Using cloud effectively for disaster recovery – what questions do you need to ask?

Taking computing to the edge
Taking computing to the edge. (image:
Cloud computing
Using cloud effectively for disaster recovery – what questions do you need to ask? (image:

Disaster recovery (DR) is synonymous with cost and layers of complexity but cloud – together with a cloud-ready DR solution – can remove a lot of that pain, and provide huge benefits besides. However, to effectively use cloud for DR, businesses need to put the right solution in place.

A cloud DR solution removes a lot of the cost by providing storage capacity on demand. This means there’s no longer the need to invest in expensive data centres. In addition, capacity is available on demand, which means businesses have greater flexibility and the ability to scale. Saying this, capacity means nothing without the right DR strategies and the right software in place to manage DR. This is the DR journey.

To determine their DR strategies and the type of solutions they need, businesses need to think about what to protect and how to protect it. While cloud makes DR less costly to plan and deploy, effective data management is crucial. There are several key questions that need to be asked.

How much protection do I need and what should I pay?
The first step is to research what the business needs to protect and what it is willing to pay for that. Technology and threats continue to advance and more regulations and legislation are being implemented every day. A suitable DR solution needs to be flexible enough to cater for current and future challenges.

For example, traditional causes of system failure include human error, equipment malfunction, natural disaster or environmental impacts. Today, cybercrime – from system hacks to malware and ransomware (Petya) – are emerging as serious threats. A DR solution should be able to assist the organisation to recover from all issues.

Organisations will need to assess their systems to understand the degree of protection needed.
Tiering of environments depending on their criticality to the business is recommended. For example, the business would want to ensure a fast recovery time and near real-time recovery point objective (RPO) for a high-transaction mission-critical database. The recovery of a project management file server may be less critical, only requiring backup every four hours or so. But businesses also need to think beyond these simple configuration questions. New threats and growing complexity are a challenge.

Ransomware typically corrupts and destroys data. To recover, the business needs to be able to go back to point where the data is not corrupted by dormant malware. DR solutions that provide snapshot or journaling features may be useful in this instance. But other, more sophisticated replication questions may need to be asked.

Complexity also needs to minimised. There is little advantage in having multiple siloed DR solutions protecting databases, servers and VMware. Nor is there great benefit to having a single solution that does fast RPO for all systems when 80 percent don’t require this level of DR, or a solution that cannot scale up the RPO on a system if it becomes more critical to the business. A single solution that can provide a DR solution for different systems and can vary the RPO will provide the right protection at right cost.

One vital feature required in a DR solution is the ability to allow the user to design path to the shortest recovery time objective (RTO). A solution that enables DR orchestration and customised workflows right up to the app level can shorten the RTO by automating processes. It will be able to bring the right systems up in the right order or in parallel, as needed to get everything working together, fast.

At end of the DR discovery journey, the organisation should know what it will be protecting and where it will be failing over to, but that can be hard to do. Where a business’s IP will be kept – a VMware environment, a Hadoop big data solution, MS Azure – is a moving target due to new technologies that emerge. It’s important that they pick a DR solution that can evolve alongside the business.

Finally, there’s the DIY question. Will the organisation need assistance to configure the DR solution, test and, in the case of disaster, ensure recovery? Ensure your solution provider can offer a services and managed services portfolio.

Tick the boxes
An advanced, flexible DR solution that will grow with the business will have many of the following characteristics:

  • It will have DR built into the DNA of the platform and extended to the cloud – i.e., is able to automate and orchestrate DR across on-premises and cloud locations.
  • It is easy to understand and use with SLAs based on the protection needed, and a reporting interface to manage changing risk profiles.
  • Is able to automate DR operations for planned and unplanned failover, failback, testing and development.
  • Offers VM and application-centric workflows that can be customised to meet RTO requirements.
  • If you don’t want to DIY, your service provider can deliver the services you require.

The bottom line is that organisations need to get real – be aware of changing threats, technologies, legislation and business priorities and select a solution that is real world ready and can adapt flexibly to meet to these needs. When disaster hits, your experts may not be accessible—your DR solution needs to be able to take care of it for you.

By Mike Rees, Commvault Territory Account Manager for South Africa