bct-cloud

8/6/2019 bct-cloud

1/24

Right for You?

8/6/2019 bct-cloud

2/24

eBook 11

Published July 2010

By Vision Solutions

Is the Cloud Right for You?

8/6/2019 bct-cloud

3/24


Table of ConTenTsChapter 11: Is the Cloud Right for You?

Foreword...............................................................................................4

Managed Service vs. Cloud Providers ...................................................5

How the Cloud Works ............................................................................5

What Is the Public Cloud? .....................................................................6

What Is a Private Cloud?.......................................................................8

Hybrid Solutions .................................................................................10

Physical-Public Hybrids ......................................................................10

Physical-Private Hybrids .....................................................................10

hysical-Public-Private Hybrids ..............................................................11

Virtual Private Clouds .........................................................................11

Universal Considerations for Cloud Infrastructure ...............................12

Recovery as a Service (RaaS) .............................................................13

Cloud for SMBs ...................................................................................14

Cloud for Large Organizations .............................................................15

Calculating Cost of Downtime .............................................................15

Determining RPO and RTO ..................................................................16

Is Cloud Backup and Recovery Right for Your Organization? ................17

How Cloud Backup and Recovery Works ...............................................17

Cloud Security Essentials ...................................................................18

Cloud vs. Tape.....................................................................................19

The Costs of Tape Backup ..................................................................19

Off-Site, Rapid Recovery .....................................................................20

The Cloud DR Opportunity ...................................................................22

Eco-Friendly Incentives for Cloud Computing.......................................23

Conclusion ..........................................................................................24

sign up To beCome a memberAs an eBook member, you will be the first to be notified

when Chapter 12, appears in print!

Receive information from IBM and Vision Solutions, Inc.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

8/6/2019 bct-cloud

4/24bCttT.c4


forewordMany concepts in modern technology evolve so quickly that those involved in

the creation of the technologies may not even notice that a new platform has

been born out of their work. The cloud is such a platform. What started years

ago in the field of hypervisor-based virtualization technologies is evolving into

the ability to produce computer resources, in multiple physical locations, that

act as if they were part of the local network that end-users and middleware

applications are attached to.

The cloud, as we know it today, has no true definition. We can only start with

some definitions that hold true at the moment and then move into theoretical

discussions about some of the most likely next steps in the field of cloud

maturity. There are certain aspects of day-to-day technology issues that cloud

computing can assist with, both now and into the next generation of the

cloud-based computer resource. The cloud is getting a lot of press from both

supporters and detractors. Some say it is the future of information technology;

others say it is the same old thing, repackaged. The only real question is

whether it can be a means to an end.

For now, cloud computing is to IT storage and resource management what thesmartphone is to the rotary dial; its simple, cheap, scalable, eco-friendly, and

infinitely available.

In the end, the cloud is just a metaphor for the Internet, and it works just

like an electricity grid: resources, software, and information are provided to

computers on demand and in the quantity demanded. In the 1980s, those

resources were provided by giant mainframes and complex, geographically

restricted client-server systems, which also required an enormous investment

in hardware, space, and skilled staff to maintain them. Now, any business of

any size, and even individuals, can consume storage space, software, and

other resources in the cloud without having to own or manage a datacenter.

Further, organizations can take advantage of technology that allows them to

maintain a real-time backup copy of data, applications, and even operating

systems in the cloud, which allows them to restore damaged or destroyed

production servers in minutes instead of hours or days. The best part is, it

doesnt take a dedicated IT staff to do it.

ChapTer 11Is the Cloud Right for You?
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

8/6/2019 bct-cloud

5/24bCttT.c5


The term cloud computing is so generic (and sometimes misused) that its

nearly worthless in a practical discussion. Two aspects of cloud computing

that are relevant to the discussion are Infrastructure as a Service (IaaS)

and Software as a Service (SaaS). With IaaS, a service provider delivers

raw resourceslike virtual machines, storage, and network bandwidthas

a service. With SaaS, a provider layers a specific software solution on topof those raw resources and delivers that. When both IaaS and SaaS are

combined in an offering that is specifically designed to provide data protection

and disaster recovery, it is referred to as Recovery as a Service, or RaaS, which

is discussed later in this chapter.

managed serviCe vs. Cloud providersThere are key distinctions between hosting companies with managed-service

offerings and cloud providers. The key differences have to do with how much ofthe infrastructure (and therefore, cost) is dedicated to the solution. Managed

Service Providers (MSPs) and hosting companies generally provide dedicated

hardware, software, and storage to each customer. This requires that the

customer specify, pay for, and commit to specific capacities in advance.

Cloud providers generally provision a customers current demands from a

pool of capacity, thereby providing the elasticity to allow customers to later

change their requirements with ease. Think of the difference between buying a

generator and getting an account with a power company.

