Designing a cloud-based DR strategy
By Martin May, regional director, Enterasys Networks.
Is your organisation's disaster recovery strategy out of touch with its business needs? It's a question being asked of many a company executive in the US, following the destruction inflicted by Hurricane Sandy in October last year (2012).
While New York, New Jersey and Pennsylvania were hard hit by the storm, the extent of its fury wasn't only felt by the people on the east coast of the US, says Martin May, regional director of Enterasys Networks. The effects of power outages in these centres were experienced on a much broader scale, as data centres were struck, taking down Web sites and cutting remote workers' access to their companies on almost a nationwide scale.
It was at the height of this natural disaster that the true value of a 'bullet-proof' disaster recovery (DR) strategy was realised. Almost without exception, the successful DR strategies employed at the height of Sandy's devastation had one common denominator: cloud computing.
Cloud computing has benefits in critical scenarios, because it can help protect data by allowing organisations to perform offsite data replication to a cloud storage provider and it can assist organisations to continue to use this data once the seriousness of the disaster diminishes.
Could this lead to cloud service providers offering 'disaster recovery as a service' (DRaaS)? It's a concept that's gaining traction in the US, post-Sandy.
Professional DRaas offerings could provide managed disaster recovery solutions that allow organisations to replicate critical applications running at their data centre to a cloud hosting provider.
This contrasts with traditional disaster recovery thinking, which dictates that organisations have a 'mirrored site' packed with redundant hardware and redundant facilities that would only be used in the event of a disaster.
What's more, with a traditional DR site, synchronicity is vital. For instance, the server on the DR site has to have exactly the same configuration as the physical server at the production site. It's a difficult goal to achieve, particularly as 'configuration drift' is a well know phenomenon. Failure to keep this perfect lock-step greatly increases the chance of critical data being lost.
With DRaaS, the differences between the primary and secondary site can be abstracted via technologies such as converged infrastructures, liberating users from the constraints of synchronisation.
With this cloud-based approach, organisations can also eliminate the large capital expenditure associated with a traditional DR site and instead pay a monthly service charge (based on actual consumption) for the use of a DRaaS service, which would in all probability include fully managed server recovery - whether physical or virtual.
In addition to these costs being only a fraction of the cost of the management and maintenance of a typical, dedicated DR site, the concept provides budget certainty.
For many IT managers, the productivity benefits associated with the automated DR processes linked to DRaaS are seen as a major step forward. Old DR models are almost always based on manual record-keeping, with tedious descriptions of every outage and recovery having to be made.
These reports are completed at pedestrian speed, which is counterproductive, as lost time equates to lost revenue. An automated process helps speed recovery and maintains greater accuracy.
Another key benefit is flexibility, probably the most attractive aspect of a DRaaS solution from an IT manager's perspective. It's a benefit that could be underwritten by the security of the illusive 99.999% (five nines) level of operational performance if a cloud service provider with multiple data centre locations, preferably in other countries, is selected.
Yet another attractive feature for IT managers is improved testing frequency. The costs of traditional recovery testing and exercising often constitute a significant portion of the annual disaster recovery budget.
As DR in the cloud frees up significant amounts of time - because DRaaS does not have the aforementioned synchronisation requirements - IT managers can test their DR plans more frequently. This could mean moving from an annual test regimen to quarterly or even monthly. This results in improved predictability and a greater likelihood of a fast and successful recovery.
Moving to a DRaaS model should give organisations an opportunity to determine what data categories are 'business-critical' and what level of critical response is required for each. For example, should an organisation maintain its own 'internal cloud' or 'private cloud' infrastructure for less-than-critical data?
Cloud storage is growing at a phenomenal rate, because cloud providers are offering it at ever-cheaper rates as competition gathers momentum. This means it is easier to pick specific applications to protect - and determine the tiers of protection needed - than it was only a year ago.
Looking ahead, DRaaS could be the stepping stone enterprises need to spur them to place all their data in the cloud as part of a modernised, updated business plan.
Live production data would remain on site, but DRaaS could open up the possibility of using the cloud more widely, in the process making IT managers more accepting of the concept.