Download - bct-cloud
-
8/6/2019 bct-cloud
1/24
Right for You?
-
8/6/2019 bct-cloud
2/24
eBook 11
Published July 2010
By Vision Solutions
Is the Cloud Right for You?
-
8/6/2019 bct-cloud
3/24
Is the Cloud Right for You?
Table of ConTenTsChapter 11: Is the Cloud Right for You?
Foreword...............................................................................................4
Managed Service vs. Cloud Providers ...................................................5
How the Cloud Works ............................................................................5
What Is the Public Cloud? .....................................................................6
What Is a Private Cloud?.......................................................................8
Hybrid Solutions .................................................................................10
Physical-Public Hybrids ......................................................................10
Physical-Private Hybrids .....................................................................10
hysical-Public-Private Hybrids ..............................................................11
Virtual Private Clouds .........................................................................11
Universal Considerations for Cloud Infrastructure ...............................12
Recovery as a Service (RaaS) .............................................................13
Cloud for SMBs ...................................................................................14
Cloud for Large Organizations .............................................................15
Calculating Cost of Downtime .............................................................15
Determining RPO and RTO ..................................................................16
Is Cloud Backup and Recovery Right for Your Organization? ................17
How Cloud Backup and Recovery Works ...............................................17
Cloud Security Essentials ...................................................................18
Cloud vs. Tape.....................................................................................19
The Costs of Tape Backup ..................................................................19
Off-Site, Rapid Recovery .....................................................................20
The Cloud DR Opportunity ...................................................................22
Eco-Friendly Incentives for Cloud Computing.......................................23
Conclusion ..........................................................................................24
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
Receive information from IBM and Vision Solutions, Inc.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
4/24bCttT.c4
Is the Cloud Right for You?
forewordMany concepts in modern technology evolve so quickly that those involved in
the creation of the technologies may not even notice that a new platform has
been born out of their work. The cloud is such a platform. What started years
ago in the field of hypervisor-based virtualization technologies is evolving into
the ability to produce computer resources, in multiple physical locations, that
act as if they were part of the local network that end-users and middleware
applications are attached to.
The cloud, as we know it today, has no true definition. We can only start with
some definitions that hold true at the moment and then move into theoretical
discussions about some of the most likely next steps in the field of cloud
maturity. There are certain aspects of day-to-day technology issues that cloud
computing can assist with, both now and into the next generation of the
cloud-based computer resource. The cloud is getting a lot of press from both
supporters and detractors. Some say it is the future of information technology;
others say it is the same old thing, repackaged. The only real question is
whether it can be a means to an end.
For now, cloud computing is to IT storage and resource management what thesmartphone is to the rotary dial; its simple, cheap, scalable, eco-friendly, and
infinitely available.
In the end, the cloud is just a metaphor for the Internet, and it works just
like an electricity grid: resources, software, and information are provided to
computers on demand and in the quantity demanded. In the 1980s, those
resources were provided by giant mainframes and complex, geographically
restricted client-server systems, which also required an enormous investment
in hardware, space, and skilled staff to maintain them. Now, any business of
any size, and even individuals, can consume storage space, software, and
other resources in the cloud without having to own or manage a datacenter.
Further, organizations can take advantage of technology that allows them to
maintain a real-time backup copy of data, applications, and even operating
systems in the cloud, which allows them to restore damaged or destroyed
production servers in minutes instead of hours or days. The best part is, it
doesnt take a dedicated IT staff to do it.
ChapTer 11Is the Cloud Right for You?
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
5/24bCttT.c5
Is the Cloud Right for You?
The term cloud computing is so generic (and sometimes misused) that its
nearly worthless in a practical discussion. Two aspects of cloud computing
that are relevant to the discussion are Infrastructure as a Service (IaaS)
and Software as a Service (SaaS). With IaaS, a service provider delivers
raw resourceslike virtual machines, storage, and network bandwidthas
a service. With SaaS, a provider layers a specific software solution on topof those raw resources and delivers that. When both IaaS and SaaS are
combined in an offering that is specifically designed to provide data protection
and disaster recovery, it is referred to as Recovery as a Service, or RaaS, which
is discussed later in this chapter.
managed serviCe vs. Cloud providersThere are key distinctions between hosting companies with managed-service
offerings and cloud providers. The key differences have to do with how much ofthe infrastructure (and therefore, cost) is dedicated to the solution. Managed
Service Providers (MSPs) and hosting companies generally provide dedicated
hardware, software, and storage to each customer. This requires that the
customer specify, pay for, and commit to specific capacities in advance.
Cloud providers generally provision a customers current demands from a
pool of capacity, thereby providing the elasticity to allow customers to later
change their requirements with ease. Think of the difference between buying a
generator and getting an account with a power company.
The best cloud providers will let you buy capacity in very small chunks, allow
you to change your usage on the fly, and bill you only for what you consumeall
without a long-term commitment to any specific usage pattern or cost.
how The Cloud worksLike the Internet, the cloud is a network of computers. This network behaves
like a collective virtual computer, where the applications can run independently
from individual computers or server configurations. The hardware isnt
important; the application is. High-speed Internet access has eliminated the
need to have the software run on desktops, so now software can be completelyWeb-based. In fact, running software in the cloud makes it possible to run
different operating systems at the same time. For example, you can host your
Website on Linux while using Windows or Mac for applications.
