What do some of the largest enterprises in the world have in common? Many were victims of costly website outages in the last year.
The prospect of a website being down is enough to cause most CIOs to break out in a cold sweat. Recent research[1] revealed that a Denial of Service (DDoS) attack, for example, could expose 40 percent of businesses in EMEA to losses exceeding £100,000 if hit during peak times. And that’s before you take into account the reputational costs and share price reduction that a business could face.
We live in an ‘always-on’ society where we are almost permanently online in some form or another. Indeed, recent research from the Internet Advertising Bureau[2] has shown that the average UK household owns 7.4 connected devices. Connectedness will only increase with the Internet of Things (IoT) trend, putting even more of an emphasis on high availability. This naturally leads to a conversation about disaster recovery.
Since most of the issues that previously monopolised disaster recovery conversations – such as dealing with fires in the datacentre and working around power cuts – have largely been solved, the Disaster Recovery (DR) conversation has largely moved on to being more about business continuity.
A practical example of this is DDoS attacks. We’ve seen from cases in the media that DDoS attacks can be crippling to a business, not just in terms of downtime, but also the resulting long term impact to reputation. From a DR point of view, there are various options available, such as opening up the network for a short period to nullify the impact of the DDoS attack. This illustrates that DR is no longer just about protecting data, but also about ensuring continuous data availability. In essence, DR is both a technology and business discussion.
There are three main disaster recovery cogs to consider to keep the business continuity wheel turning: DRaaS, networking and managed hosting.
1. DRaaS (Disaster Recovery as a Service)
With the growth of XaaS, it’s no surprise that DR is now offered in a cloud-like model. Protecting core workloads can be complex and expensive. Most businesses do not have the resources to provide the requisite remote data centre facilities, network, special expertise, and recovery software/hardware systems required to deliver a reliable DR solution. Therefore, many see DRaaS as a cost-effective and reliable option for disaster recovery protection. DRaaS leverages the computing resources of a public cloud, allowing DRaaS to replicate data and run the applications that power an organisation. Since many applications run in the cloud today, there is natural synergy between disaster recovery and the cloud service model.
DRaaS affords meaningful advantages over other disaster recovery options. Most obviously, DRaaS is advantageous because data is replicated and stored safely off-site. But in addition, if your on-premise data centre already uses virtualisation, DR can be managed using existing hypervisor and VM management tools, making it both cost-effective and convenient. Additionally, like cloud services, DRaaS is an operating expense; therefore, capital outlay is limited. Finally, DR has its advantages in scalability – meaning you can easily and quickly flex DR capacity upwards or downwards as needed.
2. Network Connectivity
If you employ DRaaS in conjunction with a virtualised IT environment (on-premise or colocated) you’ll need a network link to move data to the disaster recovery service in the cloud. This link will then be used to command and control DRaaS for testing, migrating virtual machines in the event of a disaster, and to failback when the disaster event is resolved.
One option for this link is a public internet connection. Most companies can do this without buying new hardware, by simply adding a new connection to an existing service. A public internet connection may or may not be sufficiently reliable for the DR function. Its bandwidth may already be saturated and the resulting security could be insufficient to protect critical applications.
The alternative is a dedicated DRaaS link called a private data network, a service offered by many telecommunications vendors. A dedicated connection is a discrete communications service that you order and provision, but gives you the freedom to choose a service that meets your specific needs. Options to consider include: multi-protocol label switching (MPLS), metro ethernet, virtual private LAN service (VPLS) or ethernet virtual private LAN (EVPL).
Regardless of whether you select a public or private internet connection, you’ll also want to ensure that your DRaaS provider includes direct access to a major or “Tier 1” network backbone as part of the DRaaS solution. If your network/DRaaS provider has direct access to a Tier 1 backbone, they can manage throughput and correct network problems quickly. When assessing a networking vendor, always ask if they have this.
3. Managed Hosting
Choosing a managed hosting solution over in-house management or a colocation solution lets you outsource the tedious and costly tasks of not only managing the hardware, operating systems and hosting, but also allows you to shift the burden of managing scale computing, storage, space, power and cooling to an external vendor whose sole purpose is to meet your business’ changing needs. Not only does this relieve your team from doing all the heavy lifting, but it also allows you to select where your data is housed, because vendors operate data centres in a variety of locations allowing you have the freedom of choosing where you want your infrastructure hosted.
If you host your DRaaS with the same vendor as your managed hosting services, you can then house your production compute resources, applications and data in the same facility. This allows you to link your production resources with your DRaaS over a fast and low-cost LAN connection, called a “Cross Connect” by some vendors. This connection does not use wide area network services and, therefore, will not affect your public internet access.
Lifting the hood to get inside DR
When developing and evaluating your DR strategy, it’s important to carry out a detailed assessment to look at every aspect of your infrastructure: where is data stored today; what methods your company uses to ensure continuous data, network, and application security including threat detection and physical security; what support is currently available, including SLAs; what network connectivity arrangements are in motion, and so on. It’s also important to identify and document the absolute minimum level of IT your business can operate with, and determine the hourly or daily cost to the business if your infrastructure goes down. This helps define the right mix and size of the DR toolset needed for your business. To further define needs, a Business Impact Analyses (BIA) with business owners is completed via a series of interviews and data gathering initiatives.
The result of all this effort might mean that the CIO or IT director decides to take a look at his or her IT strategy more broadly. You may also find as you go through this exercise, that there are other vulnerabilities that your team has not yet considered that should be rolled into your overall security plan. That’s why spending time thinking about things from a business and technology perspective is so important.
[1] Source: ITPro Portal, April 2015 http://www.itproportal.com/2015/04/01/businesses-estimate-losses/
[2] Source: IAB UK, April 2015 http://www.iabuk.net/about/press/archive/iab-pwc-study-digital-adspend-up-14-to-record-72-billion
Ian Bryant is vice president of advanced services, CenturyLink EMEA
