Disaster recovery as a service (DRaaS)

Disaster recovery as a service(DRaaS) is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third party cloud computing environment and provide all the DR orchestration, all through a SaaS solution, to regain access and functionality to IT infrastructure after a disaster. The as-a-service model means that the organization itself doesn’t have to own all the resources or handle all the management for disaster recovery, instead relying on the service provider. Disaster recovery planning is critical to business continuity. Many disasters that have the potential to wreak havoc on an IT organization have become more frequent in recent years: 

• Natural disasters such as hurricanes, floods, wildfires and earthquakes
• Equipment failures and power outages
• Cyberattacks 

DRaaS, also known as disaster recovery as a service, is the replication of hosting of physical or virtual servers by a third party to provide failover in the event of a man made or natural catastrophe. DRaaS can be especially useful to organizations that lack the necessary expertise to provision, configure, and test an effective disaster recovery plan (DRP).

On a disaster event, a company with a DRP must be able to properly ensure the following activities

• Turning into a Disaster Recovery Site. 
• Switching the stricken site network links to the
• Disaster Recovery site.
• Securing the recovery site network links.
• Restarting backup systems (servers).
• Restoring data ensuring their integrity.
• Checking the system availability and data across the network.
• Restarting applications.
• Checking the functional availability of the information system.
• Remaking the information system to the users.

These actions must be planned in accordance with two time requirements defined in an interview conducted with users of the information system:

1. RTO (Recovery Time Objective): The targeted duration of time in which business functions are unavailable.  
2. RPO (Recovery Point Objective): The maximum targeted period between two successive backups, and thus the maximum amount of data that can be lost due to a major incident when restoration is successful. 

The number of threats imposed on the information system of companies and organizations is steadily increasing. Companies need more than ever to prepare for major crises and organize to be able to ensure continuity of its critical IT activities through the establishment of a Disaster Recovery Plan. For many companies, the establishment of such plan was considered a very difficult task to achieve. The development of cloud computing offerings and their adoption within companies opens up new practices. One of them is the rescue of the information system in the cloud. In this paper, we focus on presenting this new solution known as Disaster Recovery as a Service as well as good practices in planning for a company to succeed such a project. Our work was based on a comparative study between traditional IT strategies and DRaaS solution and argued through the enumeration of some research works as well as the return to experience of some companies. 

DRaaS Operating Models

Organizations may choose to hand over all or part of their disaster recovery planning to a DRaaS provider. There are many different disaster recovery as a service providers to choose from, with three main models:

Managed DRaaS

In a managed DRaaS model, a third party takes over all responsibility for disaster recovery. Choosing this option requires an organization to stay in close contact with their DRaaS provider to ensure that it stays up to date on all infrastructure, application and services changes. If you lack the expertise or time to manage your own disaster recovery, this may be the best option for you.

Assisted DRaaS

If you prefer to maintain responsibility for some aspects of your disaster recovery plan, or if you have unique or customized applications that might be challenging for a third party to take over, assisted DRaaS might be a better option. In this model, the service provider offers its expertise for optimizing disaster recovery procedures, but the customer is responsible for implementing some or all of the disaster recovery plan. 

Self-service DRaaS:

The cheapest option is a self-service DRaaS, where customers are responsible for planning, testing, and managing disaster recovery, and the vendor provides backup management software, and hosts backups and virtual machines in remote locations. This model is offered by all major cloud providers—Amazon, Microsoft Azure and Google Cloud.

When using this model, careful planning and testing is required to ensure that operations can be immediately failed over to the vendor’s remote data center, and easily recovered when local resources are restored. This option is ideal for organizations with in-house disaster recovery and cloud computing expertise.

Traditional Disaster Recovery strategies

In the past, to ensure their primary site, companies generally use a second internal physical site with a second computer room or external to a provider. This second site can be classified according to emergency level:

• Hot site: it is a remote data center which is redundant in accordance with the primary site.
• Warm site: is a remote computer room that is partially equipped with computer equipments.
• Cold site: is a remote data center, available upon activation of the DRP has no equipment installed in advance. It is then necessary to supply new hardware in case of disaster.

Once the type of disaster recovery site is set, it must be supplied with the necessary data through various techniques:

• Asynchronous replication from one system to another via an IP network.
• Synchronous replication of a disk array to another array, via a storage area.
• The offset backup tapes to the disaster recovery site through a means of transport

How does DRaaS work?

DRaaS works by replicating and hosting servers in a third-party vendor’s facilities versus in the physical location of the organization that owns the workload. The disaster recovery plan is executed on the third-party vendor’s facilities in the event of a disaster that shuts down a customer’s site. Organizations may purchase DRaaS plans through a traditional subscription model or a pay-per-use model that allows them to pay only when disaster strikes. As-a-service solutions vary in scope and cost—organizations should evaluate potential DRaaS providers according to their own unique needs and budget.