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
Receive information from IBM and Vision Solutions, Inc.
Like the Internet,
cloud is a network
o computers. Thi
network behaves
a collective virtua
computer, where
the applications crun independently
rom individual
computers or serv
confgurations.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
6/24bCttT.c6
Is the Cloud Right for You?
The cloud network is made up of front-end layers and back-end layers.
Front-end layers are the ones users see and interact with when, for example,
accessing Internet-based email (like Gmail). The back-end is made up of
hardware and software architecture that drives the front-end interface.
Because the network of computers works together, the applications can take
advantage of the combined computing power. Cloud computing also creates
infinite flexibility. Depending on demand, resources can be increased or
reduced as necessary by reassigning specific hardware.
whaT is The publiC Cloud?Cloud computing technology is not new. The ability of an organization to
rent space on servers has existed since nearly the beginning of the modern
digital revolution back in the 1970s. Educational organizations routinely rent
out space on their supercomputers in order to run complex calculations and
simulations for private businesses like the pharmaceutical industry. However,
mainstream renting of computer resources was typically relegated to thesmaller business market and the extremely large enterprise space, leaving out
most businesses in between those two extremes.
Smaller shops could lease server equipment in co-location facilities. This
wasnt truly a cloud solution, as the hardware was owned by the business that
was leasing space, and only the facility, power, and networking was owned by
the co-location company. However, it did evolve into a form of cloud computing,
where servers as entire units could be rented out for a period of time or on an
Real Server 1
User
Real Server n
Load Balancer
Linux Box
Real Server 2
LAN/WAN
Internet/Intranet
Virtual Server
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
7/24bCttT.c7
Is the Cloud Right for You?
ongoing basis to customers who did not wish to buy their own server resources
to co-locate. This idea of renting dedicated servers could be seen as the great-
grandfather of the cloud solution set, as information and applications owned
by one entity were being run on computer resources owned by another, but this
model was still too expensive and inflexible to work on a large scale. The sheer
amount of datacenter space and costs associated with acquiring, maintaining,and refreshing that large a number of physical servers made the business
model difficult to maintain for all but a few large-scale hosting companies.
The advent of stable, commercially available virtualization solutions allowed
the hosted server model to evolve from the rental of physical hardware
computer resources into the rental of virtual computer resources. This allowed
each physical device to be parceled out to many more customers, reducing
the overhead on the co-location provider and allowing for much greater client
density per given square foot of datacenter space. The problem was that there
were still limits to how many virtual machines could be logically managed by
native tool sets. Virtual machines (VMs) still had to be created and destroyed
manually by the co-location staff, and that kept the model from being flexible
enough to expand rapidly.
A few years ago, key players in the space we now know as the public cloud
began to roll out a new theory of hosted virtualization that broke through those
barriers. By writing complex Web-based front-end solutions to the back-end
virtualization platforms, many companies were able to allow clients to create
and remove virtual servers or other computer resources themselves, instead of
waiting for a co-location employee to manually perform these actions. Many of
these providers went beyond simply offering virtual servers and have createdthe ability to instantiate storage resources, virtual application connection
points, and other technologies that would have been impossible in the world of
simple virtual server rental.
Which brings us to the world of the public cloud that we understand today.
Vendors provide access to limited virtual machines, storage, and computer-
resource command and control systems, and organizations use those tools
to create, manage, and reallocate resources as required for various projects.
In this respect, the public cloud is the combination of those control resources
alongside the resources themselves. The defining factor of the public cloud is
that these resources and command/control systems are never owned by the
organization that rents them, but instead are owned and maintained by some
third-party organization.
Public cloud systems may seem like a panacea to the problems of overcrowded
IT facilities, but they do have some drawbacks. First is that the data and
all computer resources associated with it are housed within a datacenter
controlled by some other entity. This could cause security issues for highly
The advent o stab
commercially ava
virtualization solu
allowed the hoste
server model to e
rom the rental o
physical hardwarecomputer resourc
into the rental o
virtual computer
resources
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
8/24bCttT.c8
Is the Cloud Right for You?
sensitive data (see the section below on private cloud technology). Then there
is the fact thatwith the exception of completely new systemsdata and
computer resources do not currently reside in the cloud. You will need some
way to transfer the systems and the data resources from their current home
into cloud computer resources located at your cloud providers facility. There
are many solutions from various vendors that can allow you to achieve thisgoal, and as such this isnt an insurmountable obstacle, but it is one that must
be taken into consideration as you plan your cloud strategy.
whaT is a privaTe Cloud?The benefits of the public cloud are very visible. Organizations do not need
to purchase or amortize hardware in order to create computer resources for
applications or entire server platforms. However, since the organization doesnt
own these resources, certain security concerns arise very quickly. Thoughmany of these concerns can be overcome by strict legal agreements between
the organization and the vendors in question, there is still a lingering doubt as
to who has final control over a particularly sensitive computer workload. Public
cloud simply isnt the ultimate best choice for every type of cloud-capable
solution set.
