There are several technology options that exist with the goal of making data secure, available and recoverable. Knowing every solution type and the differences between them aids in good decision-making, flexibility for a tight budget, and transformation for the future.
The most important differentiation between recovery options lies in the purposes each solution is intended to achieve. On a high level, terms can be broken into two goals: retention or recovery. While some may blur the lines between these two goals, all will ultimately give emphasis to one over the other — and this emphasis is often determined by the data in question.
“If data is not backed up frequently, as in every 15 minutes or less, employees could lose a great deal of work, businesses could lose orders, all of which loses time, costs money and damages a company’s reputation.”
– Doug Hazelman: Vice President, Product Strategy, Veeam
a collection of historical business records that are immutable and unchangeable, which must be retained for future reference should you ever need to produce evidence (perhaps when legal or regulatory questions arise). Archiving refers to the process of moving data that is no longer in active use to a separate storage device. Many organizations define archive data as any copies older than 120 days, whereas some may archive immediately when a matter is closed. Typically, archive data can be located online in to-disk format or offline in to-tape format.
Archive as a Service (AaaS):
also emphasizes maintaining a historical record, but unlike the “archive” definition above, a vendor is helping you with the act and storage of the archive data. It’s typically assumed the storage is in a second datacenter managed by the vendor.
a snapshot, point-in-time copy of your current on-premises data that you use to restore original file-level data if it’s ever damaged or lost. This refers to the practice of copying computer files to another storage device, with additional copies being added to an external storage location as those files change. Backup data can be located online in to-disk format or offline in to-tape format.
Backup as a Service (BaaS):
an approach where instead of performing backup on-premises, BaaS connects systems and data to a second datacenter, private, public or hybrid cloud managed by an outside provider. This outsourced method offloads the duties of managing tapes or hard disks and keeps data accessible or restorable from a remote location. Some people also refer to this form of data protection as Backup as a Service (BaaS), which is meant to place more emphasis on its purpose: to be able to recover using these backups.
IT Disaster Recovery (DR):
a type of data protection that is usually implemented with the goal of returning systems to normal. Depending on the approach, recovery could be within hours, but is typically much longer (days or weeks). It is typically accomplished using a combination of backups, SAN-to-SAN hardware-based replication, database replication or even software-based replication. With traditional IT-DR, the DR site requires the same amount of physical hardware and capacity as what is being used in the production or primary site, or this hardware must be procured before recovery can begin.
emphasizes fast recovery from a technology disruption, restoring applications and networking often within minutes-to-hours so users can return to work again quickly. It is like BaaS but instead of protecting individual files, it involves protecting the entire system or environment. On-premises datacenters or cloud-based datacenters are replicated to a second datacenter, private, public or hybrid cloud managed by an outside provider, removing the need for organizations to manage and maintain their own DR site. It also eliminates the need for capacity planning because the service allows for scaling of hardware resources when a declaration occurs, reducing costs.
Disaster Recovery on Infrastructure as a Service (IaaS):
references when an organization builds a recovery solution using replication or migration tools with an IaaS provider such as Azure, AWS or Google. In many cases this solution is set up with the intent of reducing overall costs for DR, but the firm’s IT team is responsible for the implementation, management, testing and recovery of the applications. It’s important to note that failover and failback capabilities should be tested on a small dataset if you are protecting workloads from outside of that same cloud family, because in some cases the failback doesn’t exist or requires a large effort.
Oftentimes, an organization’s budget has an impact on what solution is chosen, so the better you understand the importance of each dataset and application you need protected, the better you’ll be able to stretch your budget and elect the best-fit solution. Also consider where your business wants to be down the road when choosing from these options. Selecting a BaaS provider that also offers DRaaS solutions, for example, may mean an easier transition later on.
To understand which recovery solution best fits your IT systems and applications, it’s helpful to map them on a spectrum of hot and cold. The “hotter” a solution, the faster recovery capability it will have. For example, if a solution is labeled “hot,” this means it can restore systems within minutes.
The “hottest” solution is not always the most cost-effective. That’s why companies usually choose a solution that matches the needs of their applications to the costs and capabilities of recovery. With this in mind, a “cold” solution represents a slower recovery timeline. While the “coldest” solution may not be the fastest, it will often be the lowest investment.
Archives are the “coldest” of all the recovery options, whereas Backups are next in line. If IT systems crash, backups can be retrieved to restore their applications again. Backups can be housed in the cloud or disconnected from running technology, which adds a layer of security to prevent the exposure of data. Data from backups that are housed in a physical form might take more time to identify during downtime. This is why they are considered a “cold” method of recovery.
Backups and archives may be done in accordance with a compliance mandate, as a precaution against a cyber intrusion, for example. In this scenario, they are usually stored off-site, most often in a vault.
For copies of data that are meant for shorter-term retention and typically for a faster recovery timeline, companies often use replication, which enters the IT Disaster Recovery (DR) realm of solutions. Replication often duplicates data as changes occur in your environment and provides access to recent iterations of your data during an event.
Provides recovery in seconds or minutes. Real-time replication tracks and writes changes as they occur in an environment, so you can failback to an earlier version if needed.
Backup-based replication records a full environment, then reports changes on a regular basis (typically once a day), based on the nature of the application.
In each of the “as a Service” offerings, it’s important to understand that three different service models exist within them:
- Managed – the provider is responsible for performing and managing the solution. In scenarios when the client’s IT team is unavailable, the provider can even execute the recovery process on their own.
- Assisted – the provider gives the client expert advice on building a robust recovery strategy and setup, while also helping during a recovery event when needed.
- Self-Service – the client receives the necessary tools for the solution, but is on their own for everything else.
There are shared responsibilities whenever you are using the cloud. For this reason, know how much responsibility you want to take on, who owns what responsibility and which you share. Organizations should consider each of these “as a Service” service models with a critical eye to ensure proper alignment with needs. Consider the “Three Types of DRaaS” here.