Thank you for taking the time to carefully review the Database Hosting SLA. Your feedback will help us as we work to rollout this service to more UNM departments. Here are initial responses to your questions I have duplicated the questions, just to make sure it is clear which question we are answering.
Q – Can database backups be set for more granular levels of recovery should the application owners request it?
A – Yes, additional storage may be purchased to increase the frequency and retention periods for database backups.
Q – It seems as if this SLA is blending SLAs for database hosting and the application that uses the database that UNM IT may not have any control over or may live on a different server? Is it assumed that the application and database live on the same VM?
A – This service requires the database and application to reside on separate servers. This follows recommended database and security best practices.
Q – Should service catalog specify the versions of Oracle and SQL Server?
A – Section 2.1.2 in the SLA specifies “UNM IT will only install supported database software” and refers people to the Service Catalog, so I agree with you. We will not specify specific versions, since those are subject to change. We will clarify in the Catalog that we provide database support for database versions that are currently covered by vendor support commitments (Oracle and Microsoft).
Q – Does there need to be a statement that this SLA excludes MySQL databases used by departmental web sites
A – The preference is to avoid listing all database exclusions. The SLA states this service is for Oracle and/or SQL Server databases.
Q – Is there a time-to-restore that can be included in the SLA?
A – Not at this time. Recovery time varies greatly based on the nature of the failure and the size of the database. In the case of incidents, we will strive to meet the standard resolution timeframes identified in Section 6.2.
Q – The colocation SLA had a clause requiring users to disclose storage of certain types of data to UNM IT. Should that apply in this case? Should the Data Owner and/or Custodian also be notified if this hosted database will be used to store sensitive information?
A – We will comply with UNM IT Security policies and procedures. Those are separate from this SLA. Because the hosted database will reside on a hosted server/Virtual Machine, there is a standard security questionnaire that will be completed to document the nature of the data in the database. That provides the opportunity to know which policies and procedures apply.