Disaster Recovery, At Your Service
November 16, 2020 Matt Paterini
Every organization needs a sound disaster recovery plan to protect their business from natural disasters, weather events, cyber-attacks, and other unexpected threats. Disaster recovery strategies can take on different forms depending on the requirements of the business, specifically the defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
These RTO and RPO metrics are not precisely the same, but they are interrelated and are part of a complete disaster recovery plan.
The RTO metric is not just a stopwatch that starts ticking between the time applications go down, for whatever reason, and when they come back again online again. Rather, it should be a more complex metric that assesses the level of importance of the application suite and what effect they have on the running of the business. Some applications can be down for hours or days and not have a huge impact on the running of the business, others can be down for hours and days and this causes havoc or a complete stoppage of operations. The point is, there is not just one RTO, but many at most companies, since most companies have dozens to hundreds to thousands of applications, and not all RTOs need to be created equal.
While RTO is about time, RPO is about data. And to be specific, it is about how much data that the company would normally be capturing during the course of business that it can afford to lose before it has an adverse and big impact on the business. Losing data is something that is always disruptive, but this is more of a measure of relative disruption because all data loss is not equal. And therefore, just like all applications by their nature have their own RTO, they also have their own RPO. And they may not correspond one-to-one, either, although there tends to be a correlation between the two.
Not every company wants to manage the disaster recovery setup, and in fact, we would argue that while disaster recovery is key to the success of the business, mastering all of the ins and outs of disaster recovery is not something every company should – or can – do. If we let service providers like Microsoft and Google, who have precise skills shared across many customers that gives them deep expertise, manage our emails, why not let similar experts with skills and expertise culled from supporting many customers manage our disaster recovery?
That, in short, is what Disaster Recovery as a Service, or DRaaS, is all about: Providing remote data and system recovery as a managed service. Unlike manual disaster recovery (DR) approaches in which organizations simply have access to a remote system and are required to manually restore data in the event of a disaster, DRaaS contractually ensures remote recovery to defined RTO/RPO, completely managed by the MSP. This makes DRaaS more reliable than a manual DR plan, as many organizations do not have the internal resources suitable to adequately manage DR.
High availability, often shortened to HA although there is not usually much funny about it, is also a common DR practice that often gets confused with DRaaS. For many organizations, the ability to role-swap to a second system with immediate RTO/RPO is not necessary. HA also requires maintaining a second system and does not address archival backups for days, weeks, months and years. Unless immediate RTO/RPO is truly required, HA is typically not a cost-effective DR option. In fact, a cloud backup and DRaaS strategy is approximately one half to one third the investment of HA.
A cloud backup and DRaaS strategy is appropriate for an organization that has shorter RTO/RPO requirements than a manual approach can accommodate, but the immediate RTO/RPO provided by HA is not required.
As it relates specifically to IBM i DRaaS, UCG Technologies and VAULT400 offer a 12-hour and a 24-hour RTO with 24-hour RPO in each case.
Both IBM i DRaaS offerings begin with VAULT400 cloud backups to two remote, regulatory compliant data centers. For the 24-hour RTO option, UCG Technologies loads the proper IBM i operating system and PTF level at the point of disaster declaration, ports data from the remote vault to a multi-platform POD of shared systems and provides remote VPN access in under 24 hours.
For the 12-hour RTO option, UCG pre-loads the IBM i operating system and PTFs to a dedicated serial number assigned system. At the point of disaster declaration, data ports from the remote vault to the dedicated system and remote VPN access is provided in under 12 hours.
Regardless of your organization’s RTO/RPO requirements, a formal DR plan is critical to minimizing risk. For the vast majority of organizations, a cloud backup with DRaaS strategy proves to be the most reliable and cost-effective for the business.
This content is sponsored by UCG Technologies.
Matt Paterini is regional director at UCG Technologies. He brings his energy and strong work ethic to his responsibilities for sales, marketing, social media, and managerial duties.