The best cloud providers will let you buy capacity in very small chunks, allow

you to change your usage on the fly, and bill you only for what you consumeall

without a long-term commitment to any specific usage pattern or cost.

how The Cloud worksLike the Internet, the cloud is a network of computers. This network behaves

like a collective virtual computer, where the applications can run independently

from individual computers or server configurations. The hardware isnt

important; the application is. High-speed Internet access has eliminated the

need to have the software run on desktops, so now software can be completelyWeb-based. In fact, running software in the cloud makes it possible to run

different operating systems at the same time. For example, you can host your

Website on Linux while using Windows or Mac for applications.




Like the Internet,

cloud is a network

o computers. Thi

network behaves

a collective virtua

computer, where

the applications crun independently

rom individual

computers or serv

confgurations.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

8/6/2019 bct-cloud

6/24bCttT.c6


The cloud network is made up of front-end layers and back-end layers.

Front-end layers are the ones users see and interact with when, for example,

accessing Internet-based email (like Gmail). The back-end is made up of

hardware and software architecture that drives the front-end interface.

Because the network of computers works together, the applications can take

advantage of the combined computing power. Cloud computing also creates

infinite flexibility. Depending on demand, resources can be increased or

reduced as necessary by reassigning specific hardware.

whaT is The publiC Cloud?Cloud computing technology is not new. The ability of an organization to

rent space on servers has existed since nearly the beginning of the modern

digital revolution back in the 1970s. Educational organizations routinely rent

out space on their supercomputers in order to run complex calculations and

simulations for private businesses like the pharmaceutical industry. However,

mainstream renting of computer resources was typically relegated to thesmaller business market and the extremely large enterprise space, leaving out

most businesses in between those two extremes.

Smaller shops could lease server equipment in co-location facilities. This

wasnt truly a cloud solution, as the hardware was owned by the business that

was leasing space, and only the facility, power, and networking was owned by

the co-location company. However, it did evolve into a form of cloud computing,

where servers as entire units could be rented out for a period of time or on an

Real Server 1

User

Real Server n

Load Balancer

Linux Box

Real Server 2

LAN/WAN

Internet/Intranet

Virtual Server
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

8/6/2019 bct-cloud

7/24bCttT.c7


ongoing basis to customers who did not wish to buy their own server resources

to co-locate. This idea of renting dedicated servers could be seen as the great-

grandfather of the cloud solution set, as information and applications owned

by one entity were being run on computer resources owned by another, but this

model was still too expensive and inflexible to work on a large scale. The sheer

amount of datacenter space and costs associated with acquiring, maintaining,and refreshing that large a number of physical servers made the business

model difficult to maintain for all but a few large-scale hosting companies.

The advent of stable, commercially available virtualization solutions allowed

the hosted server model to evolve from the rental of physical hardware

computer resources into the rental of virtual computer resources. This allowed

each physical device to be parceled out to many more customers, reducing

the overhead on the co-location provider and allowing for much greater client

density per given square foot of datacenter space. The problem was that there

were still limits to how many virtual machines could be logically managed by

native tool sets. Virtual machines (VMs) still had to be created and destroyed

manually by the co-location staff, and that kept the model from being flexible

enough to expand rapidly.

A few years ago, key players in the space we now know as the public cloud

began to roll out a new theory of hosted virtualization that broke through those

barriers. By writing complex Web-based front-end solutions to the back-end

virtualization platforms, many companies were able to allow clients to create

and remove virtual servers or other computer resources themselves, instead of

waiting for a co-location employee to manually perform these actions. Many of

these providers went beyond simply offering virtual servers and have createdthe ability to instantiate storage resources, virtual application connection

points, and other technologies that would have been impossible in the world of

simple virtual server rental.

Which brings us to the world of the public cloud that we understand today.

Vendors provide access to limited virtual machines, storage, and computer-

resource command and control systems, and organizations use those tools

to create, manage, and reallocate resources as required for various projects.

In this respect, the public cloud is the combination of those control resources

alongside the resources themselves. The defining factor of the public cloud is

that these resources and command/control systems are never owned by the

organization that rents them, but instead are owned and maintained by some

third-party organization.

Public cloud systems may seem like a panacea to the problems of overcrowded

IT facilities, but they do have some drawbacks. First is that the data and

all computer resources associated with it are housed within a datacenter

controlled by some other entity. This could cause security issues for highly

The advent o stab

commercially ava

virtualization solu

allowed the hoste

server model to e

rom the rental o

physical hardwarecomputer resourc

into the rental o

virtual computer

resources
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

8/6/2019 bct-cloud

8/24bCttT.c8


sensitive data (see the section below on private cloud technology). Then there

is the fact thatwith the exception of completely new systemsdata and

computer resources do not currently reside in the cloud. You will need some

way to transfer the systems and the data resources from their current home

into cloud computer resources located at your cloud providers facility. There

are many solutions from various vendors that can allow you to achieve thisgoal, and as such this isnt an insurmountable obstacle, but it is one that must

be taken into consideration as you plan your cloud strategy.

whaT is a privaTe Cloud?The benefits of the public cloud are very visible. Organizations do not need

to purchase or amortize hardware in order to create computer resources for

applications or entire server platforms. However, since the organization doesnt

own these resources, certain security concerns arise very quickly. Thoughmany of these concerns can be overcome by strict legal agreements between

the organization and the vendors in question, there is still a lingering doubt as

to who has final control over a particularly sensitive computer workload. Public

cloud simply isnt the ultimate best choice for every type of cloud-capable

solution set.

