Building Client Confidence in Disaster Recovery as a Service (DRaaS)
Combining secure network-delivered services and high levels of virtualization, DRaaS potentially offers significant operational and economic advantages over traditional DR. In fact, IT executives believe that disaster recovery through hybrid cloud offers the best opportunity for aligning actual recovery performance (in terms of recovery time and recovery point objectives) to business expectations. That’s because DRaaS can back-up an organization’s entire IT environment, not just its data. This can speed recovery, simplify DR testing, increase flexibility and limit staffing needs. And DRaaS accomplishes all this while replacing the capital expense of a secondary site with the predictable and manageable monthly operating expense of a service provider’s contract.
But DRaaS can only produce the benefits of more efficient and cost-effective disaster recovery when delivered by a provider with the customer focus and depth of experience necessary to understand there is more to enterprise-scale DRaaS than ordering self-service backup with a credit card and web browser. Simple cloud-based data restoration falls far short of the comprehensive recovery solution required to ensure an enterprise’s business continuity. Savvy customers seem to know this already. In one report, IT leaders questioned that if a provider doesn’t know traditional IT recovery inside and out, why trust them for DraaS? According to The Forrester Wave, infrastructure and operations executives have clear requirements for what they expect in a qualified DRaaS provider:
• Breadth in services: from traditional, platform agnostic IT recovery to DRaaS, consulting and workforce continuity
• Best-in-class customer service
• Testing support
• Flexible contracts.
For customers to have maximum success with, and confidence in, the evolving DraaS model, we believe a provider should offer DRaaS as a managed service and should assure customers a smooth transition to DRaaS by assisting in developing a basic disaster recovery run book and guiding them through a comprehensive on-boarding process.
DRaaS as a Managed Service
As we at Recovery Point have been saying for years, backup alone does not mean back in business. For any organization considering DRaaS, it is more important than ever to understand the requirements of a complete, fully tested and managed disaster recovery solution.
A recent internet search for DRaaS providers turned up 24 companies, none of which were recognized as traditionally experienced DR providers in The Forrester Wave. Recovery Point, on the other hand, is ranked in Forrester’s highest category: that of “Leader,” with strong service offerings and strategy. This proliferation of companies seeking a share of this growing market has created a “buyer beware” situation for DRaaS customers. Because, while many companies say they provide cloud backup and recovery, what they actually provide is limited data backup and restoration across the public cloud.
In the disaster recovery world, restoration and recovery are not the same thing. A provider of truly integrated DRaaS, receives your data across a network, backs it up on systems at one or more redundant and secure locations, and has the capability within its own facilities to restore complete server images and data to fully functioning physical or virtual systems. Access to restored servers, applications and data can begin in as little as one hour after a total server loss. Should a disaster take out your company’s workplace as well as its production data center, a fully managed DRaaS solution offers the additional benefit of enabling employees to access their restored data and applications from nearly anywhere.
One of the most important benefits of a managed DRaaS solution is that the provider takes care of many underlying requirements so that you don’t have to. Top among these is network reliability. After all, what is the cloud but a network? If the network stops, cloud service stops. In a managed DRaaS offering, the provider maintains its own carrier-neutral nationwide network infrastructure with direct connections into major Internet backbones and interchange peering points. It should be diversely routed, include high-capacity fiber facilities and provide a cross-connect to your private network carrier while eliminating traditional “last mile” problems. A provider with deep network resources and expertise will have the ability to use those cross connects or other features of its network facilities to create a “recovery network” enabling broad, secure access to applications and data during a declaration. What good is a recovered server if only the original datacenter can see it?
Resiliency of the provider’s own facilities is another minimum requirement of managed DRaaS. As virtual as the cloud may be, behind every cloud service is physical hardware residing in a bricks-and-mortar facility. For a provider to assure resiliency of your critical systems, their own physical facilities and infrastructure must be immune to interruptions in power and other services. There should be redundancy in separate power grids, telecommunications, utility services and network connectivity. A provider should have its own backup power systems, multiple chiller systems for cooling racks and servers, and redundancy in critical subsystems.
