Sample SLAs

What are some sample SLAs and how do they align with Veeam?
What is a Service Level Agreement? What is RPO and RTO? If you want to better manage your customer (internal or external) expectations, a service level agreement (SLA) may be worth considering. An SLA is a negotiated agreement designed to create a common understanding and expectation about services, priorities and responsibilities.

BIA: A Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

NOTE: Data should be categorized/classified based on importance and sensitivity (Governance).

[Blog Series] How to Design and Implement a Backup System Based on SLA Policies

The following are samples only / Consider using tags as part of your SLA strategy: Amazing Power of Tags

SLA Label: "Gold"

  • Mission-critical applications that require an RTO/RPO of less than 15 minutes

  • Performance Expectations: High

  • Availability Expectations: 99.999% / Five Nines: 5.26 minutes of unplanned downtime per year.

  • Retention Points: 37 over 6 years (21 daily, 4 weekly, 6 monthly, and 6 yearly recovery points).

  • Utilize the 3-2-1-1-0 rule.

  • Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

  • Use CDP (Continuous Data Protections) to replicate systems to an alternate location (a DR site) for availability requirements. <1 hour RTO

  • Use VDRO to automate your recovery process.

  • Use Veeam Instant Recovery to meet RTOs.

  • Use Veeam ONE for continuous monitoring and forecasting.

  • Use Veeam SureBackup to test your recovery.

SLA Label: "Silver"

  • Business-critical applications that require RTO of 2 hours and RPO of 4 hours

  • Performance Expectations: Medium-High

  • Availability Expectations: 99.99% / Four Nines: 52.60 minutes of unplanned downtime per year.

  • Retention Points: 32 over 3 years (21 daily, 4 weekly, 4 monthly, and 3 yearly recovery points).

  • Utilize the 3-2-1-1-0 rule.

  • Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

  • Use VBR to replicate systems to an alternate location (a DR site) for availability requirements. >1 hour RTO

  • Use Veeam Instant Recovery to meet RTOs.

  • Use Veeam ONE for continuous monitoring and forecasting.

  • Use Veeam SureBackup to test your recovery.

A Label: "Bronze"

  • Non-critical applications that require RTO of 4 hours and RPO of 24 hours

  • Performance Expectations: Medium-Low

  • Availability Expectations: 99.9% / Three Nines: 8.77 hours of unplanned downtime per year.

  • Retention Points: 14 over 2 years (7 daily, 2 weekly, 3 monthly, and 2 yearly recovery points).

  • Utilize the 3-2-1-1-0 rule.

  • Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

  • Use Veeam Instant Recovery to meet RTOs.

  • Use Veeam ONE for continuous monitoring and forecasting.

  • Use Veeam SureBackup to test your recovery.

SLA Label: N/A

  • Performance Expectations: ABSOLUTELY NONE

  • Availability Expectations: ABSOLUTELY NONE

  • RTO/RPO: "Best effort"

  • Retention: Undefined

  • Use Veeam ONE for continuous monitoring and forecasting.


SAMPLE: 35 GFS Retention Points

  1. 14 Daily Backups - 14 in the Performance Tier and 14 in the Capacity Tier (Copy Function).

  2. 4 Weekly Backups - 4 in the Performance Tier and 4 in the Capacity Tier (Copy Function).

  3. 3 Monthly Backups - Capacity Tier/Archive Tiers (Move Function).

  4. 5 Annual Backups - Capacity Tier/Archive Tiers (Move Function).

Long-Term Retention Policy (GFS)

"Every business owner can add their VMs, by Folder, or per-VM into one of the different Backup SLA Policies"

Click here for more SLA information

"A Backup Retention Policy determines the retention time of data, archival rules, data formats and the permissible means of storage, access and encryption, while weighing legal and privacy concerns against economics and 'need to know' concerns. The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date and to dispose of information that is no longer needed. The GDPR does not dictate how long you should keep personal data. It is up to you to justify this, based on your purposes for processing. You are in the best position to judge how long you need it. You must also be able to justify why you need to keep personal data in a form that permits identification of individuals."