Sample Service Level Agreement

This is a sample service level agreement arranged between Eargle & Vance (security-assignments.com) and a customer, labeled CUSTOMER in the document. To arrange your own SLA, contact [email protected]

Eargle & Vance <-> CUSTOMER
Information Security Management GCP lab virtual machines
Last Updated 2021-08-06

This document is a service level agreement between Eargle & Vance and the CUSTOMER.

Definitions

This agreement differentiates between lab documents and lab virtual machines.

Lab documents: Lab documents are the lab description web pages. These are provided open-source, for free, with no guarantee beyond their completion being possible with the virtual machines. In the spirit of open source, instructors and whoever else are encouraged to open “issues” and/or “pull requests” against the lab document github repository, to add clarifications, new content, or whatever else.

Lab virtual machines: To complete many assignments described in lab documents, students must use a set of virtual machines running on the Google Compute Platform (GCP). Many virtual machines use nested virtualization to be able to run within Kali on GCP, which is itself a virtual machine.

The virtual machines that run directly on GCP include the following:

  • Kali

The virtual machines that run using nested virtualization within Kali include the following:

  • Metasploitable2
  • Windows 2019
  • Security Onion

  • Penetration test milestone vulnerable server*

    Note: The penetration test milestone description counts as a “lab document,” while the penetration milestone virtual machine counts as a “lab virtual machine”.

Agreement

Eargle & Vance will do the following:

  • An August 2021 version of the lab documents will be maintained online.
  • The lab virtual machines will be maintained in sufficient working condition to be able to complete the August 2021 version of the lab documents, in so far as reasonable and technically possible.
  • Will strive to fix errors within 48 business-day hours (excluding Saturdays and Sundays).
  • Will provide an online forum for instructors to answer support questions about bugs with the lab virtual machines. However, questions must be answerable via email (i.e., questions must not require a live one-on-one consultation).
  • Will provide instructors with a list of known vulnerabilities for the penetration test milestone virtual machine. We will also provide an example grading rubric.
  • Will provide instructors with answers for lab document quiz questions.
  • Will process lab virtual machine package purchases within 24 business hours.
  • Will provide the lab virtual machine access package and associated materials mentioned in this agreement for free to Temple MIS instructors.
  • Will have the lab virtual machines ready for use by September 1, 2021.

Eargle & Vance will not do the following:

  • Will not support students in using the labs, virtual machines, or GCP.
  • Will not teach instructors how to use the labs or virtual machines. However, this can be arranged in a separate agreement.
  • Guarantee GCP’s current service offerings, such as the GCP “90-day, $300 Free Trial” program.

The CUSTOMER agrees to:

  • Notify Eagle and & Vance at least one week before a lab is assigned. This gives sufficient lead time to ensure that the lab virtual machines are working at the time labs are assigned. This is because URLs to external sources may change suddenly.
  • Have students purchase a lab virtual machine access package from security-assignments.com.

Refund Policy

  • Students will be refunded in full if Eargle & Vance do not meet their terms of this agreement as stated above.
  • Refunds will not be given to students who drop the class.

Changelog 8/16/2021: Added an item about refunds to students in case the services are not available. Mention that all materials and services will be free for instructors. Mention that the services will be ready to use for students by Sep 1.