In order to address these specific concerns, many enterprise-class
organizations are still willing to turn to the creation of cloud platformsbut
only within their own datacenters and within their corporate control. Known
as private clouds, these massive virtualization platforms can provide many
of the same benefits as a public cloud platform but entirely within the legal
and operational domain of a specific organization. While the idea of infinite
scalability becomes lost due to a finite amount of corporate resources, control
aspects to this type of cloud are greatly enhanced, making it a suitable choice
for those organizations dealing with high-security computer requirements.
In a common example, virtualized infrastructure platforms can be put in place
across dozens or even hundreds of physical server resources located in one
or more datacenters controlled by an enterprise. Native tools are leveraged to
provide a back-end infrastructure, and the organizations own (or outsourced)
programming staff creates a customized front-end platform that end-userscan access to manage these virtual platforms. Along with the management
tools, systems for tracking business-unit utilization of the resources must
also be created in order to properly determine how internal billing will be
metered out to the individual end-users within the organization. Once created,
these front-end and back-end systems then allow business units to pay for
computer resources as required, with those resources being released back
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
9/24bCttT.c9
Is the Cloud Right for You?
into the overall private cloud pool when they are no longer required. Since the
individual business units do not know where their physical server locations are,
they no longer require long periods of architecture design to ensure they get
the resources they need in a local datacenter. They simply use the front-end
tools to request the required computer power, storage, and other resources,
and the custom front-end/back-end solutions provision the best combinationof virtual and physical resources in the best location for the purpose.
This ability to control security while still allowing for true cloud computer
resource allocation makes private clouds an attractive solution for large
organizations that require a higher level of security and control than they
would otherwise be able to obtain from the public cloud. That is not to say
that private clouds are without their own drawbacks, though. Moving cloud
computer resources internally eliminates the native redundancy of most public
cloud providers; the public cloud allows for a form of native disaster recovery
(DR) just by ensuring that no single computer resource is housed in only one
location. Private clouds would not natively be able to provide this type of
redundancy but could be outfitted with third-party tools that can provide such
redundancy easily. It becomes a matter of finding and implementing the correct
recovery solutions, something that isnt typically necessary for public cloud
platforms.
The methodologies of public cloud architecture definitely require an economy
of scale. They necessitate large numbers of physical servers to act as virtual
hosts, large amounts of server-class storage space (typically in the form of
SAN systems), and a great deal of power and cooling systems to maintain.
Also required is appropriate licensing for the virtual infrastructure technologiesand a dedicated staff to manage the systems that manage the end-users
solution sets. When combined with the development costs of the customized
command/control interfaces and billing systems, this type of solution becomes
cost-prohibitive to all but larger enterprise organizations looking to produce a
specific and secure cloud computing platform internally. So, while this model
is in use today and does address many security concerns that exist within the
public cloud, it is not a solution that is within reach of the average organization
looking to leverage cloud solutions.
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
Receive information from IBM and Vision Solutions, Inc.
The ability to cont
security while stil
allowing or true c
computer resourc
allocation makes
private clouds an
attractive solutionlarge organization
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
10/24bCttT.c10
Is the Cloud Right for You?
hybrid soluTionsAs you can see, there are plusses and minuses to both public and private
cloud solution sets. In addition to those hurdles inherent to the technology at
this time, there is always the fact that many systems are onand will remain
onphysical servers. This makes those particular systems incapable of
migration to either a public or private cloud, since both of those technologies
sets rely on virtualization at their core. In order to surmount these obstacles
and to provide some facility for physical servers within an organization, many
businesses are looking toward a variety of hybrid solution sets that merge
existing technologies with the cloud. They also can use hybrid platforms to
merge public cloud for most applications with private cloud for high-security
application environments to leverage the best of both worlds.
Physical-Public Hybrids
The most common hybrid approach is to leverage the existing physical
resources of the organization to host anything that is not readily suitable forpublic cloud and then contract with a vendor such as Amazon Web Services to
provide cloud computer and/or storage resources for everything that can safely
be migrated out of the local datacenter.
An example would be a financial application with a Web-based front-end.
The financial data is tightly controlled by internal and external regulatory
compliance measures and therefore would probably not be easily migrated to
a public cloud infrastructure. However, the Web-based front-end solution set
would not hold sensitive data and could therefore be migrated with much less
effort onto a cloud computer or cloud application platform. The appropriate
levels of Web-based security, firewalls, and VPN infrastructure could then
be applied to ensure that only data that is cleared to leave the datacenter
is permitted to travel between the secure facility and the Web systems. The
benefit of this type of hybridization is that the Web systems can be dynamically
expanded to meet incoming user demand, but the secure systems can still be
tightly controlled without redesigning them to exist within the cloud computer
environment.
