Uptime/Availability SLA:

Business hours – To what timeframe does the SLA pertain? These are generally divided into tiers depending on business criticality (9 to 5, 24 by 7).

Are maintenance windows (configuration changes, capacity changes, OS and application patch management) included or excluded from availability SLAs?

Single versus multi-virtual machine vApps – Do multi-virtual machine vApps need to be treated as a single entity from a SLA perspective?

End User Response Time SLA – This is generally focused on overall user experience, measuring response time from local and major remote sites to get a representative view. This is implemented via remote simulators and running automated robotic scripts.

Recovery (system, data) SLA – What Recovery Time Objectives and Recovery Point Objectives need to be met?

Are backups required?

Is high availability required?

Is fault tolerance required within the management cluster?

Is automated disaster recovery failover required within certain time parameters?

Privacy SLA (data security, access and control, compliance):

Do data privacy requirements (encryption, others) exist?

Are there regulatory requirements?

Are specific roles and permission groups required?

Provisioning SLA – Are there provisioning time requirements?

SLA Penalties.

How are SLA penalties applied?

Are they applied as service credits for example?

What legal liabilities apply and how are they covered?

Is there a termination for cause clause in the SLA?

What defines an outage and who bears the burden of claim?

What is the track record for delivering on SLAs? These SLA considerations should be applied to external service providers.