $N_{\mathrm{f}}$, $N_{\mathrm{lf}}$ or U), as embodied by Equations (9), (11) and (16), we introduce a generic variable L to derive a general expression that may then be tailored for the case at hand by replacing L with $N_{\mathrm{f}}$, $N_{\mathrm{lf}}$ or U, respectively.

The general constraint on the premium can then be expressed as

$$\begin{array}{cc}\hfill P_{*}& =\mathbb{E}\left[X_{*}\right]+\delta \frac{\mathbb{V}\left[X_{*}\right]}{2}=k_{*}\mathbb{E}\left[L\right]+k_{*}^2\delta \frac{\mathbb{V}\left[L\right]}{2}\hfill \\ & =\gamma F\mathbb{E}\left[L\right]+{\gamma }^2{F}^2\delta \frac{\mathbb{V}\left[L\right]}{2}<\rho F.\hfill \end{array}$$

(61)

This constraint leads to a quadratic inequality in the unit refund $\gamma$:

$$F\delta \frac{\mathbb{V}\left[L\right]}{2}{\gamma }^2+\mathbb{E}\left[L\right]\gamma -\rho <0.$$

(62)

Since the discriminant associated with the quadratic form is

$$\Delta ={\left(\frac{\mathbb{E}\left[L\right]}{2}\right)}^2+\frac{\delta }{2}F\rho \mathbb{V}\left[L\right]$$

(63)

and $\gamma >0$, the solution of the quadratic inequality is

$$\gamma <\frac{2\sqrt{\Delta }-\mathbb{E}\left[L\right]}{\delta F\mathbb{V}\left[L\right]}=\frac{\sqrt{1+2\delta F\rho \frac{\mathbb{V}\left[L\right]}{{\mathbb{E}}^2\left[L\right]}}-1}{\delta F\frac{\mathbb{V}\left[L\right]}{\mathbb{E}\left[L\right]}},$$

(64)

which gives us an upper bound for the unit refund $\gamma$ to be sustainable.

The premium-setting procedure therefore goes through the following steps:

• Set the tolerable fraction $\rho$ of the service fee as in Equation (60);
• Compute the upperbound $\gamma$ on the refund (Section 6.2 and Section 6.3);
• Compute the limit unit refund as per Equation (59);
• Compute the premium (Section 5.1 and Section 5.2).

In the following subsections, we derive the expression for $\gamma$ when either outage model applies and for the three QoS metrics. In order to show some numerical results, we consider the parameter values shown Table 4 and Table 5 for the failure models, and in

Table 7. Parameter values used in the refund sustainability examples.

Parameter	Value
Long outage threshold w	2 h
Probability premium $\eta$	0.25
Allowable fee percentage $\rho$	0.05 (5%)

for the refund sustainability computation. The risk aversion factor $\delta$ is computed according to Equation (49).

6.2. The Exponential-Pareto Model

6.2.1. Number of Outages

In this case, the loss statistics is the number of outages $N_{\mathrm{f}}$, so that $\mathbb{E}\left[L\right]=\lambda T$ and $\mathbb{V}\left[L\right]=\lambda T$ and

$$\frac{\mathbb{V}\left[L\right]}{\mathbb{E}\left[L\right]}=1\frac{\mathbb{V}\left[L\right]}{{\mathbb{E}}^2\left[L\right]}=\frac{1}{\lambda T}.$$

(65)

From Equation (64), the constraint on the refund factor then becomes

$${\gamma }_{\mathrm{f}}<\frac{\sqrt{1+\frac{2\delta F\rho }{\lambda T}}-1}{\delta F}.$$

(66)

As can be seen in Figure 5a, the maximum value for ${\gamma }_{\mathrm{f}}$ diminishes as the fee grows with a roughly inverse square root dependence.

6.2.2. Number of Long Outages

In this case $L=N_{lf}$, and

$$\frac{\mathbb{V}\left[L\right]}{\mathbb{E}\left[L\right]}=1\frac{\mathbb{V}\left[L\right]}{{\mathbb{E}}^2\left[L\right]}=\frac{1}{\lambda T}{\left(1+\frac{\xi W}{\beta }\right)}^{\frac{1}{\xi }}$$

(67)

so that Equation (64) becomes

$${\gamma }_{\mathrm{lf}}<\frac{\sqrt{1+\frac{2\delta F\rho }{\lambda T}{\left(1+\frac{\xi W}{\beta }\right)}^{\frac{1}{\xi }}}-1}{\delta F}.$$

(68)

In Figure 5b again, we see that, as the fee grows, the cloud provider has to lower the fraction of the fee that it can return to its customers for each long outage.

