By 2014, 30 percent of midsize companies will have adopted recovery-in-the-cloud, also known as recovery-as-a-service (RaaS), to support IT operations recovery, up from just over 1 percent today, according to Gartner, Inc.
RaaS describes the managed replication of virtual machines (VMs) and production data in a service-provider’s cloud, together with the means to activate the VMs to support either recovery testing or actual recovery operations. The location of the data center equipment, the party housing the provider’s cloud equipment, and the price vary by provider.
Gartner sees the RaaS market being driven by midsize companies (with annual revenues between $150 million and $1 billion). Larger companies (with annual revenues or operating budgets of $1 billion or more) are more likely to have established recovery management facilities, infrastructures and support teams that are too complex to move fully to the cloud. Smaller businesses are less likely to have a formal strategy for managing disaster recovery.
“RaaS has been hailed as a ‘killer’ cloud app for disaster recovery, but the reality is that there has been much hype and some truth,” said John Morency, research vice president at Gartner. “Certainly, it addresses well-recognised ‘pain points’ in IT disaster recovery management, including the need for frequent recovery-readiness testing and the cost of dedicated recovery floor space and facilities.”
Gartner has identified four principal pain points that RaaS addresses:
1. Recovery testing/exercising costs — The costs of traditional recovery testing and exercising often constitute a significant portion of the annual disaster-recovery budget (sometimes as much as $100,000 or more per exercise). RaaS can reduce or even eliminate these costs.
2. Change skew — Consistency between the current state of the production data center infrastructure, applications and data, and their state at the time of the last recovery test erodes daily as a direct side effect of changes applied to support new business requirements. Although more frequent testing can reduce the scope of this problem, it cannot eliminate it. However, because VM replication facilitates change synchronisation between production and recovery data centre-based VMs, VM-specific change skew becomes much more manageable.
3. Recovery configuration startup — Many web applications and services often have complex meshed relationships and dependencies on other applications and data. It’s therefore essential to understand completely cross-application and data dependency relationships. RaaS can help reduce the complexity through the replication and recovery of application-specific and interdependent groups of VMs.
4. Testing scope — Determining what testing should take place is challenging and may require difficult trade-offs as there is never enough money to test everything frequently enough. Some businesses test only the most critical applications, skipping other systems to perform the critical tests more frequently; some lengthen the time between teststo afford bigger tests; some rotate testing among different groups of applications; and others look at where the failures occurred in prior tests and schedule the most fragile systems for the next recovery test. Ultimately, the strategy for testing should maximize the likelihood that critical workloads will be recovered on time during a real disaster. This requires judgment about what tests target the most likely errors and failure modes. Organisations are more likely to use RaaS to support more critical applications, especially those requiring short recovery times.
Among the midsize companies using RaaS at present, two camps are forming. The first is using server virtualization recovery features and SAN-based replication to deploy in-house disaster recovery solutions for some applications. The second is implementing initial pilots for the use of cloud services as an alternative to more traditional disaster recovery resources.
“For organisations that have not yet trialled RaaS, Gartner recommends commencing cloud infrastructure due diligence, especially for systems that already reside primarily outside their data centre,” said Mr. Morency. “They should then qualify system image replication and failover support and probe how the provider can support application connectivity during recovery testing. They also need to check provider operations controls for potential regulatory compliance exposure and pilot a bounded implementation of the target configuration. This will clarify the potential service benefits as well as the level of management support that the in-house IT team will still need to provide.”