Evaluating DRaaS Providers

Learn to select from today’s wide range of DRaaS providers, including what questions to ask and how to be sure they fit into your overall recovery strategy.

The use of various “cloud” technologies is becoming increasingly popular and is often part of Business Continuity and Disaster Recovery solutions. These technologies can be very flexible and cost effective. As organizations become more comfortable using Software as a Service (SaaS) and Infrastructure as a Service (IaaS), leveraging both concepts as Disaster Recovery as a Service (DRaaS) is becoming more acceptable. It can be an attractive option, especially for resource- or cost-constrained organizations. In many ways, organizations have some level of DRaaS with their SaaS or IaaS providers. But for our discussion, DRaaS will be related to your managed environments and not any SaaS solutions.

The services offered by DRaaS providers can be put into three categories:

1. Data Recovery. This can be thought of as remote backup and restore in the provider’s facility.
2. Virtual Machine Hosting. This includes both the virtual environment and a physical to virtual conversion running in the provider’s facility.
3. Full Disaster Recovery. Full recovery is performed in the service provider’s facility.

All the above may include tools and/or services used to perform the function in a hands-off manner by the client.

What should you consider when evaluating DRaaS providers?

Internal Assessment

• What are your requirements? Review your BIA and risk assessment to determine actual recovery needs, RTOs, and RPOs.
• Are there environments that would not be supported in a DRaaS environment?
• Is this a part of the overall Disaster Recovery solution? How will you integrate multiple locations or strategies? Consider network requirements, user access, and third-party integration.

DRaaS Provider Assessment

• How long has the provider been offering the solution? Who is using this service and to what level?
• What is the SLA? How is the SLA determined? Most often the remediation for a missed SLA is a refund of payment.
• What is the potential client saturation of the service in the event of a regional event?
• What are the testing capabilities?
  • How often does the provider perform internal tests? Will they share the results?
  • How often can you test?
• What are the technical skills and services available from the provider after recovery to offer support during production activities?
• How long can you run productively on the service? Can you add capacity as needed?
• What is the impact on production availability and performance with the tools used to keep the DR environment and production environment in sync? What is the architecture – clients on servers or an on-site appliance?
• How is their pricing model structured?

Selecting Your Provider

DRaaS providers offer a valuable service and there are likely aspects of your Disaster Recovery needs that fit a DRaaS solution. But selecting and implementing a DRaaS provider requires research and planning, just as a traditional alternate data center does. The provider must meet your requirements. Though a Disaster Recovery plan or service may not ever be put into use, they must absolutely work when you do need them.