How to virtualise disaster recovery using the cloud

Companies are increasingly turning to on-demand hosted applications in the cloud like email, CRM and ERP, as well as cloud-based security systems, so it should come as no surprise that business continuity and disaster recovery are becoming established cloud-based markets, too.

This HP white paper outlines why companies are turning to the cloud to enable and manage their disaster recovery requirements and how they should do it.

Companies adopt DRaaS

According to leading analyst firm Gartner, by the end of this year around 30 per cent of mid-size companies will have adopted what it terms recovery-in-the-cloud, also known as recovery-as-a-service (RaaS) or disaster recovery-as-a-service (DRaaS).

Many of these companies will be going live with disaster recovery systems and capacity for the first time, helped by the scalability and cost benefits offered by virtualised servers and the cloud.

RaaS or DRaaS is the managed replication of VMs (virtual machines) and production data in a service provider's cloud, together with the means to activate the VMs to support either recovery testing or actual recovery operations.

A growing market

Gartner sees the DRaaS market being driven by mid-size companies with annual revenues of between $150 million and $1 billion (roughly £90m and £600m). Larger companies with annual revenues or operating budgets of $1 billion upwards are more likely to have established recovery management facilities, infrastructures and support teams "that are too complex to move fully to the cloud," Gartner says.

"DRaaS has been hailed as a 'killer cloud app' for disaster recovery, but the reality is that there has been much hype and some truth," notes Gartner analyst John Morency. "But it certainly addresses well-recognised 'pain points' in IT disaster recovery management, including the need for frequent recovery-readiness testing and the cost of dedicated recovery floor space and facilities."

In total, Gartner predicts the DRaaS market could be worth $5.7 billion (£3.4bn) by 2018, which illustrates its potential.

Getting started with virtualised disaster recovery

Traditional on premise DR solutions can be difficult for busy internal IT staff to deploy, configure and administer. Some organisations require the complex integration, coordination and scheduling of disparate systems at multiple backup sites, covering hundreds or even thousands of servers.

These kinds of systems also require significant upfront capital expenditure for hardware, software and network infrastructure, which is duplicated across multiple sites. After being implemented, they can also be costly to scale and administer.

Many of these headaches can be mitigated with a virtualised cloud solution. However, even assuming the provider has the necessary hardware capacity and skills, some ground still has to be prepared first.

Outage impact documentation

Organisations should create an outage impact document that lists their critical applications and the economic cost to the business for hourly, daily and extended outages. Specifically, it should detail the impact on staffing, revenue and any potential long-term known and quantifiable damages to the operation.

After doing this, companies can decide whether to backup everything to the same high disaster recovery standard, or choose looser and cheaper business continuity contracts for less important apps.

Getting your DR network ready

After the above paperwork has been done, organisations must also consider that placing data backups in the cloud may create greater dependency on network availability, so network service levels with cloud providers have to be studied and agreed. Organisations using virtualised DR may well have to consider network upgrades of some sort to help avoid data traffic delays.

A key performance metric will be the rate at which you can transfer virtual machine images from your premises to the cloud, which is affected by network capacity and wide area network latency. Many vendors can offer built-in WAN optimisation solutions to reduce potential delays.

Once the technical issues are considered, organisations also have to consider the business and financial ones.

Compliance and DR

Compliance may be another serious concern for many businesses to consider. Although cloud-based security and encryption technology has matured over recent years, there can still be grey areas when it comes to meeting regulatory standards. This may be a significant factor for organisations in the healthcare or financial services sectors, for instance.

In addition, organisations should calculate their DR return on investment by comparing the projected costs of cloud-based DR against the costs of traditional on-site DR, including equipment and staffing.

In addition, they should determine a recovery time objective (RTO) for their core systems to be restored, so as not to lose revenue from a break in business continuity.

As well as recovery time issues, organisations should identify any DR system areas that could negatively impact on business or operational transaction times.

Getting it covered

Overall, organisations will want to consider which options they need to meet the specific data recovery demands of their business, including file-based backups, multi-platform device and operating system support, and archiving.

Potential system recovery capabilities might include block-based backups, and being able to rapidly restart applications in the cloud with a subsequent phased recovery on the premises.

Cloud DR provider SLAs

On the cloud service provider side, in addition to service level agreements (SLAs) being verified - including covering areas like reliability, performance and compliance - organisations must study DR contracts for other areas.

This includes examining costs associated with scaling up capacity or bandwidth - some IT suppliers try to make much more than you would expect when it comes to changing configurations in response to business needs.

A final point is to be sure to confirm your cloud provider's data centre security and business availability capabilities, including areas like data encryption and uninterruptible power supplies (UPS), as well as physical security used such as biometric identification and CCTV monitoring.

Only after fully evaluating all these criteria can you be certain whether cloud-based DR will work for your organisation.

Check out our DRaaS hub for everything you need to know about Disaster Recovery as a Service.