INAP IS NOW HORIZONIQ.
Click here to LEARN more.

Jan 4, 2021

Backups vs. Disaster Recovery: The Ultimate Guide

INAP

Backups or disaster recovery (DR)?

If you’re planning a data defense strategy for your company, it’s important to understand which strategy is best for your business needs—backup or disaster recovery.

The Difference Between Backup and Disaster Recovery

Backup refers to the process of saving data by copying it to a safe place. Data can then be recovered in the event of infrastructure or service issues. Backups can take many forms, including duplicating data on the cloud or a secondary server in the same production data center, or saving data to a remote data center, etc.

Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on IT supporting critical business functions as part of business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events.

While both solutions can help protect your data and critical information against unplanned disruptions and outages, sometimes backups alone aren’t enough.

Here is a breakdown of what you can expect from backups and disaster recovery solutions, so you can ensure your business keeps running even if your primary servers go down.

Basic Backup Solutions

Remember back in college or high school when you had to write a big term paper or thesis and you would save your work to a jump drive or CD (yes, those used to be a thing) in case your computer crashed and you lost everything?

You were running a basic backup of your most critical files.

How Backups Work

Backups work by providing quick and easy access to your data in case of smaller disruptions like outages, lost equipment, accidental deletion or hard drive crashes. Backup solutions copy your existing information to a second storage environment. You could choose to simply back up a few important files or your entire database.

The Cons of Backup Solutions

There are a few drawbacks to relying on backup solutions as your failsafe. Consider the college term paper example: If you have a sudden inspiration and write three more pages just to have your computer crash before saving your work to your backup source, you’ll have to start from the last moment you backed up. It’s the same with your business files—your data will only be updated to your previous backup.

Since many companies use backup for smaller-scale outages, in many instances they will keep their backups on-site or close to their primary facility. If these companies are hit by widespread natural disasters like hurricanes or earthquakes, there’s a chance those backups could go offline as well.

Cloud Backup Solutions

As a response, cloud-based backup options are becoming more popular because data center providers are able to offer near real-time data replication at off-site locations. In some cases, these cloud backup solutions are more cost-effective and reliable for business needs.

Disaster Recovery Solutions

For more large-scale outages, disaster recovery is your best option.

Disaster recovery solutions cover more than just the major natural disasters that might immediately come to mind. In fact, only about 10 percent of unplanned outages are caused by weather. That’s behind system failure, cyber incidents and human error.

Disaster recovery solutions replicate your environment, so if there is a major disruption, an automatic failover transfers the management and operation of your infrastructure to a secondary machine and site to keep your applications and business online. Your servers will then run off your disaster recovery site until your primary facility is back online and capable of resuming system functionality.

It’s important to note that disaster recovery options come in all shapes and sizes. Synchronous solutions replicate your data in near real-time. That makes this option one of the most comprehensive, but also generally more expensive. On the other hand, asynchronous solutions have more delayed duplication, which means some of your most recent data may not be recovered.

Important Backup and Disaster Recovery Terms

Understanding a few essential terms can help develop your strategic decisions and enable you to better evaluate backup and disaster recovery solutions.

  • Recovery time objective (RTO) is the amount of time it takes to recover normal business operations after an outage. As you look to set your RTO, you’ll need to consider how much time you’re willing to lose—and the impact that time will have on your bottom line. The RTO might vary greatly from one type of business to another. For example, if a public library loses its catalog system, it can likely continue to function manually for a few days while the systems are restored. But if a major online retailer loses its inventory system, even 10 minutes of downtime—and the associated loss in revenue—would be unacceptable.
  • Recovery point objective (RPO) refers to the amount of data you can afford to lose in a disaster. You might need to copy data to a remote data center continuously so that an outage will not result in any data loss. Or you might decide that losing five minutes or one hour of data would be acceptable.
  • Failover is the disaster recovery process of automatically offloading tasks to backup systems in a way that is seamless to users. You might fail over from your primary data center to a secondary site, with redundant systems that are ready to take over immediately.
  • Failback is the disaster recovery process of switching back to the original systems. Once the disaster has passed and your primary data center is back up and running, you should be able to fail back seamlessly as well.
  • Restore is the process of transferring backup data to your primary system or data center. The restore process is generally considered part of backup rather than disaster recovery.

