If you have any doubt that disaster recovery planning is essential, consider this: 93% of companies that lose their computer systems for 10 days or more due to a disaster file for bankruptcy within one year of the disaster, according to the U.S. National Archives & Records Administration.
Want even more proof that disaster recovery solutions are critically important? 94% of companies that suffer a catastrophic data loss in a disaster do not survive – 43% are forced to close immediately, while 51% are forced out of business within two years, according to University of Texas research.
So if your company is still asking “what is disaster recovery?” than clearly be assured that disaster recovery services are essential.
These statistics explain the popularity of Disaster Recovery as a Service (DRaaS) offerings. DRaaS solutions can transition applications to a complete cloud-based recovery infrastructure with minimal downtime – measured in mere hours, minutes, seconds, or even a few imperceptible moments.
More than 40% of U.S. enterprises have already adopted DRaaS, while 20% more are planning using it in the near future, according to a Tech Trends survey by Enterprise Storage Forum.
Overall, the global DRaaS market is worth about $2.4 billion, and this is expected to grow by over 50% to $3.7 billion by 2021.
What is a Disaster-Recovery-as-a-Service?
Like all “as-a-service” offerings, DRaaS is a pay-per-use managed service. It’s in similar category as the cloud storage market.
It uses replication to duplicate your production environment data and send it to the cloud. (The replication technologies employed can be hypervisor-based, host-based, application-based, or even storage-based.) It then makes use of cloud-based resources to create a complete recovery infrastructure.
In the case of a disaster, your operations and end-user access are “failed over” to this environment until your primary IT infrastructure is available again. At that point your operations and end-user access are “failed back” to your original infrastructure.
“Pay per use” in this context requires a little clarification. Many companies will go months or years without ever needing to switch their operations to a DRaaS environment, so in that sense they are not “using” the service. But continuous replication still needs to be carried out in order for DRaaS to be available if and when required. For that reason, DRaaS offerings are often made up of several pricing components, including:
- Replicated data storage costs.
- Software licensing costs (for disaster recovery and business continuity software to provide data replication).
- Computing infrastructure costs.
- Bandwidth costs.
Some DRaaS providers only charge for storage and software licensing when the service is not actually being used, adding compute infrastructure and bandwidth costs if the service is activated in the case of a disaster. Others charge you for all components in the form of a “service availability fee,” regardless of whether or not you actually use the service.
How does DRaaS work?
Cloud services are provided using virtualized resources, and DRaaS works by setting up a virtualized environment which mimics a customer’s IT environment. Long before disaster strikes, a company decides its disaster recovery policy and it implements a DR strategy. DR pricing is offered as an ongoing subscription, as is standard in the “as a service” model.
The ideal situation is one in which a customer has a homogeneous virtualized IT environment running in their own data center (such as an environment entirely built using VMware virtualization technologies) and the DRaaS provider also uses the same virtualization technologies in the remote DR site.
In this case, the use of replication technologies makes it relatively straightforward to transition workloads from virtual machines in the data center to virtual machines in the cloud (or, put another way, to move the virtual machines from the failed data center infrastructure to cloud infrastructure) with minimal service interruption.
More complex setups involve moving a heterogeneous virtualized environment (which involves virtual machines running on a combination of different hypervisors such as ESX, Hyper-V, or KVM) and environments which include workloads running on physical servers. In this latter case, many DRaaS providers use physical to virtual (“P2V”) solutions to convert the physical servers to virtual servers which can then be run in the DRaaS infrastructure.
Alternatively, some businesses use a hybrid system, failing over physical machines to an alternative site of their own, while failing over virtual infrastructure to a DRaaS provider’s data center. Choosing the best
As part of a DRaaS offering, service providers give customers access to a management console where they can check their recovery readiness status, review results of recovery tests, initiate failovers, and monitor other disaster recovery parameters. All of this should be covered in your DR Service Level Agreement (SLA).
- Cost effective: The cost of DRaaS is principally defined by the quantity of virtual servers you will be running in the cloud, and the volume of storage resources your data will consume. This is likely to be far less than the cost of building and maintaining a physical duplicate of your existing IT environment for disaster recovery purposes, and it makes DRaaS a particularly attractive offering for smaller organizations with relatively modest IT budgets.