6.2.3. Unavailability

In this case $L=U$, and

$$\frac{\mathbb{V}\left[L\right]}{\mathbb{E}\left[L\right]}=\frac{2\beta }{1-2\xi }\frac{\mathbb{V}\left[L\right]}{{\mathbb{E}}^2\left[L\right]}=\frac{2}{\lambda T}\frac{1-\xi }{1-2\xi },$$

(69)

so that Equation (64) becomes

$${\gamma }_u<\frac{1-2\xi }{2\delta \beta F}\left[\sqrt{1+\frac{4\delta F\rho }{\lambda T}\frac{1-\xi }{1-2\xi }}-1\right].$$

(70)

The upper bound on the unit refund is now shown in Figure 5c, where the decline as the fee grows is steeper in the lower domain of the fee values.

6.3. The Pareto-Lognormal Model

6.3.1. Number of Outages

From Section 4.4.1, we recall that the first two moments of the number of outages are respectively

$$\mathbb{E}\left[N_{\mathrm{f}}\right]=1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right),$$

(71)

$$\begin{array}{cc}\hfill \mathbb{V}\left[N_{\mathrm{f}}\right]& =1-{\left(\frac{h}{T}\right)}^{\alpha }+\sum _{i=1}^{\infty }(2i+1)\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)-{\mathbb{E}}^2\left[L_{\mathrm{f}}\right],\hfill \\ & {\displaystyle =\mathbb{E}\left[L_{\mathrm{f}}\right]-{\mathbb{E}}^2\left[L_{\mathrm{f}}\right]+\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right).}\hfill \end{array}$$

(72)

The two ratios involving those moments and employed in the computation of the maximum refund are respectively:

$$\begin{array}{c}\hfill \frac{\mathbb{V}\left[N_{\mathrm{f}}\right]}{\mathbb{E}\left[N_{\mathrm{f}}\right]}=\frac{{\displaystyle \mathbb{E}\left[N_{\mathrm{f}}\right]-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]+\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)}}{\mathbb{E}\left[N_{\mathrm{f}}\right]},\end{array}$$

(73)

$$\begin{array}{c}\hfill \frac{\mathbb{V}\left[N_{\mathrm{f}}\right]}{{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]}=\frac{{\displaystyle \mathbb{E}\left[N_{\mathrm{f}}\right]-{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]+\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)}}{{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]}.\end{array}$$

(74)

By replacing in the general expression (64) the expressions just obtained and using the abbreviation ${\mathrm{G}}_i:=\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)$, and adopting the two shortened forms $G_s={\sum }_{i=1}^{\infty }{\mathrm{G}}_i$ and $G_w={\sum }_{i=1}^{\infty }2i{\mathrm{G}}_i$, we get the final expression of the maximum unit refund when the number of outages is used as the QoS metric:

$$\begin{array}{c}\hfill {\gamma }_{\mathrm{f}}=\frac{\sqrt{1+2\delta F\rho \left[\frac{1}{1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s}+\frac{G_w}{{\left(1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s\right)}^2}-1\right]}-1}{\delta F\left[\frac{1}{1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s}+\frac{G_w}{{\left(1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s\right)}^2}-1\right]}.\end{array}$$

(75)

This equation shows again that the maximum unit refund has to lower according to an inverse square law as the fee grows. In Figure 6a, we show the value of ${\gamma }_{\mathrm{f}}$ for the parameters listed in Table 7. The dependence here appears to be roughly linear because of the windows chosen for the fee values.

6.3.2. Number of Long Outages

Similarly to what we have done for the number of outages, we compute the ratios of the two moments for the case of long outages, by exploiting the results of Section 4.4.2:

$$\begin{array}{cc}\hfill \frac{\mathbb{V}\left[N_{\mathrm{lf}}\right]}{\mathbb{E}\left[N_{\mathrm{lf}}\right]}& =1-\frac{\left(1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right)}{\mathbb{E}\left[N_{\mathrm{f}}\right]}\left({\displaystyle {\mathbb{E}}^2\left[N_{\mathrm{f}}\right]-\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)}\right),\hfill \end{array}$$