Physical-Private Hybrids
In some cases, even the security of a tightened private cloud computer
environment is not suitable for the workloads currently residing in thetraditional datacenter. In those cases, where the IT staff wants to gain
more flexibility without redesigning site security, a private cloud infrastructure
can be established to allow for cloud flexibility within the current
datacenter environment.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
11/24bCttT.c11
Is the Cloud Right for You?
Medical records are a good example of this type of solution set. Where large-
scale health insurers or providers (major hospitals, etc.) require the flexibility
of cloud, they must still be aware of the impact of using external resources to
house data bound by HIPAA and other regulations. In many cases, moving to a
public cloud infrastructure would require a massive reconfiguration of security
protocols and procedures, while establishing a private cloud would allow forflexible infrastructure without physically moving outside of the current secure
environment itself.
Physical-Public-Private Hybrids
This solution set is perhaps the most complex of hybrids, and its used only by
the largest of organizations. The theory behind this technology is that there will
be some servers that must remain physical, others that can become virtualized
but cannot be placed on public cloud networks, and finally many servers that
could easily be adapted to the public cloud.
As an example, consider a multi-service insurance conglomerate. Many Web-based solutions are already exposed to public traffic and could therefore take
advantage of the increased on-demand scalability of the public cloud computer
and storage solutions on the market. In most of this class of organization,
a large number of legacy solutions exists, many of which are bound to
physical hardware configurations and cannot migrate to a public or private
cloud infrastructure at all. Finally, newer solution sets that still host highly
sensitive data could be virtualized but cannot leave the security confines of
the organizations datacenters. Combining all three forms of infrastructure
(physical servers and public and private clouds) allows for maximum flexibility
for all the various types of workloads and systems that make up the business.
virTual privaTe CloudsPublic cloud providers are by no means lax on security issues. The modern
public cloud can be made exceptionally secure, and the previous examples
were meant to convey that the applications themselves would be difficult to
adapt to the public cloud for security reasons within the apps themselves, not
that they could not be made secure on a public cloud platform. Virtual private
clouds are one example of how a public cloud can be made highly secureshould the applications and systems in question be able to make the move to
a public cloud.
A virtual private cloud is simply a public cloud infrastructure that has been
security-hardened to permit only recognized traffic streams. For example, email
systems often contain highly secure information within their databases, but
some components must be able to communicate with the outside world in
order for email to flow. A virtual private cloud can allow email servers to have
A virtual private c
is simply a public
cloud inrastructu
that has been sec
hardened to perm
only recognized tr
streams.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
12/24bCttT.c12
Is the Cloud Right for You?
strictly limited connectivity to email traffic (SMTP links, etc.) but otherwise
speak only to servers within the corporate datacenter via an encrypted tunnel.
The theory is very similar to establishing a VPN connection between two
sites of the organization, except here the public cloud is accessed within an
especially walled-off section of the cloud computer and storage infrastructure
accessible only to the business unless otherwise specified.
universal ConsideraTions for CloudinfrasTruCTureThere are two topics that must be considered during the planning and
implementation phases of any project where some form of cloud computer or
storage resources are involved: how to get the systems into the cloud and how
to provide DR solutions, especially if the cloud provider does not provide them.
Migration of systems into and out of cloud infrastructurepublic or privateis
not an insignificant task when those systems already exist in the physical or
virtual world in your datacenters. If end-user downtime is not a concern, then a
backup and restore model could be used to get the dataand possibly system
informationfrom a fixed point in time into your cloud providers infrastructure.
This is especially true for private clouds, where the physical distance is limited
and bandwidth is generally easy to come by. However, if user downtime is
to be minimized, you will need to investigate tools that provide some way to
transmit both the system information and data from your current platform into
the cloud platform. These tools will need to be able to address multiple formsof applications and be able to move this information over VPN tunnels or other
secure transmission methods to ensure that data security is maintained.
Most public cloud providers do offer the ability to establish VPN connections
to your cloud computer resources on their platform, allowing you to focus on
moving the data and system information. This solves the security problem
but not the entire migration picture. The intended target platforms are
almost definitely of a different form/class/configuration of hardware than
your systems, and the tools you use will have to enable you to change
these parameters on the fly. While this migration occurs, end-users will be
making changes to data, so the tools must also be able to keep up with newinformation as they migrate the existing systems.
Finally, every project has some amount of uncertainty, and implementing cloud
strategies is no exception. The tools you choose for migration should be equally
able to return you to your existing configuration if unexpected issues crop up
after the migration is complete. Note that it is quite rare these days to see
applications and platforms that would have any problem virtualizing without
showing evidence of this during the investigation phase of the project, but it
has been known to happen from time to time. A safety net is never a bad thing.
Most public cloud
providers do oer
ability to establish
VPN connections
your cloud compu
resources on thei
platorm, allowingto ocus on movin
the data and syste
inormation.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
13/24bCttT.c13
Is the Cloud Right for You?
reCovery as a serviCe (raas)While most organizations are focusing on cloud computer and storage
resources for extending or enhancing existing infrastructure, there is a specific
use-case for cloud strategies that doesnt require moving existing systems to
a cloud vendor. Leveraging public or private cloud computer infrastructure to
allow for another avenue for DR is becoming popular as more companies begin
to explore cloud architecture.