- Removes DR maintenance overheads: By using DRaaS you pass much of the responsibility for and cost of a disaster recovery environment to your provider. It is still your responsibility to ensure that your provider has up-to-date information about your IT infrastructure and replicated data that is to be protected. Yet you no longer have to worry about maintaining the physical DR infrastructure, including servers and storage, or ensuring that a DR expert is always on hand within your organization to orchestrate a recovery.
- Almost zero downtime: An existing backup solution may offer a disaster recovery option with a recovery time objective (RTO) measured in hours, but DRaaS offers a viable way to ensure that your operations, and therefore your customers and partners, experience almost no interruption in the event of a disaster.
- Adds DR capacity: If you already have a DR solution for your mission critical applications, DRaaS can be a useful way to ensure that less important (or new) applications also have disaster recovery coverage.
- Provides a test environment: A DRaaS environment can be used to carry out security or other tests which could be disruptive without affecting your primary infrastructure or operations.
DRaaS Offerings In-Depth
The key value proposition of any disaster recovery option is that it can get your IT operations up and running again in the event of a disaster with the minimum interruption, so quick recovery is extremely important. However, data replication technology is now so effective that an RTO measured in minutes or seconds in now effectively a commodity that all DRaaS providers can offer.
Key DRaaS differentiators which may be important to your company include:
- Application orchestration: The easy part of DRaaS is recovering IT infrastructure in a virtualized environment, but the far harder part is ensuring that your applications are up and running, interdependencies are functioning correctly, databases are consistent, and DNS records have been updated. An orchestration layer can handle some or all of these tasks for you automatically to ensure that the recovered IT infrastructure runs correctly.
- Testing: At the most basic level, some DRaaS providers allow you more recovery exercises per year than others, and also allow more time per exercise. Some will enable you to test different failure scenarios to ensure that all failure possibilities are covered, to check that changes to your in-house infrastructure do not cause recovery problems, and to produce results data that can be shared with customers or provided to auditors for compliance purposes.
- Level of security infrastructure: If our operations are switched to a DRaaS provider, at least the same level of security coverage is required as if the operations were still running in-house. Although cloud providers generally offer excellent physical security around their facilities, the same may not be true for data security and the availability of specific security functionality (for example functionality supplied in-house by a specific security appliance such as a firewall.)
- Vulnerability scanning: Some providers may offer additional security services such as vulnerability scanning your infrastructure in the cloud on a regular basis, which can be a useful way to do this without impacting your production environment.
- Operating system support: Some DRaaS providers offer support for a limited number of operating systems and databases. For example, if your organization has legacy applications running on Windows Server 2008 (or older) or some versions of Linux, then you may have to look harder to find a suitable DRaaS provider.
- Level of support: DRaaS offerings come in three broad types: self-service, semi-managed, and managed. Self-service offerings include the tools required to build a disaster recovery plan yourself, while semi-managed offerings also include some assistance from the provider’s (or outside) DRaaS consultants. Fully managed services offer a completely tailored disaster recovery service which is built, managed and maintained for you by the provider.
When DRaaS May Not Be Suitable
DRaaS is being adopted rapidly by many businesses of all sizes, but there are some circumstances in which it may not be a viable complete disaster recovery solution. These include:
- Very large-scale operations. Although this is becoming increasingly rare, some physical servers with very large databases may be too big to virtualize in practice.
- Operations that use old or unusual operating systems. As discussed above, if you have physical severs running certain operating systems you may need to transition the applications they run to more mainstream operating systems before DRaaS is practical.
- Operations with specific compliance requirements. Companies operating in certain industries may be subject to compliance requirements which preclude switching operations to a cloud provider in any circumstances. On the other hand, many companies in industries with stringent compliance requirements find that DRaaS is an effective way to maintain compliance.
In many cases when any of the above examples apply, companies can use DRaaS for the majority of their IT infrastructure, while making separate disaster recovery plans for the specific cases above.