In order to address these specific concerns, many enterprise-class

organizations are still willing to turn to the creation of cloud platformsbut

only within their own datacenters and within their corporate control. Known

as private clouds, these massive virtualization platforms can provide many

of the same benefits as a public cloud platform but entirely within the legal

and operational domain of a specific organization. While the idea of infinite

scalability becomes lost due to a finite amount of corporate resources, control

aspects to this type of cloud are greatly enhanced, making it a suitable choice

for those organizations dealing with high-security computer requirements.

In a common example, virtualized infrastructure platforms can be put in place

across dozens or even hundreds of physical server resources located in one

or more datacenters controlled by an enterprise. Native tools are leveraged to

provide a back-end infrastructure, and the organizations own (or outsourced)

programming staff creates a customized front-end platform that end-userscan access to manage these virtual platforms. Along with the management

tools, systems for tracking business-unit utilization of the resources must

also be created in order to properly determine how internal billing will be

metered out to the individual end-users within the organization. Once created,

these front-end and back-end systems then allow business units to pay for

computer resources as required, with those resources being released back

8/6/2019 bct-cloud

9/24bCttT.c9


into the overall private cloud pool when they are no longer required. Since the

individual business units do not know where their physical server locations are,

they no longer require long periods of architecture design to ensure they get

the resources they need in a local datacenter. They simply use the front-end

tools to request the required computer power, storage, and other resources,

and the custom front-end/back-end solutions provision the best combinationof virtual and physical resources in the best location for the purpose.

This ability to control security while still allowing for true cloud computer

resource allocation makes private clouds an attractive solution for large

organizations that require a higher level of security and control than they

would otherwise be able to obtain from the public cloud. That is not to say

that private clouds are without their own drawbacks, though. Moving cloud

computer resources internally eliminates the native redundancy of most public

cloud providers; the public cloud allows for a form of native disaster recovery

(DR) just by ensuring that no single computer resource is housed in only one

location. Private clouds would not natively be able to provide this type of

redundancy but could be outfitted with third-party tools that can provide such

redundancy easily. It becomes a matter of finding and implementing the correct

recovery solutions, something that isnt typically necessary for public cloud

platforms.

The methodologies of public cloud architecture definitely require an economy

of scale. They necessitate large numbers of physical servers to act as virtual

hosts, large amounts of server-class storage space (typically in the form of

SAN systems), and a great deal of power and cooling systems to maintain.

Also required is appropriate licensing for the virtual infrastructure technologiesand a dedicated staff to manage the systems that manage the end-users

solution sets. When combined with the development costs of the customized

command/control interfaces and billing systems, this type of solution becomes

cost-prohibitive to all but larger enterprise organizations looking to produce a

specific and secure cloud computing platform internally. So, while this model

is in use today and does address many security concerns that exist within the

public cloud, it is not a solution that is within reach of the average organization

looking to leverage cloud solutions.




The ability to cont

security while stil

allowing or true c

computer resourc

allocation makes

private clouds an

attractive solutionlarge organization
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

8/6/2019 bct-cloud

10/24bCttT.c10


hybrid soluTionsAs you can see, there are plusses and minuses to both public and private

cloud solution sets. In addition to those hurdles inherent to the technology at

this time, there is always the fact that many systems are onand will remain

onphysical servers. This makes those particular systems incapable of

migration to either a public or private cloud, since both of those technologies

sets rely on virtualization at their core. In order to surmount these obstacles

and to provide some facility for physical servers within an organization, many

businesses are looking toward a variety of hybrid solution sets that merge

existing technologies with the cloud. They also can use hybrid platforms to

merge public cloud for most applications with private cloud for high-security

application environments to leverage the best of both worlds.

Physical-Public Hybrids

The most common hybrid approach is to leverage the existing physical

resources of the organization to host anything that is not readily suitable forpublic cloud and then contract with a vendor such as Amazon Web Services to

provide cloud computer and/or storage resources for everything that can safely

be migrated out of the local datacenter.

An example would be a financial application with a Web-based front-end.

The financial data is tightly controlled by internal and external regulatory

compliance measures and therefore would probably not be easily migrated to

a public cloud infrastructure. However, the Web-based front-end solution set

would not hold sensitive data and could therefore be migrated with much less

effort onto a cloud computer or cloud application platform. The appropriate

levels of Web-based security, firewalls, and VPN infrastructure could then

be applied to ensure that only data that is cleared to leave the datacenter

is permitted to travel between the secure facility and the Web systems. The

benefit of this type of hybridization is that the Web systems can be dynamically

expanded to meet incoming user demand, but the secure systems can still be

tightly controlled without redesigning them to exist within the cloud computer

environment.

