Sample SLAs

What are some sample SLAs and how do they align with Veeam?
What is a Service Level Agreement? What is RPO and RTO? If you want to better manage your customer (internal or external) expectations, a service level agreement (SLA) may be worth considering. An SLA is a negotiated agreement designed to create a common understanding and expectation about services, priorities and responsibilities.

BIA: A Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

CBF: Critical Business Function - Essential functions critical to business operations.

NOTE: Data should be categorized/classified based on importance and sensitivity (Governance).

By implementing SLAs, you can specify exactly what is (and is not) covered, document roles and responsibilities of both parties, and define service prerequisites that set you up for success.

  • Identify specifically what is and is not covered to avoid confusion.

  • Define availability and contact information.

  • Monitor compliance by measuring your progress against SLA goals. Rely on reporting to help you keep customers aware of how you’re meeting and exceeding your SLA promises.

  • Automate reporting. Providing real-time performance to customers through automated reporting provides full transparency into the real status of the agreed upon metrics.

[Blog Series] How to Design and Implement a Backup System Based on SLA Policies

The following are samples only / Consider using tags as part of your SLA strategy: Amazing Power of Tags

SLA Label: "Gold"

  • Mission-critical applications that require an RTO/RPO of less than 15 minutes

  • Performance Expectations: High

  • Availability Expectations: 99.999% / Five Nines: 5.26 minutes of unplanned downtime per year.

  • Tier 3 or 4 data center.

  • Retention Points: 37 over 6 years (21 daily, 4 weekly, 6 monthly, and 6 yearly recovery points).

  • Backups should be immutable for 65 days.

  • Data should be encrypted.

  • Utilize the 3-2-1-1-0 rule.

  • Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

  • Use CDP (Continuous Data Protections) to replicate systems to an alternate location (a DR site) for availability requirements. <1 hour RTO

  • Use VDRO to automate your recovery process.

  • Use Veeam Instant Recovery to meet RTOs.

  • Use Veeam ONE for continuous monitoring and forecasting.

  • Use Veeam SureBackup to test your recovery.

SLA Label: "Silver"

  • Business-critical applications that require RTO of 2 hours and RPO of 4 hours

  • Performance Expectations: Medium-High

  • Availability Expectations: 99.99% / Four Nines: 52.60 minutes of unplanned downtime per year.

  • Tier 2 or better data center

  • Retention Points: 32 over 3 years (21 daily, 4 weekly, 4 monthly, and 3 yearly recovery points).

  • Backups should be immutable for 45 days.

  • Data should be encrypted.

  • Utilize the 3-2-1-1-0 rule.

  • Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

  • Use VBR to replicate systems to an alternate location (a DR site) for availability requirements. >1 hour RTO

  • Use Veeam Instant Recovery to meet RTOs.

  • Use Veeam ONE for continuous monitoring and forecasting.

  • Use Veeam SureBackup to test your recovery.

A Label: "Bronze"

  • Non-critical applications that require RTO of 4 hours and RPO of 24 hours

  • Performance Expectations: Medium-Low

  • Availability Expectations: 99.9% / Three Nines: 8.77 hours of unplanned downtime per year.

  • Tier 1 or better data center

  • Retention Points: 14 over 2 years (7 daily, 2 weekly, 3 monthly, and 2 yearly recovery points).

  • Backups should be immutable for 20 days.

  • Data may or may not be encrypted.

  • Utilize the 3-2-1-1-0 rule.

  • Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

  • Use Veeam Instant Recovery to meet RTOs.

  • Use Veeam ONE for continuous monitoring and forecasting.

  • Use Veeam SureBackup to test your recovery.

SLA Label: N/A

  • Performance Expectations: ABSOLUTELY NONE

  • Availability Expectations: ABSOLUTELY NONE

  • RTO/RPO: "Best effort"

  • Retention: Undefined

  • Use Veeam ONE for continuous monitoring and forecasting.


SAMPLE: 35 GFS Retention Points

  1. 14 Daily Backups - 14 in the Performance Tier and 14 in the Capacity Tier (Copy Function).

  2. 4 Weekly Backups - 4 in the Performance Tier and 4 in the Capacity Tier (Copy Function).

  3. 3 Monthly Backups - Capacity Tier/Archive Tiers (Move Function).

  4. 5 Annual Backups - Capacity Tier/Archive Tiers (Move Function).

Long-Term Retention Policy (GFS)



"Every business owner can add their VMs, by Folder, or per-VM into one of the different Backup SLA Policies"

Designing Meaningful Recovery Point Objective & Recovery Time Objective Policies

  • Step One: Define Recovery Priority

  • Step Two: Identify Your Risks

  • Step Three: Separate Desirable and Required RPOs

  • Step Four: Layered RPO

  • Step Five: Verification

  • Step Six: Fault Tolerance

Click here for more SLA information

"A Backup Retention Policy determines the retention time of data, archival rules, data formats and the permissible means of storage, access and encryption, while weighing legal and privacy concerns against economics and 'need to know' concerns. The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date and to dispose of information that is no longer needed. The GDPR does not dictate how long you should keep personal data. It is up to you to justify this, based on your purposes for processing. You are in the best position to judge how long you need it. You must also be able to justify why you need to keep personal data in a form that permits identification of individuals."