Backups vs. Disaster Recovery: How to Choose the Best Solution for Your Business

In some cases, just the backup is enough to protect certain parts of your business from interruptions. For example, a complete disaster recovery plan for computers or mobile devices intended for employees generally does not require a full disaster recovery solution. If an employee’s device is lost or broken, your company is unlikely to be critically affected. You can replace the device and restore your data from a backup.

On the other hand, disaster recovery is crucial to protecting services and infrastructure that your company depends on to operate on a day-to-day basis. For example, suppose your employees’ PCs run as “thin clients” dependent on a central server to work. In that case, an interruption on that server can critically affect the business’ entire operation as it will prevent all employees from being able to use their workstations. Such an event is much more severe than an individual workstation break.

In most cases, the best solutions involve both backups and disaster recovery.

A solid backup plan that keeps your data accessible is helpful for minor disruptions, but without a larger, more comprehensive strategy, can cause all sorts of problems for your company. For instance, if your business collects, stores or transmits information that requires strict PCI DSS or HIPAA compliance, you will want to make sure those files are properly backed up and accessible in the event of a disaster—which might not be possible with basic backup solutions.

Consider incorporating your basic backup under the umbrella of a larger disaster recovery strategy to ensure you’re fully protected. Third-party providers will offer cloud-based disaster recovery as a service (DRaaS) solutions that are often more cost-effective and appropriate for your business needs.

Do your homework and determine the best strategy for your company. Because it’s not a question of if, but when you’ll need to recover from an unplanned outage.

Original version published May 30, 2018

Explore HorizonIQ
Bare Metal

LEARN MORE

About Author

INAP

Read More
Feb 19, 2019

Business Continuity and Disaster Recovery Basics: Making a Plan

Paul Painter, Director, Solutions Engineering

A friend of mine lives on a high prairie ranch surrounded with highly flammable Gambel oak.

Besides trimming the brush to create a defensive perimeter around his house, he has a bag prepared with important, difficult-to-reproduce documents, such as birth certificates and passports. In the event of a wildfire, his plan is to grab the bag, cell phone, backup drive for the computer and evacuate in his car. He’s willing to let everything else be “toast,” becoming part of his claim to the insurance company.

It’s impossible to clear all valuable items from his home, so he has selectively planned to save what is the most important. Whether we’re talking about your personal belongings or your enterprise’s most valuable assets, having a plan like this is the first critical step toward an effective disaster recovery posture.

Disaster Recovery Planning: Determining What’s Essential

A big part of business continuity and disaster recovery planning is just deciding what to recover. Certainly, it’s “simpler” to just plan to recover all operations for all applications, regardless of any individual application’s level of importance to business continuity. But providing resources—financial or otherwise—to recover everything is not feasible for every organization, nor is it necessarily a wise use of limited time, money and staff.

Some compliance standards may dictate what must be protected and may be audited to prove that data is protected. This can make it easy to determine what to protect, since in many ways, compliance regulations already decide for you.

Most businesses, however, just need to restore operations in order to remain viable after a disaster. In this way, what’s saved is usually just a raw factor of what makes the company money. Let’s walk through a couple of hypothetical examples.

Business Continuity Case No. 1

A COO originally placed priority on preserving his organization’s accounting systems; he wanted to ensure that his business was still able to bill for services even after a disaster.

However, he rethought his strategy to focus on revenue-generating systems: He opted to replicate operational systems that supported customers—the systems that actually contributed to his company’s bottom line. Accounting systems were still next up on the list of priorities, but the COO opted to use cloud backups, with a plan to rebuild systems within a month of disaster—quick enough to make the next invoicing period.

In other words, he prioritized making money with the next priority awarded to billing systems, while still protecting the critical data in those systems.