Physical-Private Hybrids

In some cases, even the security of a tightened private cloud computer

environment is not suitable for the workloads currently residing in thetraditional datacenter. In those cases, where the IT staff wants to gain

more flexibility without redesigning site security, a private cloud infrastructure

can be established to allow for cloud flexibility within the current

datacenter environment.

8/6/2019 bct-cloud

11/24bCttT.c11


Medical records are a good example of this type of solution set. Where large-

scale health insurers or providers (major hospitals, etc.) require the flexibility

of cloud, they must still be aware of the impact of using external resources to

house data bound by HIPAA and other regulations. In many cases, moving to a

public cloud infrastructure would require a massive reconfiguration of security

protocols and procedures, while establishing a private cloud would allow forflexible infrastructure without physically moving outside of the current secure

environment itself.

Physical-Public-Private Hybrids

This solution set is perhaps the most complex of hybrids, and its used only by

the largest of organizations. The theory behind this technology is that there will

be some servers that must remain physical, others that can become virtualized

but cannot be placed on public cloud networks, and finally many servers that

could easily be adapted to the public cloud.

As an example, consider a multi-service insurance conglomerate. Many Web-based solutions are already exposed to public traffic and could therefore take

advantage of the increased on-demand scalability of the public cloud computer

and storage solutions on the market. In most of this class of organization,

a large number of legacy solutions exists, many of which are bound to

physical hardware configurations and cannot migrate to a public or private

cloud infrastructure at all. Finally, newer solution sets that still host highly

sensitive data could be virtualized but cannot leave the security confines of

the organizations datacenters. Combining all three forms of infrastructure

(physical servers and public and private clouds) allows for maximum flexibility

for all the various types of workloads and systems that make up the business.

virTual privaTe CloudsPublic cloud providers are by no means lax on security issues. The modern

public cloud can be made exceptionally secure, and the previous examples

were meant to convey that the applications themselves would be difficult to

adapt to the public cloud for security reasons within the apps themselves, not

that they could not be made secure on a public cloud platform. Virtual private

clouds are one example of how a public cloud can be made highly secureshould the applications and systems in question be able to make the move to

a public cloud.

A virtual private cloud is simply a public cloud infrastructure that has been

security-hardened to permit only recognized traffic streams. For example, email

systems often contain highly secure information within their databases, but

some components must be able to communicate with the outside world in

order for email to flow. A virtual private cloud can allow email servers to have

A virtual private c

is simply a public

cloud inrastructu

that has been sec

hardened to perm

only recognized tr

streams.

8/6/2019 bct-cloud

12/24bCttT.c12


strictly limited connectivity to email traffic (SMTP links, etc.) but otherwise

speak only to servers within the corporate datacenter via an encrypted tunnel.

The theory is very similar to establishing a VPN connection between two

sites of the organization, except here the public cloud is accessed within an

especially walled-off section of the cloud computer and storage infrastructure

accessible only to the business unless otherwise specified.

universal ConsideraTions for CloudinfrasTruCTureThere are two topics that must be considered during the planning and

implementation phases of any project where some form of cloud computer or

storage resources are involved: how to get the systems into the cloud and how

to provide DR solutions, especially if the cloud provider does not provide them.

Migration of systems into and out of cloud infrastructurepublic or privateis

not an insignificant task when those systems already exist in the physical or

virtual world in your datacenters. If end-user downtime is not a concern, then a

backup and restore model could be used to get the dataand possibly system

informationfrom a fixed point in time into your cloud providers infrastructure.

This is especially true for private clouds, where the physical distance is limited

and bandwidth is generally easy to come by. However, if user downtime is

to be minimized, you will need to investigate tools that provide some way to

transmit both the system information and data from your current platform into

the cloud platform. These tools will need to be able to address multiple formsof applications and be able to move this information over VPN tunnels or other

secure transmission methods to ensure that data security is maintained.

Most public cloud providers do offer the ability to establish VPN connections

to your cloud computer resources on their platform, allowing you to focus on

moving the data and system information. This solves the security problem

but not the entire migration picture. The intended target platforms are

almost definitely of a different form/class/configuration of hardware than

your systems, and the tools you use will have to enable you to change

these parameters on the fly. While this migration occurs, end-users will be

making changes to data, so the tools must also be able to keep up with newinformation as they migrate the existing systems.

Finally, every project has some amount of uncertainty, and implementing cloud

strategies is no exception. The tools you choose for migration should be equally

able to return you to your existing configuration if unexpected issues crop up

after the migration is complete. Note that it is quite rare these days to see

applications and platforms that would have any problem virtualizing without

showing evidence of this during the investigation phase of the project, but it

has been known to happen from time to time. A safety net is never a bad thing.

Most public cloud

providers do oer

ability to establish

VPN connections

your cloud compu

resources on thei

platorm, allowingto ocus on movin

the data and syste

inormation.

8/6/2019 bct-cloud

13/24bCttT.c13


reCovery as a serviCe (raas)While most organizations are focusing on cloud computer and storage

resources for extending or enhancing existing infrastructure, there is a specific

use-case for cloud strategies that doesnt require moving existing systems to

a cloud vendor. Leveraging public or private cloud computer infrastructure to

allow for another avenue for DR is becoming popular as more companies begin

to explore cloud architecture.