Vendors can provide tools (such as Amazon Web Services EC2 and S3
products) that leverage cloud computer and storage platforms to create
a complete backup and rapid-restoration platform for systems capable of
virtualization. Some allow for protection of entire servers from your location,
over a VPN connection, to one or more public cloudbased data-warehousing
solutions. If a server fails at the primary business location, it can be either
restored to another cloud computer resource or restored back to the primary
location onto repaired or replaced hardware. Often, the choice of restorationlocation isnt required until the restore is about to begin, which allows for a
great degree of flexibility. Organizations are contracting for cloud computer
resources and then parceling out those resources to business units for DR
purposes, while allowing these business units to continue business as usual
on their current production data systems.
The advantages of this methodology are numerous. You will not have to provide
full infrastructure architecture for DR, which can amount to a large budgetary
savings over time. You also can introduce the idea of public or private cloud
technology into areas that would be hesitant to put their production systems
on such platforms. Since only the DR platform is housed in the cloud, manyreluctant managers would be willing to allow it in this instance. In short, cloud
platforms can help introduce using cloud computer and storage resources
in a non-production form; this is the traditional entranceway for emerging
technologies in the enterprise, and its a great fit for public and private clouds.
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
Receive information from IBM and Vision Solutions, Inc.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
14/24bCttT.c14
Is the Cloud Right for You?
Cloud for smbsRight now, the practical impact of the cloud is most fully realized in small to
mid-sized businesses (SMBs). SMBs can immediately enjoy the benefits
of a full-sized datacenter infrastructure without having to implement and
administer it, giving them access to multiple data centers anywhere in the
world. And, as their demand for resources increases, they can add additional
service as needed from their cloud computing vendor without having to pay
for more hardware.
One of the most interesting aspects of cloud computing is that is completely
revolutionizing business continuity for SMBs. The United States Small Business
Administration stated that SMBs fall into one of two categories: those that
have endured a disaster and those that will. They go on to say that nearly 40
percent of those who go through a disaster will not be able to recover. The
threat is real, and SMB owners are aware of it. However with tight budgets,
there is little room for hardware infrastructure and specialized staff to maintainit. Still, SMBs rely heavily on technology like Websites, inventory, point-of-sale
software, staff scheduling programs, email, and record keeping. In the case
of legal and medical (also, financial and some manufacturing), there are strict
compliance regulations about things like how long records must be kept and
how much time businesses are allotted to produce a record on demand. If one
of these businesses loses access to its technology for a day, or even an hour,
serious consequences (fines, lost revenue, lost customer data and confidence)
could occur that are difficult to recover from. It remains critical that SMBs
have a current copy of their data stored somewhere safe and accessible.
In the past decade, this process was so expensive that many SMBs resortedto dodgy tape-based backup systemsor, worse, theyve done nothing and
hoped for the best.
With the advent of cloud computing, instead of just crossing their fingers or
paying for the hardware, software, space, and staff required for storage, an
entire mid-sized corporation can rent enough cloud space to keep a real-time,
full-server backup copy of all its data, applications, and operating systems.
Real time means that every keystroke, every email, every bit and byte is safe,
and full-server means that every application and even the whole operating
system is safe and available. And it gets better: its also now possible to copy
data into the cloud in real time, and its possible to retrieve it from the cloud...
just as fast.
What this means for SMBs is that if the store burns down or is flooded or
someone spills coffee on the server, daily operations can resume in minutes
instead of daysor never.
With the advent o
cloud computing,
instead o just
crossing their fng
or paying or the
hardware, sotwa
space, and starequired or stora
an entire mid-size
corporation can re
enough cloud spa
keep a real-time,
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
15/24bCttT.c15
Is the Cloud Right for You?
Cloud for large organizaTionsThough it may take a while for it to become standard, the cloud is fully
scalable to even the larger organizations, and some are beginning to realize
the cost- and time-savings of closing their datacenters and letting someone
else deal with it. For some, it isnt yet practical to scrap their datacenters and
staff and move to the cloud, and they will likely continue to rely on mainframes
and client-server architecture until its no longer possible or cost-effective to
maintain it. Others, like NASA and many pharmaceutical manufacturing giants,
are ready and willing but have security concerns and are testing the waters by
putting non-proprietary information in the cloud or by using some combination
of public and private clouds.
Either way, backup and recovery in the cloud works the same way for large
organizations; the resources are just as scalable, backup is real-time, and
recovery is just as fast.
The question for organizations of any size is, When is it the right time to make
the switch?
The first step to evaluating the quality of a data backup and recovery plan is
to figure out the cost of downtime and evaluate the Recovery Time Objective
(RTO) and Recovery Point Objective (RPO). These metrics define how long you
think it will take you to get back online and how current the data has to be.
CalCulaTing CosT of downTimeCalculating the cost of downtime can help determine RTO and RPO objectives,
which are key factors in any backup and recovery plan. Knowing the cost of
downtime can also help senior management understand IT system disaster
recovery hardware and software budgets. While there is a simple formula
below for calculating your cost of downtime, consider these questions:
Howmuchmoneywouldbelostifalltransactiondataforthelasttwelve
hours, or even the last ten minutes, were lost?
