Are all RTOs the same?

Your company has been using “as-a-Service” technologies for years now, often using SaaS products to improve your customer relationship management (CRM) tools, your marketing automation tools or your HR tools. As an IT professional, you likely had a role in implementing and troubleshooting those products, but you probably weren’t in the driver’s seat for purchasing and building requirements.

Today, things are different. You’re buying Disaster Recovery as a Service (DRaaS) as a member of IT. You’re in the driver’s seat to set the requirements you need and the services you demand to successfully protect and recover your business, all while going through the “as-a-Service” technology purchase process for the first time.

As you go through the purchasing process, you’re going to have questions. We want to help you understand all the information you can, so you make the most informed decision.

Solutions Consultant Andrew Hamilton is a VCP5 with over two decades of technology experience architecting secure, unique technology solutions to solve complex business problems. He’s seen customers stumble across the Disaster Recovery as a Service buying process before and wants to help expose some differences new buyers may not know to look for.

“Can you meet my RTO?”

“One question that I often hear when I talk to customers is, ‘This other provider is offering me a 1 hour RTO, can you?'” recounts Andrew Hamilton, solutions consultant at Bluelock (now InterVision). “While on the surface this appears to be a fairly straightforward question, the answer is more complex if the provider you are asking is telling the truth.”

Andrew continues, “The real question becomes, ‘Are all RTOs the same from provider to provider?’ The short answer is — probably not.”

“RTO, or Recovery Time Objective, refers to the amount of time it takes for an environment to be restored to functional capacity. Your ability to hit a certain RTO depends not only on the technology and tools employed, but also the processes used to restore an environment,” explains Andrew.


Understand the role of the technology and tools

“There are many different technologies used today under the auspices of Disaster Recovery. Some are tools developed specifically for the unique task of DR while others offer new takes on older backup technologies and are intended to simply restore an environment,” Andrew continues.

“Products like Veeam and CommVault are legacy applications that began first as backup products and have been re-imagined as DR tools. While these tools can provide recovery, they can have longer RPOs (Recovery point objectives) and RTOs (Recovery time objective). These tools can be an ideal DR solution for customers who have sizeable investments in these products already and want to capitalize their investment and use these in their plan if they are comfortable with the tradeoff in RTO and RPO for the benefit of capitalizing on existing technology, training and resources investments to gain new capabilities,” explains Andrew.

“Other tools like Zerto and Double-Take (now Carbonite) were developed from the ground up specifically to be DR recovery products. Because of this focus they tend to offer continuous data protection (CDP) and Journaled Replication benefits and capabilities as part of their tool. These benefits and capabilities translate into shorter RTOs and RPOs. When comparing these tools and the legacy backup products from above, the tradeoff with these products is that they typically do not offer file-level recovery like a backup/restore product does. These products tend to focus specifically on whole environments and groups of machines for protection,” explains Andrew.

Beyond the tools: Choosing the right solution

“Going back to the question of whether RTO’s are the same between providers,” Andrew says, “We recommend you focus your questions on the promises the provider is committing to when referencing meeting those RTO and RPOs. For example, your requirements should prioritize if you’ll need file-level restores, or if a shorter RTO or RPO is more important.”

Andrew continues, “Consider the entire recovery experience. If their promise involves simply booting up the machines in the environment and offering no Recovery Assurance that it will work, you could be left out in the rain when a disaster happens and you have to declare. Given the nature of DR failures, the probability of machines coming up in a “Crash Ready” state is very probable and a process needs to be employed and tested to address any issues that could arise in an actual event declaration. Look for a recovery provider who take your business needs into account when offering you a solution, can offer you multiple tools and technologies to choose from when considering solutions, and one who can assure your business’s complete recovery success when you need it, no strings attached.”

Want more tips on this topic?

Contact Us

Knowledge is power

Our experts have compiled research and recommendations to help you better understand threats, protection, and solutions.