Vendors can provide tools (such as Amazon Web Services EC2 and S3

products) that leverage cloud computer and storage platforms to create

a complete backup and rapid-restoration platform for systems capable of

virtualization. Some allow for protection of entire servers from your location,

over a VPN connection, to one or more public cloudbased data-warehousing

solutions. If a server fails at the primary business location, it can be either

restored to another cloud computer resource or restored back to the primary

location onto repaired or replaced hardware. Often, the choice of restorationlocation isnt required until the restore is about to begin, which allows for a

great degree of flexibility. Organizations are contracting for cloud computer

resources and then parceling out those resources to business units for DR

purposes, while allowing these business units to continue business as usual

on their current production data systems.

The advantages of this methodology are numerous. You will not have to provide

full infrastructure architecture for DR, which can amount to a large budgetary

savings over time. You also can introduce the idea of public or private cloud

technology into areas that would be hesitant to put their production systems

on such platforms. Since only the DR platform is housed in the cloud, manyreluctant managers would be willing to allow it in this instance. In short, cloud

platforms can help introduce using cloud computer and storage resources

in a non-production form; this is the traditional entranceway for emerging

technologies in the enterprise, and its a great fit for public and private clouds.




8/6/2019 bct-cloud

14/24bCttT.c14


Cloud for smbsRight now, the practical impact of the cloud is most fully realized in small to

mid-sized businesses (SMBs). SMBs can immediately enjoy the benefits

of a full-sized datacenter infrastructure without having to implement and

administer it, giving them access to multiple data centers anywhere in the

world. And, as their demand for resources increases, they can add additional

service as needed from their cloud computing vendor without having to pay

for more hardware.

One of the most interesting aspects of cloud computing is that is completely

revolutionizing business continuity for SMBs. The United States Small Business

Administration stated that SMBs fall into one of two categories: those that

have endured a disaster and those that will. They go on to say that nearly 40

percent of those who go through a disaster will not be able to recover. The

threat is real, and SMB owners are aware of it. However with tight budgets,

there is little room for hardware infrastructure and specialized staff to maintainit. Still, SMBs rely heavily on technology like Websites, inventory, point-of-sale

software, staff scheduling programs, email, and record keeping. In the case

of legal and medical (also, financial and some manufacturing), there are strict

compliance regulations about things like how long records must be kept and

how much time businesses are allotted to produce a record on demand. If one

of these businesses loses access to its technology for a day, or even an hour,

serious consequences (fines, lost revenue, lost customer data and confidence)

could occur that are difficult to recover from. It remains critical that SMBs

have a current copy of their data stored somewhere safe and accessible.

In the past decade, this process was so expensive that many SMBs resortedto dodgy tape-based backup systemsor, worse, theyve done nothing and

hoped for the best.

With the advent of cloud computing, instead of just crossing their fingers or

paying for the hardware, software, space, and staff required for storage, an

entire mid-sized corporation can rent enough cloud space to keep a real-time,

full-server backup copy of all its data, applications, and operating systems.

Real time means that every keystroke, every email, every bit and byte is safe,

and full-server means that every application and even the whole operating

system is safe and available. And it gets better: its also now possible to copy

data into the cloud in real time, and its possible to retrieve it from the cloud...

just as fast.

What this means for SMBs is that if the store burns down or is flooded or

someone spills coffee on the server, daily operations can resume in minutes

instead of daysor never.

With the advent o

cloud computing,

instead o just

crossing their fng

or paying or the

hardware, sotwa

space, and starequired or stora

an entire mid-size

corporation can re

enough cloud spa

keep a real-time,

8/6/2019 bct-cloud

15/24bCttT.c15


Cloud for large organizaTionsThough it may take a while for it to become standard, the cloud is fully

scalable to even the larger organizations, and some are beginning to realize

the cost- and time-savings of closing their datacenters and letting someone

else deal with it. For some, it isnt yet practical to scrap their datacenters and

staff and move to the cloud, and they will likely continue to rely on mainframes

and client-server architecture until its no longer possible or cost-effective to

maintain it. Others, like NASA and many pharmaceutical manufacturing giants,

are ready and willing but have security concerns and are testing the waters by

putting non-proprietary information in the cloud or by using some combination

of public and private clouds.

Either way, backup and recovery in the cloud works the same way for large

organizations; the resources are just as scalable, backup is real-time, and

recovery is just as fast.

The question for organizations of any size is, When is it the right time to make

the switch?

The first step to evaluating the quality of a data backup and recovery plan is

to figure out the cost of downtime and evaluate the Recovery Time Objective

(RTO) and Recovery Point Objective (RPO). These metrics define how long you

think it will take you to get back online and how current the data has to be.

