Disaster recovery as a service lets organizations of all sizes, some for the first time, create rock-solid disaster recovery strategies that are both cost-effective and easy to verify as workable. Within just a few years, DRaaS has evolved from an interesting concept to a full-fledged market with many DRaaS providers claiming to offer products. Sorting through this maze is an overwhelming task for busy IT professionals.
Most DRaaS offerings work by either replicating or backing up a business's data to a cloud data center. Such data centers can be purpose-built for the task and owned by DRaaS vendors or their partners. Or they can be a public cloud provider the customer or DRaaS provider contracts with to support the effort.
In either case, the DRaaS offering has two essential components. The first is cloud storage to store a copy of the organization's data. The second is cloud compute, so that in the case of a test or disaster, the provider can host the organization's applications.
Beyond this simple description, DRaaS providers have a lot of room to innovate and create features specific to their product.
Basic DRaaS requirements
In theory, a data protection product is a DRaaS offering as long as it's available as a service and the provider is willing to commit compute and storage resources to a recovery effort. In the event of a disaster, the data needed for recovery would be restored from a cloud-based backup storage device to a cloud-based compute tier with application-ready storage. A key challenge is the amount of time it takes to restore from the cloud backup storage to cloud compute storage.
In reality, however, the expectation is that a DRaaS approach will perform what's called a recovery in place, instant recovery or boot from backup. A DRaaS should be able to create virtual instances of applications and then, without moving the data, create an accessible volume for the virtual instance to use. The goal is to return the application to production as fast as possible. For the purposes of this article, we'll assume that this is a required feature.
What is recovery in place?
One of the challenges of recovering data is the time it takes to transfer that data from the backup device back to primary storage. Time, the enemy of recovery objectives, is wasted as data is read from the disk appliance, transferred across the network and then written to primary storage. Recovery in place is a backup application feature that allows direct access to protected data while it still resides on backup storage, saving transfer time.
Some products take recovery in place a step further, not only hosting the volume, but also letting the application itself be instantiated on the backup server.
While recovery in place is a must-have capability, it's important to ensure that the backup storage device can deliver adequate performance while it's standing in for primary storage. And products that also provide compute resources for applications must have enough CPU capacity to deliver adequate performance while running the apps.
A second key requirement is to have the ability to replicate data from primary storage or backup data to a public cloud, a managed service provider's cloud or a purpose-built cloud provided by the vendor.
Most businesses implementing DRaaS see their data protection and recovery capabilities improve, particularly in two key areas. First, they don't have to equip a secondary data center with compute and storage for an event that may never happen. Essentially, the organization pays the DRaaS provider a retainer to access compute capabilities when they're needed.
The second improvement is that disaster recovery testing becomes much easier. Without DRaaS, DR testing often involves moving IT staff to an off-site location for a weekend and manually running a disaster recovery drill. With DRaaS, it can be as simple as pushing a button that isolates the network and starts recovery.
Upgrade or replace
The first decision an organization interested in DRaaS must make is whether to add DRaaS to the current data protection or replace its backup tool with one that has DRaaS as an integrated component.
We've said recovery in place is a must-have DRaaS capability. Given that, for existing data protection to be considered a DRaaS offering, it must have this feature as well.
Existing data protection also must support the movement of data to the cloud. This typically means backup software has to be able to send replication jobs via an Amazon Simple Storage Service (S3) connection. This requirement is often met by using an appliance that lets the data protection product backup to an NFS mount. The appliance then transfers the data to the cloud using the S3 protocol.
If the existing backup provides these core capabilities, the DRaaS foundation is in place. Once in the cloud, the software must be able to support the in-place transformation of the secondary data so cloud compute can access it. This is an area where most legacy data protection applications fall short. They're unable to transform the application and give cloud compute access. The customer must manually perform that process.
Four areas to look for in DRaaS
When vetting DRaaS providers, screen for the following four capabilities:
- Recovery time objective and recovery point objective. RTO and RPO promises range wildly among DRaaS providers. IT must examine vendors' processes to understand what they can reasonably deliver.