Whatisthevalueoftheknowledgecontainedinthecompanyslast
twelve hours worth of emails and email attachments? What would itcost to have engineers recreate the last twelve hours of work?
Whatstheexposureifyoucantproducethisdataincompliancewith
Sarbanes-Oxley, HIPAA, SEC, and other regulations?
The frst step to
evaluating the qua
o a data backup
recovery plan is to
fgure out the cos
o downtime and
evaluate the RecoTime Objective (R
and Recovery Poin
Objective (RPO).
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
16/24bCttT.c16
Is the Cloud Right for You?
Heres a simple way to estimate the average cost per hour of downtime:
Cost Per Occurrence = (To + Td) x (Hr + Lr)
To=LengthofOutage
Td=TimeDeltatoDataBackup(Howlongsincethelastbackup?)
Hr=HourlyRateofPersonnel(Calculatebymonthlyexpenseper
department divided by the number of work hours.)
Lr=LostRevenueperHour(Appliesifthedepartmentgeneratesprofit.
A good rule is to look at profitability over three months and divide by the
number of work hours.)
Next, determine RTO and RPO objectives.
Determining RPO and RTO
In measuring the criticality of IT systems, the two primary considerations are
how much data and how much time you can afford to lose.
Recovery Point Objective
The first, the Recovery Point Objective (RPO), is the threshold of how much
data an organization can afford to lose since the last backup. Defining the
companys RPO typically begins with examining how frequently backup takes
place. Since backup can be intrusive to systems, it is not typically performed
more frequently than several hours apart. This means that the backup RPO is
probably measured in hours of data loss.
Recovery Time Objective
The second, the Recovery Time Objective (RTO), is the threshold for how quickly
an organization needs to have an applications information restored. For
example, maybe four hours, eight hours, or the next business day is tolerable
for email systems. Keep in mind the amount of time it takes to provision
servers, storage, networking resources, and virtual machine configurations.
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
Receive information from IBM and Vision Solutions, Inc.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
17/24bCttT.c17
Is the Cloud Right for You?
is Cloud baCkup and reCovery righT foryour organizaTion?Finding the right balance of features and price to meet your RPO and RTO
is one of the most critical things you can do to protect your business. For IT
system continuity, there are three solution categories: backup, high availability,and disaster recovery.
Backupmeanskeepingyourdatasafe;inthissituation,RPOismore
critical than RTO.
Highavailabilitymeanskeepingyourcriticalapplicationsanddata
online; a high availability solution is required for high RPO and RTO.
Disasterrecoveryistheabilitytorecoverdataincasetheproduction
system is damaged, is destroyed, or becomes unavailable for an
undeterminable period of time. A comprehensive disaster recovery
solution that can restore data quickly and completely is required to
meet low RPO and RTO thresholds.
How Cloud Backup and Recovery Works
Cloud backup and recovery requires a combination of technologies: backup
and recovery software plus a Cloud Service Provider (CSP). This combination
allows you to replicate data and system-state information from servers in your
production environment into a virtual servercalled a repositoryrunning
at the CSP. From this repository, you can restore entire servers to virtual
machinesalso housed at the CSPto resume normal operations quickly
and effectively. Good backup and recovery software is more than an IaaS
target DR hardware site; it will be a full RaaS solution that includes both thetarget infrastructure and the technologies to replicate and recover your data
effectively in the cloud.
Cloud backup and
recovery requires
a combination o
technologies: bac
and recovery sotw
plus a Cloud Serv
Provider (CSP).
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
18/24bCttT.c18
Is the Cloud Right for You?
Cloud seCuriTy essenTialsAs mentioned, the security of backing up to the cloud is a major concern for
larger or regulated industries. Backing up servers and data requires real-
time protection combined with the security and stability of a trusted cloud
infrastructure. How can you be sure your data is secure end to end?
The best backup and recovery software will provide at least four layers of
protection, starting at the production server with secure VPN technology and
then isolating your data within the cloud with private backup repository, private
security groups, and private storage.
The best backup a
recovery sotware
provide at least o
layers o protectio
Users
VPN
$1.99 / dayper server
$90 / month+ $0.20 / GB
RecoveryServer DC1
RecoveryServer Exchange
ExchangeServer
Amazon EC2
DC1 DomainController Active
Directory DNS
Double-TakeBackup Repository
Server
Users
Users
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
19/24bCttT.c19
Is the Cloud Right for You?
Cloud vs. TapeRegardless of size, if a business relies on tape backup alone, restoration is
easy (although slow) only for the simplest failure and only if everything goes
perfectly. If a hard disk fails and all the backup tapes are good and the staff
is practiced at doing the repair and restore, then its possible to simply buy
a replacement part and get things up within a couple of hoursthough the
data will be from last nights backup. If the problem is more complicated and
involves a replacement server for instance, a day or two will be required to get
new hardware in place before recovery can begin. At this stage, 40 percent of
tape restores fail.