Business Continuity Case No. 2

An organization’s human resource records were preserved in offsite cloud backups, but it didn’t have a concrete plan for restoring them after a disaster event. At the time, HR systems were still run on local servers. (But most HR support systems have gone to hosted applications now, so this was less of an issue.)

A disaster-recovery-as-a-solution (DRaaS) service would quickly solve the issues, regardless, providing straightforward redundancy for critical systems.

Related to HR were the servers that fed training content to employees, which were relegated to the “toast” category. This doesn’t mean you lose them forever though: Using a service like cloud backups will preserve the training data until a plan can be formulated to restore the servers.

But the important part of the decision-making process is determining what needs to be online right away and what can be restored at a later time. I always ask prospective customers about their priorities.

As a third party, it’s useful to try to understand the decision-making process and whether there might be biases or gaps. But there should always be internal stakeholders asking the same questions—before disaster strikes.

Recovery operations can be chaotic enough without having to triage applications’ importance on the fly. Having a prioritized list of applications ready to go is invaluable.

How Should I Use Risk Impact Analysis to Make the Most of Limited Resources?

Beyond the monetary expense of determining what to save is the effort and manpower expense. As poet Robert Burns wrote in 1786, the “best laid plans of mice and men often go astray.”

Still, it’s best to plan out as much as possible and triage applications ahead of a disaster. This way, your IT staff already know where to spend effort and what to put on the back burner when disaster strikes.

A risk impact analysis helps you think through the probability of disaster and how much any given event would impact your business, allowing you to find a balance between your tolerance for risk with what is actually likely to happen.

For example, a server being corrupted during patch operations is high-probability but might only have a medium impact on customers, unless it’s an extended outage. On the other hand, the probability of a long-duration regional power outage affecting the entire eastern interconnection grid is far less likely but would have an enormous impact.

Risk impact analyses usually include:

  • potential threats
  • probability of threat occurring
  • human impact
  • property impact
  • business impact

The spreadsheet used for a risk assessment can be made more elaborate by adding up the impact scores (1-3) and then multiplying by probability (1-3) to produce an overall score (here, the max score is 27). See below for an example of a fictitious firm located in St. Louis, Missouri:

Threat Probability Human Impact Property Impact Business Impact Total Score
Key server failure 3 1 1 3 15
Hurricane striking St. Louis 1 3 3 3 9
Earthquake striking St. Louis 3 3 3 3 27
Loss of manufacturing space to fire 2 3 3 3 18

 

In the above example, a key server failure is something nearly guaranteed to happen and would have an absolute impact to the business. A hurricane striking St Louis is highly unlikely and garners a low overall score.

However, because St. Louis is near the New Madrid Fault, it’s at risk of a catastrophic earthquake affecting personnel, property and the business and thus scores very high.

To show how much this can vary from location to location, the following is based on another fictitious firm in Cheyenne, Wyoming:

Threat Probability Human Impact Property Impact Business Impact Total Score
Key server failure 3 1 1 3 15
Hurricane striking Cheyenne 1 3 3 3 9
Earthquake striking Cheyenne 1 3 3 3 9
Loss of manufacturing space to fire 2 3 3 3 18

 

The key server failure keeps the same score, and Cheyenne is probably as unlikely as St. Louis to experience a hurricane. However, Cheyenne has a less than 5 percent chance of experiencing any seismic activity[1] and therefore has a very low probability of an earthquake. This business may thus want to prioritize not only mitigating server failures but also planning for fire within the manufacturing space.

How to Build Your Business Continuity and Disaster Recovery Plan: Exercises and Templates

I’m a big fan of checklists because I think they’re easier to follow than wordy, step-by-step instructions. (I also buy Atul Gawande’s The Checklist Manifesto for all of my direct reports.) And my friend agrees: If a wildfire is threatening his ranch, he can go down his list quickly and get out.

Similarly, creating a simple five to 10-page plan that is fast, readable, testable and executable will be far more useful than a complex or highly detailed plan that is hard to follow. And once it’s been written, it should be tested, whether formally or informally—but certainly before it’s needed.