DRaaS can save organizations money by eliminating the need for provisioning and maintaining an organization’s own off-site disaster recovery environment. However, organizations should evaluate and understand service level agreements. For instance, what happens to recovery times if both the provider and customer are affected by the same natural disaster, such as a large hurricane or earthquake. Different DRaaS providers have different policies on prioritizing which customers get help first in a large regional disaster or allowing customers to perform their own disaster recovery testing.

The disaster recovery via cloud infrastructure has been addressed by several researchers who have proposed models, approaches and techniques to enhance the effectiveness of this universe in the area of company business continuity. A disaster recovery model for web site application based on cloud. This model uses the virtual machines in cloud computing to make data disaster recovery service available.

Why DRaaS ?

As a hosted service in the cloud, DRaaS inherits the following five characteristics of cloud computing model

1. On-demand self service: the implementation of this disaster recovery service will be fully automated.
2. Broad network access: these datacenters are usually connected directly to the Internet backbone to benefit from excellent connectivity.
3. Resource pooling: most of these centers have tens of thousands of servers and storage means for fast charge mounted.
4. Rapid elasticity: the on-line new operational instance of a server is achieved in a few minutes.
5. Pay per use: the billing is calculated depending on the duration and the amount of resources used. 
6. Get a performance service level agreement (SLA) - Create a contract between you and your service provider to ensure pre-defined performance (i.e. 1 hour SLA guaranteeing your critical applications will be up and running within an hour). 
7. DRaaS costs are highly variable - Watch out for hidden fees (i.e. retrieval fees that charge per gigabyte which can substantially add up). 
8. Couple DRaaS with data protection - The cloud is an ideal place for long-term data retention because it’s isolated from production data and remote from ransomware. 
9. Pay for only what you use - Choose a provider that offers different DRaaS services for different classes of applications. 
10. Cloud seeding options - With cloud seeding, you can use physical media (i.e. tape, server, hard disks, etc.) to pre-load your data to the cloud and restore a failed local database. 
11. DRaaS can protect cloud applications - Deploy a backup appliance within the cloud and point your cloud applications to backup software in a different cloud facility than where your cloud applications are running. 
12. Include automated test recovery - You should have automated testing at least once a month and after any changes to the infrastructure to ensure your applications will really recovery. 
13. Advantages of purpose-built clouds - Purpose-built clouds have seamless integration between your backup appliances and the cloud, holistic support, and predictable recovery times.

Principle and operating mode of DRaaS

Recent studies by Gartner, Forrester Consulting and Aberdeen Group, all show that CIOs have a strong passion for these DRaaS technologies. According to Forrester Consulting, more than half of US companies (59%) include an implementation DRaaS project or are interested in this topic. Generally this solution is based on the use of the virtual servers in the cloud which are started in case of disaster. Therefore, users are working on cloud mode with the saved data (i.e replicated and installed on these virtual servers at the last automatic backup operation). When the problem that caused the accident is technically solved, data can be relocated to the company's servers and users can connect as usual.

FEATURES

Reliability

In the early days of DRaaS, there were concerns about the resources available to the DRaaS provider, and its ability to service a certain number of customers in case of a widespread regional disaster.

Today, most DRaaS services are based on public cloud providers, which have virtually unlimited capacity. At the same time, even public clouds have outages, and it is important to understand what happens if, when disaster strikes, the DRaaS vendor is unable to provide services. Another, more likely scenario is that the DRaaS vendor will perform its duties, but will not meet its SLAs. Understand what are your rights under the contract, and how your organization will react and recover, in each situation.

Access

Work with your DRaaS provider to understand how users will access internal applications in a crisis, and how VPN will work—whether it will be managed by the provider or rerouted. If you use virtual desktop infrastructure (VDI), check the impact of a failover event on user access, and determine who will manage the VDI during a disaster.

If you have applications accessed over the Internet, coordinate with providers, customers, partners, and users how DNS will work in a crisis—whether it should be transitioned to DNS managed by the provider, or kept with the same DNS (this also depends on whether your DNS is hosted or self-managed). DNS is a mission critical service, and if it doesn’t work smoothly during a disaster, even if systems are successfully transitioned, they will be offline.

Assistance

Ask prospective DRaaS providers about the standard process and support they provide, during normal operations and during a crisis. Determine:

• What is the disaster recovery procedure
• What professional services the provider offers in time of disaster
• What responsibility lies with the provider vs. your organization
• What is the testing process—determine if you can run tests for backup and recovery internally, and whether testing or disaster “drills” are conducted by the provider
• After declaring a disaster, how long can the provider run your workloads before recovering (to account for long term disaster scenarios)

Disaster recovery as a service advantages

Many businesses with lean IT teams simply can’t afford to take the time needed to research, implement and fully test disaster recovery plans. DRaaS takes the burden of planning for a disaster off of the organization and puts it into the hands of experts in disaster recovery. It can also be much more affordable than hosting your own disaster recovery infrastructure in a remote location with an IT staff standing by if disaster strikes. If a disaster doesn’t happen, that expensive second infrastructure and staff never get used. Many DRaaS providers charge you only if you need their services. For many organizations, DRaaS is a helpful solution to a nagging problem.