(76)

$$\begin{array}{cc}\hfill \frac{\mathbb{V}\left[N_{\mathrm{lf}}\right]}{{\mathbb{E}}^2\left[N_{\mathrm{lf}}\right]}& =\frac{1}{\mathbb{E}\left[N_{\mathrm{f}}\right]}-\frac{\left(1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)\right)}{{\mathbb{E}}^2\left[N_{\mathrm{f}}\right]}\left({\displaystyle {\mathbb{E}}^2\left[N_{\mathrm{f}}\right]-\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)}\right).\hfill \end{array}$$

(77)

We can now replace those expressions into the unit refund limit general expression, adopting the abbreviation $\mathrm{B}\left(w\right):=1-\mathrm{G}\left(\frac{ln\left(w\right)-\mu }{\sqrt{2}\sigma }\right)$. The maximum unit refund for the case of long outages is then

$$\begin{array}{c}\hfill {\gamma }_{\mathrm{lf}}=\frac{\sqrt{1+2\delta F\rho \left[\frac{1}{1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s}+\frac{B\left(w\right)G_w}{{\left(1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s\right)}^2}-B\left(w\right)\right]}-1}{\delta F\left[\frac{1}{1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s}+\frac{B\left(w\right)G_w}{{\left(1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s\right)}^2}-B\left(w\right)\right]}.\end{array}$$

(78)

The same inverse sequare relationship appears to hold for the number of long outages as well, which is shown in Figure 6b.

6.3.3. Unavailability

Again, for the case of unavailability, we compute the ratio of the moments of the Unavailability, employing the expressions shown in Equations (40) and (41):

$$\begin{array}{c}\hfill \frac{\mathbb{V}\left[L_{\mathrm{U}}\right]}{\mathbb{E}\left[L_{\mathrm{U}}\right]}=\frac{\left[{\displaystyle \mathbb{E}\left[L_{\mathrm{f}}\right]e^{{\sigma }^2}-{\mathbb{E}}^2\left[L_{\mathrm{f}}\right]+\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)}\right]e^{\mu +\frac{{\sigma }^2}{2}}}{\mathbb{E}\left[L_{\mathrm{f}}\right]},\end{array}$$

(79)

$$\begin{array}{c}\hfill \frac{\mathbb{V}\left[L_{\mathrm{U}}\right]}{{\mathbb{E}}^2\left[L_{\mathrm{U}}\right]}=\frac{{\displaystyle \mathbb{E}\left[L_{\mathrm{f}}\right]e^{{\sigma }^2}-{\mathbb{E}}^2\left[L_{\mathrm{f}}\right]+\sum _{i=1}^{\infty }2i\mathrm{G}\left(\frac{T-\mathbb{E}\left[Z_i\right]}{\sqrt{\mathbb{V}\left[Z_i\right]}}\right)}}{{\mathbb{E}}^2\left[L_{\mathrm{f}}\right]}.\end{array}$$

(80)

We then replace these ratios in the general expression of the refund limit given by Equation (64) to get the maximum unit refund for the case of unavailability:

$$\begin{array}{c}\hfill {\gamma }_{\mathrm{u}}=\frac{\sqrt{1+2\delta F\rho \left[\frac{e^{{\sigma }^2}}{1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s}+\frac{G_w}{{\left(1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s\right)}^2}-1\right]}-1}{\delta F\left[\frac{e^{{\sigma }^2}}{1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s}+\frac{G_w}{{\left(1-{\left(\frac{h}{T}\right)}^{\alpha }+G_s\right)}^2}-1\right]e^{\mu +\frac{{\sigma }^2}{2}}}.\end{array}$$

(81)

Finally, in Figure 6c, we show the same diminishing trend for ${\gamma }_{\mathrm{u}}$.

7. Conclusions

We have provided formulas for the insurance premium that cloud providers have to pay to protect themselves against the danger of excessive claims by their customers in the case of cloud outages. The formulas can be applied quite straightforwardly as a function of the parameters describing the cloud outage phenomenon. The formulas depend however on how much the cloud provider is willing to pay for each disruption unit (i.e, for each outage, or for each outage exceeding a prescribed duration, or for each minute of unavailability, depending on the QoS metric chosen). In order to keep the insurance premium within acceptable limit and avoid endangering the economic balance of the cloud provider, we have provided formulas for the maximum unit refund as well. This upper bound lowers as the service fee grows, roughly according to an inverse square law.

Our set of formulas allows cloud providers to consider insurance as an additional, non network-centric, means of protection against the consequences of poor cloud performance. A possible extension would lead us to consider a non-binary state space, where several levels of QoS degradation are possible as an approximation to the case of graceful degradation of service quality.