In previous posts, we highlighted 5 Key Questions to Ask Your Backup as a Service Provider and 5 Key Questions to Ask Your Replication as as Service Provider. In this final post of our BC/DR series, we’ll take a look at the final point on the Business Continuity/Disaster Recovery continuum: Disaster Recovery as a Service.
Defining Disaster Recovery
As a quick primer, Disaster Recovery (DR) is, at its core, an area of IT security planning. DR focuses on protecting an organization from the negative impacts associated with an unplanned event, such as natural disasters and equipment failures. The objective of DR is a disaster recovery plan (DRP) that can be followed in an emergency to restore applications and services. This plan is a collection of policies, procedures, and actions that are clearly understood throughout an organization, regularly tested, and quickly executed in the event of a disaster.
Defining Disaster Recovery as a Service
Disaster Recovery as a Service (DRaaS) takes DR one step further by offloading failover testing and event mitigation onto ServerCentral or another service provider. In a DRaaS environment, the replication of virtual or physical infrastructure takes place in our data centers. DRP policies, procedures, and actions are clearly defined. Our team conducts regular testing of failover scenarios, and in the event of an actual emergency, performs the failover, too. The entire DRaaS solution comes with a predefined Service Level Agreement (SLA) specifically written to achieve your operating objectives.
For the past year, we’ve studied the questions our customers, prospects, and partners have asked about DR and DRaaS solutions. We compared our findings with that of leading industry analysts to compile this list of 5 key questions you should ask about any DRaaS solution:
1. In the event of a disaster, who is on hand to help?
We’re extremely biased here because we’re always onsite to help, but it’s an important point. In many cases, there isn’t anyone available to provide immediate support. A disaster event would signal a ticket that notifies techs to get to the data center to provide support. Find out whether or not there are actually people onsite who will help should you have an event declaration. If they’re not, be sure you know exactly what the latency/delay will be and whether or not it meets your SLAs.
2. Are there standard RPO/RTO targets we should adhere to?
We’re asked this question every time we talk about BC/DR, replication, and DRaaS, and the answer is no. That said, we do maintain a list of standard RPO/RTO windows that we see most often with customers or prospects. If you’re interested in discussing these, just let us know. The rule of thumb for RPO/RTO targets is whatever one fits your organization’s risk profile. The important thing to note is that you can look at these windows on an application-by-application basis. In many cases, simply stating the objective answers any targeting question.
3. Are hybrid (physical and virtual) environments supported?
Most environments are hybrid, meaning they consist of equal (critical) parts physical and virtual. Be sure that both parts of your hybrid deployment are supported in a recovery. These may be addressed via different technologies, but that won’t matter as someone else (your provider) is on the hook to be sure it works. Just be sure they’re both addressed within your required RPO/RTO windows, as it's possible that multiple solutions have multiple windows.
4. Do you run full disaster event tests? If so, how frequently?
In most cases, a DRaaS solution will include a predefined number of standard tests each year. Be sure this is clarified and that the frequency and depth of testing meets your compliance requirements. If it doesn’t, be sure you are aware of the costs associated with custom testing procedures. Ask for a sample test result so you can properly evaluate the data you will receive.
5. Are my security & compliance policies adhered to in event of a disaster? Are they adhered to during recovery?
Make sure to make your requirements clear when you ask this question. In most instances, security and compliance policies can be met. The key is that they're known. If you have requirements, make sure to state them up-front so that a potential provider can provide a userful answer.
If you’re interested in discussing any of these questions in more detail or have new questions of your own, please don’t hesitate to contact us.
P.S. We have a host of tools and resources available to help you through the BC/DR planning process. Visit http://www.servercentral.com/services/draas to learn more.