Managing and protecting all enterprise data

Photobank - Fotolia

Beware of hidden gotchas in DR-as-a-service options

Discover the must-have features organizations of any size should keep top of mind when shopping for a cloud-based DR provider. Future services may include converged offerings.

The cloud has successfully captured much of the backup, archive and disaster recovery services and products once marketed exclusively to tape and disk. While enterprises and a lot of smaller businesses still require local backup, many also keep a copy of important data off site in a cloud repository service. This has resulted in an explosion of providers, many of whom are focused on cloud-based services rather than more traditional captive-equipment approaches. In addition, DIY setups let you use DR software to access a directly rented public cloud storage space.

It's often difficult for administrators to determine their priorities and needs before looking at the cost of any particular cloud-based disaster recovery, often referred to as disaster recovery as a service (DRaaS). What they find is that a few vendors -- such as Axcient, IBM, iland and Microsoft -- provide a wide set of features, which can be important as needs change. The best featured services aren't necessarily the most expensive. Because these DR-as-a-service providers cover all the bases, they tend to have many more customers and command better pricing for their cloud storage services.

A safe haven

The cloud can provide a safe haven for all levels of IT operations. It provides geographically separated copies of data, with reasonably fast access to upload and recover files. Cloud backup and archive storage services, with the notable exception of Amazon Glacier, are disk-based with a short delay in retrieving data objects, higher transfer rates and random-access recovery. Glacier is in the process of converting from tape to disk, which means it will soon be a match for Google Cloud Storage Nearline and others. Storage service costs are low, with monthly and annual rates measured in a few dollars per terabyte stored.

DRaaS vendors take advantage of a cloud approach to economically maintain rapidly deployable DR capabilities. These involve data replication to cloud storage, including operating system, application and script images where appropriate.

To host replicas, DR-as-a-service vendors may make a segment of the public cloud computing space available on an on-demand basis to fail over a customer's operations or to provide software tools while you rent your own cloud compute and storage space. Many vendors offer both options. As an alternative to the public cloud, some providers, such as Verizon -- whose DR business, as of this writing, is being purchased by IBM -- rent space in their own data centers.

Generally, full-service DRaaS works well for SMBs. A software-only approach, with customers renting cloud space, is more economical for larger enterprises.

How do the DRaaS players stack up?

IBM is the leader in business disaster recovery, with the most comprehensive capabilities. The company has a good deal of hybrid configuration experience and garners positive reviews from customers. Iland also scores well and has a perfect uptime record to date. However, the vendor is less experienced than IBM in hybrids.

Axcient mainly supports hybrid cloud and local installations, but is still building a support team for its mostly mid-tier business clientele. Microsoft is a strong entrant and benefits from end-to-end compatibility.

For small businesses, Carbonite, Acronis and Datto all deliver easy-to-use backup and recovery services, with licensing right-sized for smaller data centers and lower support expectations.

From a technical perspective, migrating to the cloud from a legacy-style operation can be an issue because cloud operations require different control mechanisms, even when your home systems are virtualized or cloud-based. As cloud interoperability improves over the next few years, expect some relief. Legacy environments are often better served by using a DR-as-a-service provider with compatible gear.

Meanwhile, look for cloud-based DR and backup services to converge in the near future. Snapshots reduce recovery point objectives, even for a disaster, while selective recovery mechanisms on disk-based cloud storage allow faster restorations of individual objects.

Here are some key features you should expect in a DR as a service. Those common to all use cases are listed first, followed by those for enterprises.

Backup operations

Speed. DRaaS begins with data backup. Backup performance between vendors or software packages varies considerably. To complicate matters, the performance depends on use cases or, more precisely, on the type of files moved. Time to backups can vary as much as 5-to-1 between DR applications, so you should make a shortlist and then test backing up a file typical for your operations on each app.

Ease of use. A simple, intuitive interface is a strong plus, particularly when trying to find a copy of an ancient file with the CIO hovering over your shoulder. You should also be able to differentiate between versions and see all the alternatives to ease decision-making.

Continuous backup. Tools that can detect if a file or object has changed and mark it for near-term backup are supplanting traditional nightly backup. They also ensure the shortest exposure, typically just a few minutes, to unbacked files in either a file restore or a DR scenario. This is similar to a snapshot system, but snapshots aim to provide versioning and quick rollbacks locally, not geographically distant copies. Continuous backup simply transfers changed blocks to rebuild versions of a file.

Encryption at the source. Encryption should be intrinsic and deployed before data leaves the premises. This protects files both in transit to the cloud and stored in backup. Remember to deduplicate and compress data prior to encryption, since ciphertext is generally uncompressible.

Capacity limits. Look for license or code capacity restrictions, which are more likely in SMB products with terabyte or device limits. Expanding a license could become expensive if you have more than a few machines or greater than a terabyte of capacity.

Devices. People lose their smartphones and tablets during disasters. These devices should be a part of the recovery process if endpoint backup is supported.

External drives. Your software should handle external data storage backup. In the enterprise, most installations have networked storage in the form of a NAS or SAN, as do many SMBs. Check to see how your software handles these storage environments, if there are any model constraints and what sort of performance to expect.

Local backup. Maintaining local backups, even when moving to the cloud, can be useful, especially in more traditional SAN or NAS environments where the loss of an appliance can make data unavailable for a few days. The latest storage appliances obviate much of this, since replicas or erasure coding spread data across several appliances to protect against node failure. Local backup also avoids the "all your eggs in one basket" scenario. In addition, it can be an interim solution for moving old, cold data from primary storage into the cloud.