RPO is the amount of data loss in between backups. Meeting a stricter RPO requires more frequent backups. Most DRaaS offerings use image-based backup where only the changed blocks are transmitted to the cloud. These granular backups minimize the impact of the backup on the application and server being protected and shorten the time in backup mode. As a result, backups can be more frequent, which further reduces their impact and the time required. Most DRaaS offerings can protect data as frequently as every 30 minutes and some as often as every 15 minutes.
RTO is the amount of time it takes to recover an application to the point that users can log in and start working with the most recent data copy. It's an excellent indication of a DRaaS provider's ability to use a recovery-in-place technology. Effective use of recovery in place keeps RTO relatively short -- also about 15 minutes. Applications just need to be started up as virtual instances in the cloud and then pointed to the data in the backup.
Performance may suffer if backup data is residing on cost-effective, but slow, storage. For this reason, some DRaaS vendors don't back up to a cloud provider's lowest-cost storage tier. Businesses must decide what's more important in the event of a disaster: saving money on backup storage costs or being able to deliver higher performance.
- Complete platform protection. When going with a DRaaS provider, it's important that the DRaaS approach either complement or replace the existing backup tool. There are two ways to make this happen: Either add a tool that replicates data to the cloud or use a cloud backup tool that has complete platform protection and can replace the existing backup product.
What to look for in a DRaaS offering
1. Is on-demand storage and processing available?
2. Does it have recovery-in-place capabilities?
3. How will it meet RPO and RTO requirements?
4. Will it cover all your platforms?
5. Will it support on-premises or in-cloud DR?
6. How will it enable return to normal?
- Hybrid DRaaS. It's important for IT to consider that disasters vary in magnitude; not all incidents are complete wipeouts of the data center. Sometimes a disaster can be a server or a storage system failure. Both are big problems, but neither means the loss of the entire data center, and both are much more likely to happen than a data center loss.
In the case of these minor disasters, there's no need to fail operations to the cloud. To assist with minor disasters, the DRaaS must be able to perform its services on premises, often using an on-premises appliance.
Most DRaaS offerings use such an appliance as the initial stage of the backup. Data is sent to the appliance first and then replicated to the off-site cloud location. With hybrid DRaaS, customers can use the appliance to host several applications in the event of a minor disaster, avoiding cloud latency and potential network rerouting.
A hybrid DRaaS also means a faster recovery when a failed component is repaired or replaced. Data can be copied across the local network instead of an internet connection.
- Return to normal. Another area to consider is how the DRaaS offering will handle a return to normal operations. The value of DRaaS is that operations can continue in the cloud even if the data center is destroyed. But most organizations won't want to keep operations in the cloud permanently, and it's unlikely DRaaS providers will offer that option. Given that, it's important to understand how normal operations will be resumed.
Disaster recovery-as-a-service vendors usually will let operations continue in their cloud while data is being restored to the customer's primary data center. After the primary backup copy is transferred, a fast sync of the data that changed during the initial restore is required. These iterations may have to be repeated several times until the data to be synced is small enough that the cloud-hosted application can be taken down while the final sync is done. At that point, the application can be restarted in the new or original data center.
The problem with this approach is, depending on the size of the data set, it could take weeks, if not months, to get the various iterations of data back to the primary data center. During that time, the organization is not only paying for its new data center, but also for compute cycles in the cloud.
IT planners should look to the DRaaS market for offerings that can do a bulk shipment of the original data set. In this scenario, data is transferred to a ruggedized NAS or tape device, which is overnighted to the organization's data center. This approach should significantly cut the recovery time and the amount of time the organization pays for compute cycles in the cloud.
DRaaS bottom line
Ultimately, it's the scope of the disaster that determines whether it's a major disaster. A server or storage system failure seems major to the organization experiencing it, but a flooded data center is a much bigger disaster. The reality is IT planners must prepare for both ends of the spectrum, major and minor disasters. DRaaS is one of the few data protection offerings that can handle the full range.
Will your DRaaS provider support your DR plan tests?
How DRaaS vendors can save your data in a ransomware attack
Selecting the right DRaaS provider for your organization