How to Protect Your Business with Disaster Recovery as a Service

A single hour of downtime alone can cost an organization over $5 million, according to an ITIC survey.

Nearly 80% of organizations had to perform a disaster recovery within the past 12 months. Yet 60% of them didn’t manage to restore all lost data, often due to ineffective disaster recovery strategies.

This post explains Disaster Recovery as a Service (DRaaS), how DRaaS can protect businesses against disasters and what you should look for in Disaster Recovery as a Service provider to avoid data loss.

What is disaster recovery as a service?

When a company uses the traditional disaster recovery approach, the system administrators must configure hardware and the entire IT infrastructure at a remote disaster recovery (DR) site, as well as implement software that can back up and recover their virtual machines. Disaster Recovery as a Service (DRaaS) is emerging as an increasingly popular alternative to the classic DR approach.

DRaaS saves costs by eliminating the need to buy physical infrastructure that must be configured and supported at a DR site. Instead, the DR infrastructure is virtual and is located in the cloud. A client enters into a contract with a managed service provider (MSP), which provides DRaaS. An MSP usually also provides Backup as a Service (BaaS) and Replication as a Service (RaaS). A client pays for the cloud infrastructure and cloud services provided on a pay-as-you-use basis. The MSP can typically configure the services through a web interface, and in certain cases, clients can have access to their resources and perform their own actions.

How to protect your business with DRaaS

If you decide to protect your business and virtual infrastructure using Disaster Recovery as a Service, then consider the following points that can help you make the right decision.

Defining RPO and RTO

RPO and RTO are key metrics that form a basis around which to build your disaster recovery plan and business continuity plan. The RPO (recovery point objective) value defines the amount of data that a company can afford to lose. You should determine the time intervals between backup and replication jobs based on your RPO values. The RTO (recovery time objective) defines the maximum period of time within which VMs with their applications and services should be restored. The time spent on recovery of the VM with applications and services should not exceed the RTO value. If the RTO is exceeded, the losses of funds and productivity become too great for the company to afford.

Disaster recovery sites in the cloud

Having a DR site set up in the cloud is one of the critical components for fast disaster recovery. There are two main types of sites:

• A hot site is fully configured to enable the quickest data recovery or failover. Hot sites allow businesses to achieve near real-time data synchronization and the minimum data loss.
• A cold site has only the main infrastructure elements configured. Such a site is not ready for a quick recovery, and a company may need to configure the environment, network, etc. to perform a failover.

A hot site is the more expensive option but it’s preferable to a cold site, because a hot site is pre-configured and ready for near-instant automated DR while a cold site is not. Check if there is a fast Internet connection with low latency to the DR site.

Selecting a Managed Service Provider (MSP)

The number of MSPs increases with each year due to the growing popularity of cloud services. Select a trusted certified MSP that can provide the appropriate level of support. Before selecting an MSP, create a checklist of your criteria and requirements , such as:

• The level of cooperation with your in-house IT team
• Expertise in managing different platforms
• Security management and ransomware protection
• Infrastructure visibility
• Support response

Compare different managed service providers and select the one that best meets your needs. Here are more detailed tips on the most important factors you need to consider:

1. Choice of software

There are a number of different business data backup and DR solutions that a Disaster Recovery as a Service provider can use from a variety of vendors. The software used for disaster recovery can be available for manual installation by each individual customer in single-tenant mode or can be installed by DRaaS providers in a multi-tenant mode. It’s crucial that you and your MSP use a robust data protection product developed by a reputable vendor. To make the right choice, check that the software used by the MSP can perform VM backup, replication, failover and failback, as well as granular object recovery (e.g., for files, folders or database objects).

2. Support for different virtualization platforms

Ensure that the DRaaS providers you are choosing among can provide suitable infrastructure for the virtualization platforms used in your virtual environment (e.g., VMware vSphere, Microsoft Hyper-V, and/or Amazon AWS EC2). The software used for disaster recovery by the managed service provider must support these platforms.

3. Self-service and ease of use

Make sure the management interface is convenient and intuitive. There should be a complete range of functionality allowing you to configure the settings precisely how you need them. With a self-service portal, you can configure the parameters for disaster recovery by yourself. This makes for greater agility in configuring and executing disaster recovery.

4. Security options

Security is always a concern when data protection is being considered. Check the security options provided by the MSP, such as firewall, antivirus and encryption of traffic and stored data. By configuring a firewall, you can protect your virtual networks and virtual machines located in the cloud against unauthorized network access. VM encryption protects your VM data from being stolen by third-party users. Traffic encryption restricts traffic monitoring and analysis (e.g., during backup or replication jobs) by attackers. Protection against DDoS (Distributed Denial of Service) attacks is a useful option an MSP can offer. This reduces the likelihood of losing access to the provided cloud services.

5. Sufficient performance

There are several points where performance is especially important. You need high enough performance to run your VMs with applications and services in the cloud. DRaaS providers that use features to optimize performance when transferring backup data are preferable. This can include data compression before transferring, incremental backup, etc. Fast transfer of backup data plays a major part in achieving low RPOs, and recovery speed helps you achieve the desired RTOs.

6. Area of responsibility of the MSP

Choose an MSP that can provide support 24/7. A cloud provider can ensure high-quality services by finely regulating all parameters. What is the timeframe in which the provider will react when an issue occurs? What is the maximum permissible time before the issue is resolved by the managed service provider? What happens if the MSP can’t deliver the disaster recovery services promised? The amount of time allowed to resolve atypical requests must also be regulated. If the provider can assist in resolving an issue that is out of the scope of the services they are strictly required to provide, this is a big plus.

A Service Level Agreement (SLA) is a contract between an MSP and a customer that defines the list of the provider’s obligations. The SLA sets out guarantees for the level, and quality of provided services (such as Disaster Recovery as a Service), the procedure for reporting problems, and the consequences for the MSP should the services fail to be provided. A managed service provider must be financially liable for any violation of the parameters defined in the SLA.

7. Flexible billing policy

Usually, MSPs provide multiple services that can be integrated with each other. Ask if the provider is ready to provide a discount if you buy multiple services in a package (e.g., you might buy Disaster Recovery as a Service and email hosting together). The more services you buy, the lower the price you should pay for each service. Make sure that the provider has a clear and understandable billing structure. Check whether the provider charges for all VMs or only for those that are in a powered-on state (some charge based on the periods of time for which VMs are powered on). The best billing models are those where you pay only for the resources you use. Also, ask how much notice you need to provide for the termination, in case you no longer need the provided services.

Final thoughts

Disaster Recovery as a Service effectively reduces costs and offloads your IT department; however, certain factors must be considered when choosing the right provider. Reliability of the DR software, billing policy, and security should be among the most important criteria.

You can also consider a fast, reliable, and affordable disaster recovery solution that can be used for in-house DR planning as well as the provision of DRaaS. There are a number of reputable cloud providers worldwide using the software to deliver reliable disaster recovery for their clients.