CalCulaTing CosT of downTimeCalculating the cost of downtime can help determine RTO and RPO objectives,

which are key factors in any backup and recovery plan. Knowing the cost of

downtime can also help senior management understand IT system disaster

recovery hardware and software budgets. While there is a simple formula

below for calculating your cost of downtime, consider these questions:

Howmuchmoneywouldbelostifalltransactiondataforthelasttwelve

hours, or even the last ten minutes, were lost?

Whatisthevalueoftheknowledgecontainedinthecompanyslast

twelve hours worth of emails and email attachments? What would itcost to have engineers recreate the last twelve hours of work?

Whatstheexposureifyoucantproducethisdataincompliancewith

Sarbanes-Oxley, HIPAA, SEC, and other regulations?

The frst step to

evaluating the qua

o a data backup

recovery plan is to

fgure out the cos

o downtime and

evaluate the RecoTime Objective (R

and Recovery Poin

Objective (RPO).

8/6/2019 bct-cloud

16/24bCttT.c16


Heres a simple way to estimate the average cost per hour of downtime:

Cost Per Occurrence = (To + Td) x (Hr + Lr)

To=LengthofOutage

Td=TimeDeltatoDataBackup(Howlongsincethelastbackup?)

Hr=HourlyRateofPersonnel(Calculatebymonthlyexpenseper

department divided by the number of work hours.)

Lr=LostRevenueperHour(Appliesifthedepartmentgeneratesprofit.

A good rule is to look at profitability over three months and divide by the

number of work hours.)

Next, determine RTO and RPO objectives.

Determining RPO and RTO

In measuring the criticality of IT systems, the two primary considerations are

how much data and how much time you can afford to lose.

Recovery Point Objective

The first, the Recovery Point Objective (RPO), is the threshold of how much

data an organization can afford to lose since the last backup. Defining the

companys RPO typically begins with examining how frequently backup takes

place. Since backup can be intrusive to systems, it is not typically performed

more frequently than several hours apart. This means that the backup RPO is

probably measured in hours of data loss.

Recovery Time Objective

The second, the Recovery Time Objective (RTO), is the threshold for how quickly

an organization needs to have an applications information restored. For

example, maybe four hours, eight hours, or the next business day is tolerable

for email systems. Keep in mind the amount of time it takes to provision

servers, storage, networking resources, and virtual machine configurations.




8/6/2019 bct-cloud

17/24bCttT.c17


is Cloud baCkup and reCovery righT foryour organizaTion?Finding the right balance of features and price to meet your RPO and RTO

is one of the most critical things you can do to protect your business. For IT

system continuity, there are three solution categories: backup, high availability,and disaster recovery.

Backupmeanskeepingyourdatasafe;inthissituation,RPOismore

critical than RTO.

Highavailabilitymeanskeepingyourcriticalapplicationsanddata

online; a high availability solution is required for high RPO and RTO.

Disasterrecoveryistheabilitytorecoverdataincasetheproduction

system is damaged, is destroyed, or becomes unavailable for an

undeterminable period of time. A comprehensive disaster recovery

solution that can restore data quickly and completely is required to

meet low RPO and RTO thresholds.

How Cloud Backup and Recovery Works

Cloud backup and recovery requires a combination of technologies: backup

and recovery software plus a Cloud Service Provider (CSP). This combination

allows you to replicate data and system-state information from servers in your

production environment into a virtual servercalled a repositoryrunning

at the CSP. From this repository, you can restore entire servers to virtual

machinesalso housed at the CSPto resume normal operations quickly

and effectively. Good backup and recovery software is more than an IaaS

target DR hardware site; it will be a full RaaS solution that includes both thetarget infrastructure and the technologies to replicate and recover your data

effectively in the cloud.

Cloud backup and

recovery requires

a combination o

technologies: bac

and recovery sotw

plus a Cloud Serv

Provider (CSP).

8/6/2019 bct-cloud

18/24bCttT.c18


Cloud seCuriTy essenTialsAs mentioned, the security of backing up to the cloud is a major concern for

larger or regulated industries. Backing up servers and data requires real-

time protection combined with the security and stability of a trusted cloud

infrastructure. How can you be sure your data is secure end to end?

The best backup and recovery software will provide at least four layers of

protection, starting at the production server with secure VPN technology and

then isolating your data within the cloud with private backup repository, private

security groups, and private storage.

The best backup a

recovery sotware

provide at least o

layers o protectio

Users

VPN

$1.99 / dayper server

$90 / month+ $0.20 / GB

RecoveryServer DC1

RecoveryServer Exchange

ExchangeServer

Amazon EC2

DC1 DomainController Active

Directory DNS

Double-TakeBackup Repository

Server

Users

Users

8/6/2019 bct-cloud

19/24bCttT.c19


Cloud vs. TapeRegardless of size, if a business relies on tape backup alone, restoration is

easy (although slow) only for the simplest failure and only if everything goes

perfectly. If a hard disk fails and all the backup tapes are good and the staff

is practiced at doing the repair and restore, then its possible to simply buy

a replacement part and get things up within a couple of hoursthough the

data will be from last nights backup. If the problem is more complicated and

involves a replacement server for instance, a day or two will be required to get

new hardware in place before recovery can begin. At this stage, 40 percent of

tape restores fail.