Tape backup has inherent problems that can go quickly from inconvenient to
disastrous. Consider some of the issues and the ways they would affect your
business in a disaster or system outage:
Tapebackuphardwareandsoftwareareexpensive,especiallyifyouhave multiple offices.
Makingbackupseverydayrequiresmanualintervention;itseasyto
forget or skip it.
Tapebackupnearlyalwaysinvolvesdowntime;youcantbackupa
system that is in use.
Tapesareeasilydamaged,lost,ordestroyed.
Atbest,youllberecoveringfromyesterdaysdata.
Fortypercentofrestorationattemptsfromtapefail.Canyouaffordto
permanently lose your data?
Taperestoration,whenitworks,involveshoursordaysofcomplete
downtime.
The Costs of Tape Backup
Acquisitionandongoingmaintenanceofhardware
Acquisitionofbackupsoftwareandongoingmaintenance/support
Acquisitionandreplacementoftapemedia
Offsitestorageandtransportationcosts
Operationcostsforperformingbackupandrecovery
Costofdowntimeincurredduringrecovery
Costofdatalossduetorecoveringtopreviousnightsdata
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
Receive information from IBM and Vision Solutions, Inc.
Tape backup has
inherent problems
that can go quickl
rom inconvenient
disastrous.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
20/24bCttT.c20
Is the Cloud Right for You?
off-siTe, rapid reCoveryEvery business will have different RTO and RPO goals. If an organization
determines it has a four-hour RTO and RPO, then the business has decided
that it can tolerate four hours of downtime between failure and recovery
and that it will have to recreate (or do without) only the last four hours of
data. Together, this is about eight hours of lost productivity. For most serious
problems, its an optimistic goal for a tape (or disk-to-disk) backup system
alone to meet. Even the most mundane failures can easily push recovery times
into days or weeks:
Equipmentfailure,requiringareplacement
Extendedorrecurringpoweroutage
Air-conditioningfailure
Fire
Flood(waterleak)
Physicaldamagetothebuilding
The best way to ensure a fast recovery is to have replacement equipment
standing by at an off-site location with the necessary software and
configuration to quickly transfer users and data. The best practice includes a
remote data center with servers, storage, networking equipment, and Internet
access. Restoring to this remote data center from backup tapes will likely take
too long, assumes that the tapes were not affected by the original problem,
and still leaves the risk of recovering only old data. Instead, replication
software can be used to keep the backup systems constantly updated.
A four-hour RTO and RPO requires:
Off-sitehardwareandinfrastructuretorunserversandapplications
DataupdatestotheDRsitemoreoftenthaneveryfourhours,
preferably real-time
ContinualupdatesoftheapplicationandOSconfiguration(withoutthis,
recovery may fail after a patch or an upgrade)
Amethodtodealwithanyhardwaredifferencesbetweenproduction
and recovery environments
The best way to e
a ast recovery is
have replacement
equipment standi
by at an o-site
location with the
necessary sotwaand confguration
quickly transer u
and data.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
21/24bCttT.c21
Is the Cloud Right for You?
All the requirements in the list above can be met by currently available
technology. If it is clear that local tape or disk-to-disk solutions do not provide
adequate protection and a better solution is available, why isnt every server in
the world protected? Usually the answer is cost. The cost of an off-site, rapid
recovery solution comes in a variety of ways:
Upfrontcost
Technicalcomplexity(requiresnewITspecialistsortimeandbudgetto
train existing staff)
Operationalcomplexity(managinganewdatacenterandtwiceasmuch
equipment)
Projectmanagement(complex,expensiveprojectsrequirelotsof
planning and management)
Risk(expensive,complicatedprojectssometimesfail)
Given all the cost, complexity, time, and risk involved in creating this capability,
these projects are often delayed in favor of projects that produce immediate,obvious results, such as a Web server update or a desktop refresh.
For some organizationsparticularly larger organizations with large staff and
significant IT expertiseadding extra servers to an existing off-site location is
relatively easy. But even in these large organizations, there are still servers
that dont make the cut; they are not considered to be critical enough to justify
the solution.
If a server is so unimportant that it wont be missed when it fails, perhaps
the next question is Why not just turn it off? The point of this off-site, rapid
recovery solution is to preserve as much of the normal operating capability as
possible. Customers and business partners dont care that a pipe burst and
flooded the data center; they want to know when a business can deliver. If a
server is important to meeting a business requirement, it is worth protecting.
The question to ask is not Is this server worth the solution; instead, How do
we make the solution practical for every server?
Most of the cost and complexity of this solution comes not from the specialized
tools for replication and recovery. Instead, the pain comes from, ironically, the
extra facilities and equipment, both of which will sit relatively idle most of the
time. Specifically:
Selecting,acquiring,andbuildingoutaseconddatacenter(orthehigh
cost of renting one already configured)
Selecting,acquiring,installing,andconfiguringthestandbyequipment
Managingandmaintainingthefacilityandequipment
Integratingallthepartsintoareliablesolution
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
22/24bCttT.c22
Is the Cloud Right for You?
