Disaster recovery is a critical process that enables organisations to resume their mission-critical IT functions following a disaster of some kind.
Whether the disaster is from a simple hardware failure through IT-related issues such as a cybersecurity attack and at the extreme, things like a natural disaster, it’s anything that causes a disruption to a business’ IT functions.
Disaster Recovery or Business Continuity?
Generally, in technology terms, Disaster Recovery (DR) is differentiated from Business Continuity (BC), by the latter being how the complete business returns to operation after such an event, as such a DR plan normally forms one part of a BC plan. Having a Disaster Recovery (DR) plan in place enables the business to quickly restore access to their IT infrastructure, including data, hardware, software and networking equipment. This is a process that should ideally be carefully defined and tested before a disaster strikes.
The importance of a Disaster Recovery plan
It goes without saying, that unfortunately companies cannot predict, or prevent disasters from occurring, but there is undoubtedly a critical risk to severe disruption to business in the event of one, it is therefore vital for all organisations to have a clear and precise disaster recovery plan, that can be invoked swiftly, to maintain their business operations. With most, if not all businesses now reliant on technology to operate, lack of access to IT infrastructure and data would mean a business would be likely to suffer huge financial ramifications, along with dissatisfied customers and a potential loss of reputation. Having a defined disaster recovery strategy is not just about keeping your IT assets protected (that’s backup), it is about ensuring that your business can return to operation expediently and in the right order, so that you can continue to trade, service your clients, access your data, run your website and perform all other critical business tasks that are enabled by the use of technology.
Disaster Recovery planning
To have a successful disaster recovery plan, comprehensive planning is required; it is vital that organisations take the time to plan it thoroughly, to consider what their business requires, involving the wider business when planning, often DR is considered as just an IT problem, but it is crucial for the business to make decisions around what the key priorities for failover are and provide a mandate to the IT departments to deliver against.
- What applications need to be restored, in what time?
- At what point you need to failback and restore your data from following a disaster; could you afford to lose a days’ worth of data, or only an hour, or perhaps less?
- Does that vary for the different systems within your business?
Understanding and defining your objectives for restore, considering your expectations for returning key systems to operation (Recovery Time Objectives or RTO’s), and where you restore to (Recovery Point Objectives or RPO’s) is paramount to ensure that the solution you have is fit for purpose, ensuring that ultimately, it is effective when you need to invoke it, in the event of a disaster. These should all be evaluated, defined, and agreed before moving to the design of the solution.
DR “One size” doesn’t “fit all”
Diving a little deeper into RTOs and RPOs briefly, it’s common in our experience for a business (outside of the IT functions) to assume that they have zero or near-zero RTOs and RPOs, i.e. if something was to fail, there is a standby system that will kick in and take over from where they were, in actuality this is rarely the case. There are obvious examples in our daily lives where an “Active / Active” strategy (two systems running in parallel across different geographical locations) is necessary, for example, air traffic control, or banking systems, but the expense of putting this in place means that for everyday business it is often cost-prohibitive.
It is also often assumed that the IT department should set the RTOs and RPOs for business systems, but this is like asking a waiter to pick your meal, in order to help with that, they’re going to need to ask some questions about what you like or don’t like; or what you need from the systems in this case.
IT teams should be asking the business:
- How much data can you afford to lose if the system crashes?
- How long can you be without the system before it starts to have an impact on the business?
- And finally, how does this system measure up to the other ones within the business in terms of importance to return to operation?
Working without for example the accounts, email, telephone, manufacturing or CRM systems, could potentially be acceptable for a week in some cases or only an hour in others, but IT isn’t generally the owner of these systems, the business is, and it needs to define those priorities.
When helping the business make a choice, it is however important for your in-house IT team or your outsourced provider to help understand the cost implications of the choice, we’d almost all pick the best option available if money was no object but the two things need to be considered together for a plan to be fit for purpose.
DR Options: On-Premise or Cloud-Based DR?