Tape backup has inherent problems that can go quickly from inconvenient to

disastrous. Consider some of the issues and the ways they would affect your

business in a disaster or system outage:

Tapebackuphardwareandsoftwareareexpensive,especiallyifyouhave multiple offices.

Makingbackupseverydayrequiresmanualintervention;itseasyto

forget or skip it.

Tapebackupnearlyalwaysinvolvesdowntime;youcantbackupa

system that is in use.

Tapesareeasilydamaged,lost,ordestroyed.

Atbest,youllberecoveringfromyesterdaysdata.

Fortypercentofrestorationattemptsfromtapefail.Canyouaffordto

permanently lose your data?

Taperestoration,whenitworks,involveshoursordaysofcomplete

downtime.

The Costs of Tape Backup

Acquisitionandongoingmaintenanceofhardware

Acquisitionofbackupsoftwareandongoingmaintenance/support

Acquisitionandreplacementoftapemedia

Offsitestorageandtransportationcosts

Operationcostsforperformingbackupandrecovery

Costofdowntimeincurredduringrecovery

Costofdatalossduetorecoveringtopreviousnightsdata




Tape backup has

inherent problems

that can go quickl

rom inconvenient

disastrous.

8/6/2019 bct-cloud

20/24bCttT.c20


off-siTe, rapid reCoveryEvery business will have different RTO and RPO goals. If an organization

determines it has a four-hour RTO and RPO, then the business has decided

that it can tolerate four hours of downtime between failure and recovery

and that it will have to recreate (or do without) only the last four hours of

data. Together, this is about eight hours of lost productivity. For most serious

problems, its an optimistic goal for a tape (or disk-to-disk) backup system

alone to meet. Even the most mundane failures can easily push recovery times

into days or weeks:

Equipmentfailure,requiringareplacement

Extendedorrecurringpoweroutage

Air-conditioningfailure

Fire

Flood(waterleak)

Physicaldamagetothebuilding

The best way to ensure a fast recovery is to have replacement equipment

standing by at an off-site location with the necessary software and

configuration to quickly transfer users and data. The best practice includes a

remote data center with servers, storage, networking equipment, and Internet

access. Restoring to this remote data center from backup tapes will likely take

too long, assumes that the tapes were not affected by the original problem,

and still leaves the risk of recovering only old data. Instead, replication

software can be used to keep the backup systems constantly updated.

A four-hour RTO and RPO requires:

Off-sitehardwareandinfrastructuretorunserversandapplications

DataupdatestotheDRsitemoreoftenthaneveryfourhours,

preferably real-time

ContinualupdatesoftheapplicationandOSconfiguration(withoutthis,

recovery may fail after a patch or an upgrade)

Amethodtodealwithanyhardwaredifferencesbetweenproduction

and recovery environments

The best way to e

a ast recovery is

have replacement

equipment standi

by at an o-site

location with the

necessary sotwaand confguration

quickly transer u

and data.

8/6/2019 bct-cloud

21/24bCttT.c21


All the requirements in the list above can be met by currently available

technology. If it is clear that local tape or disk-to-disk solutions do not provide

adequate protection and a better solution is available, why isnt every server in

the world protected? Usually the answer is cost. The cost of an off-site, rapid

recovery solution comes in a variety of ways:

Upfrontcost

Technicalcomplexity(requiresnewITspecialistsortimeandbudgetto

train existing staff)

Operationalcomplexity(managinganewdatacenterandtwiceasmuch

equipment)

Projectmanagement(complex,expensiveprojectsrequirelotsof

planning and management)

Risk(expensive,complicatedprojectssometimesfail)

Given all the cost, complexity, time, and risk involved in creating this capability,

these projects are often delayed in favor of projects that produce immediate,obvious results, such as a Web server update or a desktop refresh.

For some organizationsparticularly larger organizations with large staff and

significant IT expertiseadding extra servers to an existing off-site location is

relatively easy. But even in these large organizations, there are still servers

that dont make the cut; they are not considered to be critical enough to justify

the solution.

If a server is so unimportant that it wont be missed when it fails, perhaps

the next question is Why not just turn it off? The point of this off-site, rapid

recovery solution is to preserve as much of the normal operating capability as

possible. Customers and business partners dont care that a pipe burst and

flooded the data center; they want to know when a business can deliver. If a

server is important to meeting a business requirement, it is worth protecting.

The question to ask is not Is this server worth the solution; instead, How do

we make the solution practical for every server?

Most of the cost and complexity of this solution comes not from the specialized

tools for replication and recovery. Instead, the pain comes from, ironically, the

extra facilities and equipment, both of which will sit relatively idle most of the

time. Specifically:

Selecting,acquiring,andbuildingoutaseconddatacenter(orthehigh

cost of renting one already configured)

Selecting,acquiring,installing,andconfiguringthestandbyequipment

Managingandmaintainingthefacilityandequipment

Integratingallthepartsintoareliablesolution

8/6/2019 bct-cloud

22/24bCttT.c22


This creates a peak-versus-average problem, where time and money are spent

building a redundant data center that can meet the peak capacity of the IT

department, but the average utilization of that capacity will be very small. You

pay for peak but only get the benefit of a very low average utilization.

