What DR as a Service Means for IT Departments
Given the potential consequences of downtime and data loss, many organizations’ disaster recovery (DR) preparedness today is decidedly lacking. Based on its 2014 DR survey of midsized and large businesses, TheInfoPro, a service of 451 Research, released findings that would rattle the most seasoned risk manager: one in five respondents, which included companies in the Fortune 1000, reported having no DR plan in place.
Misconceptions about what constitutes a disaster are part of the problem. “People think a building has to be under water or fall into a smoking hole to invoke their DR plan,” says Andrew Klos, a cloud aggregation specialist at CDW. “The reality is that human error is the leading cause of disasters.”
IT organizations come up short in the recovery department because contingency plans are difficult to implement and even more difficult to execute. But the costs of failing to prepare can be daunting.
In the Disaster Recovery Preparedness (DRP) Council’s 2014 survey of businesses, 64 percent reported financial damages from IT outages, with 20 percent seeing direct dollar losses ranging from $50,000 to more than $5 million due to critical application downtime.
“You have to plan for everything, from the smoke and rubble disaster, where you lose the entire data center, to the loss of a single server,” says Mark Jameson, vice president of sales and products at nScaled, a disaster-recovery-as-a-service (DRaaS) provider. “Not only do IT organizations need a DR plan they can easily execute for quick recovery, they must test it regularly to keep pace with continually changing environments.”
The challenges piling up make DRaaS an increasingly appealing option. Research firm MarketsandMarkets predicts that global DRaaS revenue will climb from $640.8 million in 2013 to $5.77 billion in 2018. Small organizations that couldn’t afford traditional DR now have an entry point, while larger organizations see the cost and efficiency benefits of moving to a DR services model rather than running multiple data centers.
Cloud-Based DR Breakdown
Services for delivering DR in the cloud, according to Klos, fall into three primary categories:
-
Colocation services: Organizations manage DR through redundant systems at a colocation facility. They provide their own hardware and software and execute DR themselves based on their own plan.
-
Replication services: A cloud provider works with an organization to establish roles and responsibilities for DR, and provides the tools to replicate server instances.
-
DRaaS: Providers offer end-to-end, turnkey solutions as well as 24/7 recovery support and various testing options. They use proven methodologies to protect, replicate and recover systems within specific recovery time objectives (RTOs).
The percentage of businesses reporting financial damage from IT outages.
SOURCE: “The State of Global Disaster Recovery Preparedness” (Disaster Recovery Preparedness Council, 2014)
In addition to pure-play DRaaS providers such as nScaled and Peak 10, legacy DR giants and vendors from other IT segments have moved into the space through new product offerings and acquisitions. Notable players include VMware, IBM, HP and EVault, as well as EMC through its Mozy subsidiary and other acquisitions.
“A bunch of companies have made headway in this space,” says Dave Simpson, a senior storage analyst with 451 Research. “Several started out providing backup-as-a-service [BaaS], and are combining the attributes of virtualization and the cloud to offer DRaaS.”
DRaaS differs from other cloud DR models in a few ways, primarily through highly automated DR processes, a hybrid cloud architecture and multitenancy, supporting multiple customers on the same racks to drive down costs. In a hybrid DR cloud, customers run an appliance on-premises that automates local backup for fast restoration. Appliance software enables an IT staff to activate virtual machines right on the box in the event of a routine disruption, such as a server crash. The appliance takes snapshots at specified intervals based on recovery point objectives (RPOs), the point in time to which systems should be restored after a disaster.
The appliance also replicates data to the provider’s cloud, using deduplication and other optimization techniques to speed transmission. Some systems feature a unified console that allows administrators to manage both local and remote data protection activities. Using DR management toolsets, they can spin up virtual instances in the cloud for failover, running a couple of VMs or their entire data center until they can failback. The RTOs they set for files, databases, applications and servers are backed by service-level agreements, which some providers customize for different applications.
For its part, EMC takes a “data protection continuum” approach to cloud DR. On the backup side, these include MozyEnterprise, for user endpoint BaaS; Data Domain, for back-end storage replication; and Avamar, for de-duped backup of VMware environments and other systems to the cloud.
EMC’s RecoverPoint provides SLA-supported point-in-time recovery for applications. “Where backup becomes DR is when you have to recover more than a file,” says Mark Galpin, senior product marketing manager with EMC’s Data Protection and Availability Division, which includes subsidiary Mozy. “It’s about quickly restoring an application, a server environment or an entire data center for business continuity after an outage.”
Not surprisingly, VMware, with its virtualization technologies, figures heavily into DRaaS provider solutions. The company itself now offers replication, failover and DR for vSphere through its vCloud Hybrid Service–Disaster Recovery offering, which complements its vCenter Site Recovery Manager for data centers.
EMC works closely with VMware to build data protection for virtual offerings. For example, VMware rebrands Avamar for use in its VMware Consolidated Backup product. nScaled’s platform, like others, is built on VMware.
Put to the Test
Turnkey DRaaS addresses one of DR’s biggest problems — infrequent or even nonexistent testing. Indeed, testing services can dramatically improve an organization’s ability to recover from disaster.
In its standard package, nScaled, for instance, includes three levels of DR testing. At the highest level, customers can test any three servers at any time, without restriction. Next, they can run a full DR test every eight weeks in one of nScaled’s three data centers. Finally, IT teams with few resources can opt for automated testing. In advance of their normal full test date, they flag all servers they want tested, and nScaled automatically mounts those selected with the most current data, activates them, spins them back down, and creates a report detailing any issues.
DIY Disaster Recovery or DRaaS?
DRaaS has several advantages over traditional DR models: no redundant data center to manage, pay-for-use pricing, faster recovery times, 24-7 support for more-strategic allocation of IT staff and provider-supported testing. For businesses with no DR plan, DRaaS can be a lifeline.
“If there’s a disaster, and systems don’t come back up, that’s a resume-generating day for someone,” says Klos. “If you go with a DRaaS provider, you’ve got their SLAs, planning, network operations center and support, so they’re on the hook.”
However, moving data to the cloud, especially for transactional applications, takes considerable bandwidth. Further, many organizations have concerns about regulatory compliance, data encryption and the security of off-site data. Some just aren’t comfortable with relinquishing physical control of their data. The self-service administrative tools included in some DRaaS solutions offer a level of control and visibility that other outsourced DR models don’t.
At the enterprise level, many IT departments want to keep DR in-house. They’ve invested millions in infrastructure and applications over many years, have large IT staffs with DR experts, and are used to operating redundant data centers. However, many use DR services where it makes sense, including for newer virtual systems that aren’t yet hard-coded in their plans.