You can get started by downloading our Business Impact Analysis Template:

I also recommend defining a communications plan. This might include:

  • A phone tree of key business leaders
  • A preplanned location to meet at time of disaster (e.g., at another business, a hotel conference room, the CEO’s house, etc.)
  • Audio and/or web bridge information for internal discussions
  • An external plan for how to communicate to customers (e.g., using a Twitter feed, a status website with up-to-the-minute information, etc.)

The value of a thoughtful business continuity and disaster recovery plan cannot be overstated. Just like you can’t clear the house of all your belongings in the middle of a wildfire, it’s just as important to determine which systems and resources must be saved when catastrophe strikes.

[1] James C. Case, Rachel N. Toner, and Robert Kirkwood Wyoming State Geological Survey, Basic Seismological Characterization for Laramie County, Wyoming, September 2002

Explore HorizonIQ
Bare Metal

LEARN MORE

About Author

Paul Painter

Director, Solutions Engineering

Read More
Jul 12, 2018

Business Continuity Options for Colocation

INAP

Backup and Disaster Recovery services are probably unique among IT services, in that you have them in the hopes of never needing them. But in an age of sophisticated hackers, increasingly destructive natural disasters and the ever-present risk of human error, the question is not one of if but when you will need business continuity services.

We’ve written about taking a multiplatform infrastructure approach to colocation and cloud and how it’s often the best fit when designing your IT infrastructure from an application-first perspective. But even if you decide to take an all-colo approach to your production deployment, using cloud-based Business Continuity services is still an option you should consider for protecting your critical workloads and data, especially when you can simply add them on to your existing services without having to go to another service provider.

Where to start?

As with any Business Continuity project, you need to first determine your recovery goals. Ask: Do my applications need a zero-downtime solution, or can we tolerate several hours of downtime? Establishing a baseline Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for critical business systems will create a solid framework that will guide your decisions.

Once recovery goals are established, you then need to look at your production workloads. Are you running your critical systems on physical hardware or virtualized infrastructure? Does your recovery solution support physical, virtual or multiplatform environments? Here, a trusted service provider can also come in handy to make sure you can have a business continuity solution that’s flexible enough for your infrastructure and your needs.

Physical

Protecting workloads on physical infrastructure can be challenging, since backup and recovery solutions can only focus on protection at the operating system level, which is bound to the specific underlying hardware. This means that copying the OS to different hardware can cause problems. Should a custom backup and disaster recovery solution be needed, look for a service provider that has additional capabilities to build out application-specific recovery options. This might take the form of colocating identical storage arrays for array-based replication by using the data replication feature built into many mainstream storage appliances. Or it might be building out custom bare metal infrastructure for Active-Active replication of application data.

Virtual

The benefits of virtualization are obvious for your applications: Instead of having just one application per server, you can run several guest operating systems and a handful of applications with the same physical hardware. In this way, virtualization offers unprecedented ability to scale and distribute workloads across your infrastructure.

These benefits extend to backups and disaster recovery as well because virtualization allows critical VM data to be restored or replicated to another location completely independently of the underlying hardware. In addition to VM backups powered by companies like Veeam, R1Soft and Commvault, there are other disaster recovery options that your provider may offer as a service. INAP offers Standby DRaaS and Dedicated DRaaS, which protect your critical VM data either in a pay-as-you-go standby state or with dedicated cloud resources for organizations with the strictest business continuity needs.

Multiplatform Infrastructure

In an ideal world, all workloads would fit in one bucket or the other. But for most, a multiplatform approach will be the most optimal to achieving the operational and financial goals of any business continuity implementation. For example, a company might have virtualized most of their critical infrastructure but still have a legacy inventory system that needs to stay on physical servers because of technology limitations. A service provider like INAP has the ability to provide the virtual and physical infrastructure, as well as management services needed—all packaged into a multiplatform Disaster Recovery environment. This is why it’s important to work with a service provider that has a multitude of options and expertise in any and all infrastructure solutions, whether colocation, bare metal or private cloud deployments.

Explore HorizonIQ
Bare Metal

LEARN MORE

About Author

INAP

Read More