Easy and fast network access, and the introduction of electronic businesspractices across all industries, has resulted in reliance upon IT systems and

therefore puts business operations at risk when IT failures occur. Tape backup

was the preferred recovery solution of the 1970s computing era. Disk-to-disk

and server-to-server replication is becoming more prevalent because it

provides near-real-time copies of data for faster, easier recovery.

The Cloud dr opporTuniTyIf an IaaS cloud provider can offer a complete data center, with enough

capacity to meet peak needs (i.e. during a production outage) but only bill for

the average usage during normal operations, there is clearly an opportunity to

redefine the cost and complexity of an off-site, rapid recovery solution.

By partnering with the right cloud vendor, a manager planning a disaster

recovery solution gets access to:

Unlimitedsparesforcomputers

Diskcapacityondemand

Freeidlebandwidth,with(nearly)unlimitedburstcapacity

Adatacenterthatishighlyoptimizedandmanagedforlowcost,highreliability, and high security

Datacenterslocatedinmultiplecountries,tobestmeetgeographicand

regulatory requirements

All that remains is to integrate a suitable disaster recovery solution to this IaaS

capacity.

Sound good? It should. There are now real solutions to real problems, but be

careful. Many managed service providers and hosting companies are touting

their solutions as cloud, and many offer disaster recovery or online backup

solutions, but do they meet your Recovery Point and Recovery Time Objectives?It helps to ask them a few key questions:

Canyouprotectallofmyserversandapplications?

CanyouprotectmyOSandapplicationsaswellasthedata?

CanIactuallyfailovertothecloudandstayupandrunning?

CanItestthefailoverprocesstoensuretheserversarerecoverable?

Easy and ast

network access, a

the introduction o

electronic busines

practices across

all industries, has

resulted in relianc

upon IT systems

and thereore put

business operatio

risk when IT ailur

occur.

8/6/2019 bct-cloud

23/24bCttT.c23


Doyouprovideamechanismtorecoverthedata/serverswithoutlotsof

downtime?

CanIpayforonlywhatIuse,ordoIneeddedicatedserversinthe

cloud?

Once you find a solution that answers those questions to your satisfaction, youcan look to protect every server in the infrastructure. It should be so cost-

effective that you can just sign up, set it, and forget it. Set a reminder to test

failover every six months, and ensure you havent added any new servers.

eCo-friendly inCenTives for CloudCompuTingAnother incentive of cloud computing is that it is eco-friendly. But theres more

to going green than just social incentive: making your IT infrastructure moreenvironmentally friendly can save you a ton of cash too.

Replacinghardwarecomponentswithacloudsystemreducesenergy

costs of running hardware and maintaining climate control and also

reduces carbon dioxide emissions.

Therearetaxandpowercompanyincentivestogoinggreen.

Consolidatingdatainthecloudmeansmoreefficientmanagementof

data centers, which means cost-savings.

GreenITiscomposedofseveraltechnologiesthatallhavethegoal

of reducing power consumption and overall datacenter footprint,

consolidating locations and resources, and improving efficiency of

operations.

Siteconsolidationtothecloudprovidesaflexibleandefficientplatform

that reduces power consumption. Consolidation usually means

migrating physical servers to virtual machines, which need not be a

complicated or expensive undertaking. Real-time and live migration

products take the pain out of migrating to a new infrastructure. When

consolidating infrastructures, consider your disaster recovery plan and

your ability to protect your architecture from failure.

Consolidatedenvironmentsoptimizepowerandcoolingrequirements.

They require less energy than would be necessary to power and coolan entire room of physical servers. They use a high-density power

and cooling solution designed specifically for a smaller, more efficient

virtualized environment. These solutions keep the dense architecture at

an optimal temperature without cooling the entire data center.

8/6/2019 bct-cloud

24/24


Cloudcomputingcanreducethenumberofserversinyourdata

center, which may reduce your costs. If you would typically host your

transactional Web server farms or commerce applications, you can

use the cloud to provide those services instead. The cloud frees

smaller SMB companies from the burden of a data center, while larger

corporations are using the cloud to host less-critical or lower-tieredapplications to further reduce their datacenter footprint. Using the

cloud can enhance backup and recovery capabilities and reduce the

costs typically associated with tape.

ConClusionThe cloud concept still has a long way to go before we can be sure exactly

what its definitions, roles, and limitations will be. There is a tremendous

amount of promise in public, private, and hybrid cloud platforms, and muchof this promise can be seen in the real-world implementations of cloud

technology in the market today. Leveraging cloud platforms where they make

the most sense is a matter of careful evaluation and proper migrationin much

the same way as you would with most other technology within the corporate

organization. The right partners, the right tools, and the right platforms can all

work together today to build the data systems that will continue to serve you

well for the future.


http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/

bct-cloud

Documents