This creates a peak-versus-average problem, where time and money are spent
building a redundant data center that can meet the peak capacity of the IT
department, but the average utilization of that capacity will be very small. You
pay for peak but only get the benefit of a very low average utilization.
Easy and fast network access, and the introduction of electronic businesspractices across all industries, has resulted in reliance upon IT systems and
therefore puts business operations at risk when IT failures occur. Tape backup
was the preferred recovery solution of the 1970s computing era. Disk-to-disk
and server-to-server replication is becoming more prevalent because it
provides near-real-time copies of data for faster, easier recovery.
The Cloud dr opporTuniTyIf an IaaS cloud provider can offer a complete data center, with enough
capacity to meet peak needs (i.e. during a production outage) but only bill for
the average usage during normal operations, there is clearly an opportunity to
redefine the cost and complexity of an off-site, rapid recovery solution.
By partnering with the right cloud vendor, a manager planning a disaster
recovery solution gets access to:
Unlimitedsparesforcomputers
Diskcapacityondemand
Freeidlebandwidth,with(nearly)unlimitedburstcapacity
Adatacenterthatishighlyoptimizedandmanagedforlowcost,highreliability, and high security
Datacenterslocatedinmultiplecountries,tobestmeetgeographicand
regulatory requirements
All that remains is to integrate a suitable disaster recovery solution to this IaaS
capacity.
Sound good? It should. There are now real solutions to real problems, but be
careful. Many managed service providers and hosting companies are touting
their solutions as cloud, and many offer disaster recovery or online backup
solutions, but do they meet your Recovery Point and Recovery Time Objectives?It helps to ask them a few key questions:
Canyouprotectallofmyserversandapplications?
CanyouprotectmyOSandapplicationsaswellasthedata?
CanIactuallyfailovertothecloudandstayupandrunning?
CanItestthefailoverprocesstoensuretheserversarerecoverable?
Easy and ast
network access, a
the introduction o
electronic busines
practices across
all industries, has
resulted in relianc
upon IT systems
and thereore put
business operatio
risk when IT ailur
occur.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
23/24bCttT.c23
Is the Cloud Right for You?
Doyouprovideamechanismtorecoverthedata/serverswithoutlotsof
downtime?
CanIpayforonlywhatIuse,ordoIneeddedicatedserversinthe
cloud?
Once you find a solution that answers those questions to your satisfaction, youcan look to protect every server in the infrastructure. It should be so cost-
effective that you can just sign up, set it, and forget it. Set a reminder to test
failover every six months, and ensure you havent added any new servers.
eCo-friendly inCenTives for CloudCompuTingAnother incentive of cloud computing is that it is eco-friendly. But theres more
to going green than just social incentive: making your IT infrastructure moreenvironmentally friendly can save you a ton of cash too.
Replacinghardwarecomponentswithacloudsystemreducesenergy
costs of running hardware and maintaining climate control and also
reduces carbon dioxide emissions.
Therearetaxandpowercompanyincentivestogoinggreen.
Consolidatingdatainthecloudmeansmoreefficientmanagementof
data centers, which means cost-savings.
GreenITiscomposedofseveraltechnologiesthatallhavethegoal
of reducing power consumption and overall datacenter footprint,
consolidating locations and resources, and improving efficiency of
operations.
Siteconsolidationtothecloudprovidesaflexibleandefficientplatform
that reduces power consumption. Consolidation usually means
migrating physical servers to virtual machines, which need not be a
complicated or expensive undertaking. Real-time and live migration
products take the pain out of migrating to a new infrastructure. When
consolidating infrastructures, consider your disaster recovery plan and
your ability to protect your architecture from failure.
Consolidatedenvironmentsoptimizepowerandcoolingrequirements.
They require less energy than would be necessary to power and coolan entire room of physical servers. They use a high-density power
and cooling solution designed specifically for a smaller, more efficient
virtualized environment. These solutions keep the dense architecture at
an optimal temperature without cooling the entire data center.
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/ -
8/6/2019 bct-cloud
24/24
Is the Cloud Right for You?
Cloudcomputingcanreducethenumberofserversinyourdata
center, which may reduce your costs. If you would typically host your
transactional Web server farms or commerce applications, you can
use the cloud to provide those services instead. The cloud frees
smaller SMB companies from the burden of a data center, while larger
corporations are using the cloud to host less-critical or lower-tieredapplications to further reduce their datacenter footprint. Using the
cloud can enhance backup and recovery capabilities and reduce the
costs typically associated with tape.
ConClusionThe cloud concept still has a long way to go before we can be sure exactly
what its definitions, roles, and limitations will be. There is a tremendous
amount of promise in public, private, and hybrid cloud platforms, and muchof this promise can be seen in the real-world implementations of cloud
technology in the market today. Leveraging cloud platforms where they make
the most sense is a matter of careful evaluation and proper migrationin much
the same way as you would with most other technology within the corporate
organization. The right partners, the right tools, and the right platforms can all
work together today to build the data systems that will continue to serve you
well for the future.
sign up To beCome a memberAs an eBook member, you will be the first to be notified
when Chapter 12, appears in print!
http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/http://www.businesscontinuitytoday.com/