Restoring data

Selective restore. The objective of backup, archive and DR is data restoration. Cloud-based backup services -- with the exception of Amazon Glacier -- use disk storage that allows random rather than serial access, as well as massive parallelism for recovery. DR-as-a-service providers rent physical storage space from major cloud service providers (CSPs), such as Amazon Web Services, Microsoft Azure or Google; some CSPs, such as Backblaze and IBM, have their own clouds and, in IBM's case, legacy facilities.

Ensure the DRaaS selected is disk-based, which allows selective restoring of a single object with just a few clicks and executes transfers rapidly. For example, Google Cloud Storage Nearline takes 10 seconds to access data, while Amazon Glacier takes a couple of hours to transfer the first data block so you can access just that in case of disaster. If you're searching for a particular object, it could take days on Glacier, unless you transfer a large amount of data and search it locally.

Selective restore is a useful feature, especially when searching objects for a specific version or content variation or just a specific set of objects.

Cloud DR capabilities to look for

Certain features for cloud disaster recovery software are must-haves:

  • continuous backup
  • backup of external drives
  • backup to local drive
  • encryption at source
  • selective recovery

Enterprise administrators should also look for the following:

  • endpoint backup
  • authentication service integration
  • geographically dispersed replication
  • cloud-to-cloud backup

Make sure to compare the following areas:

  • performance in backup and recovery
  • time to first data
  • ease of use
  • pricing
  • contract flexibility

Time to restore. Once in the access queue, time to restore depends on whether tape or disk is used, plus any queue handling delays. With tape, you have to find a free reader driver and then select, move and position the tape to find the data required. This is not an issue with a disk-based DR as a service.

Upload speed. Generally, slow backup tends to correlate to slow restore, and may indicate inefficient code, inadequate hardware or bottlenecked networking. It's best to go with faster services like Databarracks, Infrascale and iland.

Disaster recovery parameters

Time to recover. If a disaster occurs, how long will it be until you are up and running in the cloud? While it makes sense to prioritize certain sections of your operations over others by phasing in recovery, time is still of the essence. Most vendors will enter into service-level agreements regarding recovery time, but each one will likely have different parameters. Understanding these parameters and how they will affect your organization is no small challenge.

Disaster size. A local outage versus a regional disaster such as a hurricane can impact the performance of your DR as a service. How much support will you get in a regional disaster? Is 100% recovery guaranteed? Do recovery times go out the door? Is there a hierarchy as to what type of customer gets recovered first, for example, utilities, emergency services and so on?

Recovery host compatibility. Scripts, virtual private network setups, and OS and app images vary among cloud providers. While we're seeing convergence and interoperability, it is still in its early days. Moving from OpenStack to Microsoft Azure, for example, might be a challenge in disaster recovery. It's essential to understand this risk and make the most compatible DRaaS choice for your organization.

Help during a restore. The typical business uses DR about once a decade, so there's usually no in-house experience. Does your vendor provide 24/7 support on issues that arise in rushed recoveries?

Testing. It's essential to test any restore capabilities before an actual disaster occurs. Will your DR-as-a-service vendor allow testing?

Business factors

Company size and stability. There are too many DRaaS providers in the market, so expect a lot of consolidation going forward. Stick with established names with good reputations. Make sure to weigh the risk of tying precious data up with a DRaaS startup against any benefits claimed.

User surveys. Peruse user surveys and competitive reviews -- vendors provide these if they score well. International Data Corp. also scores providers in this IT segment.

Internal data integrity. Cloud-based DR falls into two classes, those that employ major CSPs for storage and those with their own data center. Find out which services they use and how they protect stored data. The larger providers use replication or erasure coding to spread data over multiple appliances, while parallelism speeds data access. It's a big plus if a provider has multiple data centers or zones, with each one capable of delivering data in case of disaster.


DRaaS pricing varies widely. Software is the least expensive option, while hosted DR is dependent on public clouds. Even within these subgroups, there's a pricing spectrum. Remember, the most expensive service may not be the best one for your circumstances.

Contract flexibility is a hot button issue. For many customers, adjustable contracts make a lot of sense. Costs are often split into upfront fees, backup charges and recovery event charges. You should model a multiyear total cost of ownership to compare vendors.

DRaaS for enterprise users

Endpoint backup. How well is this handled? Are Android and Apple devices covered? How easy is it to recover a single device? How often is data backed up?

Dispersed replication. Geographic dispersion of recoverable sets of data is critical in case of disaster.

Authentication systems. Backup software should be tied tightly to the enterprise authentication framework. It's also good practice to limit the number of admins that can access backed-up data.

Key management. Encryption keys should be kept in the on-premises data center. DR software, whether chosen by you or offered by the DRaaS provider, should support a key management system or provide one.

Virtual instances and containers. Any useful enterprise-class DR as a service supports virtual machines and a variety of hypervisors. You should also add Docker or Kubernetes containers to the list and ensure both are supported.

Cloud-to-cloud backup. Data in the cloud needs disaster recovery just as much as in-house data. Some packages support this feature, but there may be restrictions as to which clouds you can back up to.

Snapshot and versioning. For many use cases, perpetual backup is key. Products that support snapshots and versioning make this possible, allowing a rollback to earlier file versions as part of the restore process.

There are plenty of options in the cloud-based disaster recovery space. Expect some consolidation over the next two years, but the winners should all offer a solid, highly featured service that increases data protection well beyond anything tape and traditional DR methods provided.

Article 4 of 8

Next Steps

Verify DRaaS provider's recovery matches your needs

Disaster recovery-as-a-service options can cause uncertainty

Essential guide to choosing a DRaaS provider

Dig Deeper on Disaster recovery services - outsourcing

Get More Storage

Access to all of our back issues View All