The best assurance that a provider offers this level of resiliency comes from independent certification of their facility’s design to Uptime Institute’s Tier III or tier IV standard for concurrently maintainable infrastructure. This means the facility has sufficient systems redundancy so that each element of the infrastructure that supports a customer’s IT environment can be taken offline for scheduled maintenance with no impact on its operations. Datacenters are like automobiles; they will break if you do not maintain them.
The more heterogeneous your data center environment, the more important it is that your provider offer a platform-agnostic DRaaS solution. They should support all operating systems, physical and virtual servers, storage systems and end-user devices. Consider the issues that can arise if you have a variety of platforms, in addition to Intel, in production that must all interconnect at high speed to achieve your service level objectives (for example, AIX, iSeries or mainframe). If you split your recovery contracts among multiple providers to obtain DRaaS for the platforms they support, you may achieve excellent results for occasional failures of individual systems — but it will be at the expense of a reliable program for the enterprise. A heterogeneous production environment requires a heterogeneous recovery environment, not multiple vendors trying to simulate a production environment network across the internet during a disaster.
Finally, a managed service offering eliminates vendor fragmentation, reduces risk and accelerates recovery by integrating all of your required resources and support services into a single contract. When a disaster occurs, you will appreciate the simplicity of a single point of contact rather than having to coordinate multiple vendors amid the stress of an unplanned business interruption.
Capture Your DRaaS Planning in Basic Run Book
Just as in traditional DR, successful recovery through DRaaS following an actual disruption depends on thorough planning and the documentation of DR procedures, often in a “Runbook.” This was described extremely well by Enterprise Strategy Group analyst Jason Buffington, in an article in Redmond Magazine:
“Real disaster recovery — even in the cloud — still means I’ve got to have orchestration, I’ve got to build a sandbox so I can do testing, it means I’ve got to be able to define policies, so the right [VMs] come up in the right order. Based on priority and based on dependencies of those VMs, there’s a lot more to it than, ‘I’m going to make a copy of my VMs and put them someplace else and when something bad happens I’m going to turn them on.’”
A Runbook is not a fully managed vendor recovery, but it is an economical outline all of the steps for your team to follow in recovering from a service interruption or disaster. Unique to the needs of your organization, your Runbook will cover the processes for recovering the entire enterprise as well as each system. To be most valuable, your Runbook should be kept up to date to reflect any changes in your IT environment. Just as important, it should be revised to address any deficiencies discovered or lessons learned during DR testing.
By eliminating the manual handling of physical backup tapes for a recovery, DRaaS introduces the prospect of automating many of the steps in standing up a new IT environment.
Since your DRaaS provider should know more about the Best Practices in disaster recovery than you do, their services should include assistance in the building of a basic disaster recovery Runbook.
A Comprehensive On-boarding Process
Another way the provider’s DR knowledge and experience should pay off for you well before you ever need recovery services is in achieving a fast, orderly and efficient transition from your current DR strategy to DRaaS.
Elements of effective on-boarding include you and the provider working together to map your existing services to the DRaaS offerings, verifying availability of necessary resources for hosted services, confirming the recovery network design and developing a remediation plan for any gaps or risks identified. Roles and responsibilities of all parties involved in transition activities should be clearly established, as well as a framework for regular communication and a fallback plan if transition activities are impacted for any reason.
The provider should familiarize you with and fully document their declaration process. If possible, you should develop pre-transition proof-of-concept testing and pre-migration network testing.
And if you’re not prepared to make a complete changeover to managed DRaaS all at once, the provider should have the flexibility for you to transfer risk to them in stages.
In fact, flexibility in a range of matters should be one of the attributes you require in a DRaaS provider. Your needs could change at any time; the fact that you’re considering DRaaS is proof of that. The DRaaS provider should make it easy and economical for you to add or remove services so that your contract always matches your evolving requirements. They should also be flexible in test scheduling and providing you the time it takes to run your tests effectively.
In short, since DRaaS is a service, your organization’s confidence in the model depends on your choice of provider.