Traditionally a disaster recovery plan would involve having your production environment on-premise in one building, typically in your office or a datacentre, and then having a hot (active) or cold standby (passive) environment on-premise in another building, often a secondary office/datacentre location.
This traditional setup, whilst effective, does come at a cost, which if it’s a passive setup is not serving a purpose unless there is a disaster. This second site on-premise DR option however is still an extremely effective way for businesses that require high availability and need an ‘always on’ environment to quickly switch over to.
Cloud to Cloud DR
With many organisations having migrated their production environments to the cloud, giving them the option for on-demand cloud capacity, it makes sense to also utilise this for disaster recovery. Having this on-demand cloud capacity available, allows a business to build their DR environment to whatever extent it might need to be, as their production environment expands, the cloud flexes its capacity to scale.
Having a Cloud-based DR strategy, allows you, in the event of a disaster to utilise the cloud for a recovery option as and when you need it, this is of course providing that the cloud platform you are using has availability for you at the time in which you require it.
In this scenario, considerations need to be made around your cloud provider and location, for example, what happens if your data is in a single region within your Cloud provider, and there is a problem there? This could mean that not only your production environment is unavailable, but you are unable to invoke DR, therefore when designing a cloud-based DR option, it is strongly advised that you build that into a different cloud service provider or into a different region of the same cloud service to protect against an outage.
Cloud outages are very rarely “total” but it’s not uncommon for a single region with a single provider to have an issue and if you happen to only be based there, the effect is the same having a single on-premise site go down.
On-Premise to Cloud DR
For organisations that are yet to migrate to the cloud and still have an on-premise production environment, a cloud-based DR strategy is an ideal option to provide a solution, eliminating the need to purchase additional on-premise equipment at your second site, your cloud DR plan gives you the ability to turn it on, on-demand. In practice, many businesses analyse the total cost of ownership of both their active and passive infrastructure and decide to move everything to a cloud of their choice.
However when you compare the active element, if the workload is predictable and will be in place long-term, it’s rarely a saving to move to a cloud provider and often significantly more cost-effective to stay on-premise. However, the passive DR site is a large cost, for little benefit – until the day you actually need it. With this in mind, many businesses are utilising the on-demand DR capability of cloud providers to allow them to provide DR for their business at minimal cost (assuming there is no disaster) and reinvest the cost of traditional DR equipment into other IT initiatives, such as security.
Disaster Recovery as a Service (DRaaS)
Krome offer a fully managed, vendor agnostic, DRaaS solution. With a complete set of features and capabilities that go beyond just replication, we help you take advantage of a Cloud DR strategy for your business. In the event of a disaster, our DRaaS clients’ networks, VPN’s, and security services can all be made available and online at a moment’s notice. Using either a cloud provider of your choice or our ISO-27001 certified, geographically diverse datacentre, we provide a fully integrated, fast and secure way to backup, replicate and restore from the cloud, giving you the flexibility to leverage the benefits of cloud-based data protection.
Using our Veeam based DRaaS Solution, you can easily move a copy of your environment off-site to our service while maintaining complete visibility and control, end-to-end encryption, along with rapid restore access whenever you need it. Having a DRaaS solution from Krome also offers you a team to assist with the regular testing or the recovery assurance, along with support for alternating production between sites in the event of a disaster.
With our DRaaS solution we also take care of the regular testing regime required to make sure the service is working and fit for purpose, establishing a cadence with you initially and then agreeing a test and signoff procedure to ensure that should you ever need the service, it’s fit for purpose.
What DR plan is right for your business?
Not every client requires the same level of DR services, in order to establish what is the right solution choice for your organisation, we can work with you to define your requirements, create a series of offerings to present internally to your business and then help you to implement and test the solution.
If you would like further information on the Disaster Recovery Services we offer, or require any advice on what DR plan is right for your business please get in touch with us by completing the form below or contacting us on 01932 232345.