Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

What you need to know about disaster recovery in the Cloud

While we all know how important it is to have a good disaster recovery (DR) plan in place, many of us still need to get our heads around this. Traditional disaster recovery planning can generally be expensive to implement and this has been a key inhibitor to many CIOs putting DR planning on their organisation’s must-do list.

In most organisations, 80 per cent of DR IT budgets are spent on protecting only 20 per cent of the systems. The result is that 80 per cent of the systems are either sub-optimally or not protected at all.

The advent of Cloud computing technologies, however, is fast changing the way organisations look at disaster recovery. Disaster recovery in the Cloud (a more common term for this is Recovery-as-a-Service or RaaS) can offer organisations an efficient and more cost-effective option while enabling them to have not just their data, but also the entire workload (operating system, middleware and applications) associated with that data backed up in the Cloud and restored quickly in the event of a disaster.

Gartner anticipates that by 2014, 30 per cent of midsize companies will have adopted RaaS to support IT operations recovery, up from a little more than 1 per cent today. Gartner adds that RaaS addresses well-recognised ‘pain points’ in IT disaster recovery management, including the need for frequent recovery-readiness testing and the cost of dedicated recovery floor space and facilities.

What you should know about RaaS

Before delving into RaaS, you should familiarise yourself with two important DR concepts which are:

  • Recovery Point Objective (RPO) which is a measure of maximum acceptable data loss in terms of time (minutes, hours, days) and ;
  • Recovery Time Objective (RTO) which refers to the target maximum allowable time to recover from an outage.

RPO and RTO relate to downtime and availability in the event of a disaster. For example, an RPO of four hours means that the most recent backup has to be no more than four hours old at the time of an outage; while an RTO of four hours means systems have to be backed up and operational no more than four hours after an outage.

There are typically three types of RaaS models:

  • Do-It-Yourself (DIY): Where organisations configure and manage their own DR solution using public Cloud resources
  • DR-as-a-Service (DRaaS): Pre-packaged pay-as-you-go recovery services to the Cloud with specified recovery point objectives (RPO)& recovery time objectives (RTO) SLAs
  • Cloud-to-Cloud DR: Failover from one Cloud environment to another.

The more common models adopted by most organisations are the DIY or DRaaS models.

One of the fundamentals of RaaS is workload protection. This includes backing up entire server workloads (the contents of a server, including the operating system, applications and data), recovering workloads during an outage, and restoring workloads to their original production locations after the outage. When sourcing for a RaaS provider, always ensure that workload protection is an area that you address. It’s also important that the RaaS provider supports both physical and virtual workloads.

Advantages of RaaS

There are numerous benefits to implementing your DR plan in the Cloud. Fixed per-gigabyte cost and off-site Cloud based storage are just some of the advantages. You can also scale up or down your demand based on your needs. Best of all, the service provider handles the hardware maintenance and backups allowing you to channel your resources to other areas of the organisation. There are cost benefits. With more and more pressure for IT to stretch budgets to accommodate the organisation’s business needs, a RaaS solution could help alleviate the cost issue compared to a traditional DR plan.

Having a RaaS solution means that you will be running your whole DR plan in the Cloud, from replication right through to recovery. In the event of a disaster, you’ll also be able to have a ‘live’ restore back to the repaired data centre.

What you should look out for in a RaaS solution

There are five key things that you should consider before engaging your RaaS provider:

  1. Reliability: Ensure that your solution is backed by a contractual service level agreement with your service provider. This agreement should include a guarantee on the recovery time and needs to have clear financial clauses.
  2. Availability of the Cloud: What steps need to be taken if the cloud goes down?
  3. Security in the Cloud: How secure is your RaaS solution?
  4. Service assurance: Ensure that areas such as Quality of Service are clearly defined.
  5. Management: How responsive and efficient is your service provider in managing your RaaS solution?

Australia’s RaaS market is still in its infancy, but this will change with the rollout of the National Broadband Network (NBN). With recent earthquake disasters such as those in Christchurch and Japan, and the bushfires in Australia and the US, knowing that your organisation is able to continue operating with as little downtime as possible in the event of a disaster is key for any organisation.

Steve Stavridis is NetIQ’s disaster recovery expert for Asia-Pacific

Recommended

  1. Think Tank: Managing the talent pool

  2. Project management methodologies

  3. From CMO to CEO: Anametrix’s Pelin Thorogood

    CMO

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Gartner, NetIQ, NetIQ

Comments

Quentin Kelly

1

Great summary Steve. DR can be expensive insurance.
Especially if you DIY. In practice these are hard to maintain.
Cloud offers the promise of a ray of hope, a silver lining.
Esp if providers invest to make Cloud to Cloud failover a standard offering and not an expensive option.

Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Detecting APT Activity with Network Traffic Analysis
    Today’s successful targeted attacks use a combination of social engineering, malware, and backdoor activities. This research paper will discuss how advanced detection techniques can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered.
    Learn more »
  • Six Strategies That Lead to Business-Critical Virtualisation
    While most organisations are able to virtualise the basic functions of its workplace, they can often hit a wall when moving beyond legacy systems to business-critical servers and applications. This report lists six proactive strategies that business specialists have cited as assisting in building a virtualised state. Find out how these strategies lead to organisations becoming the beneficiary to virtualisation.
    Learn more »
  • Bring Your Own Device FAQs
    This report covers the frequently asked questions associated with the implications of BYOD devices in the workplace. Any solution in this space needs to be built on simplicity, scalability and security. Click to find out how to address the IT security challenges.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments