Helder Almeida - Fotolia
What DR requirements belong in a cloud computing SLA?
Many organizations are making the move to DRaaS. But, before you dive in, be sure the cloud provider's SLA meets the needs of your business and its end users.
More companies are putting more of their assets in the cloud, so it's only logical to have a disaster recovery plan based in the cloud, as well. Cloud-based disaster recovery, or disaster recovery as a service, is available from a wide range of vendors and presents a supportive option to many organizations.
But before committing to a vendor, you need to ensure your disaster recovery bases are covered in the cloud computing service-level agreement (SLA).
Many organizations can benefit from cloud disaster recovery, and more are choosing that option because it's usually faster and cheaper than traditional DR tools. A note of caution comes from Greg Schulz, senior advisory analyst at StorageIO, who warned that shopping for cloud DR is more than just a matter of checking off the right boxes. It requires careful study of your needs and assets and an equally thorough review of what a cloud computing SLA really means in practice.
The devil is in the details
In general, DR based in the cloud is more flexible than on-premises options. However, as with so many things, the details can get you. Two reports from Forrester offer a useful starting point for considering cloud computing SLA options. The first, "Develop a Recovery Readiness View to Gain Insights into Your Recovery," reminds us it is vital to know what you are protecting so you can properly prioritize protections.
A more recent report, "The Forrester Wave: Disaster-Recovery-As-A-Service Providers, Q2 2019," looked at the top eight cloud DR providers and compared their capabilities. A key takeaway from the report is the sense that providers are continuing to improve, but because of the complexity of many DR challenges, customers are wise to seek providers that can orchestrate recovery workflows for business apps, not just virtual machines. In other words, delivering a more complete result is critical.
Similarly, the authors suggested providers should be able to support heterogeneous technology infrastructure, while still strengthening the security and compliance of the customer's recovery infrastructure.
In theory, all of those capabilities should ultimately be reflected in a SLA document. But, before you get involved in agreeing to a cloud disaster recovery SLA, you should plan out what you really need. Like all cloud services, the basic costs of cloud DR can be very reasonable. But if you don't know what you're looking for, you don't know what you're going to get. And you may not get the type of recovery you really need.
For example, it's good to determine exactly what you need to recover and how fast so you can meet the service-level agreements that your organization has with end users. Many companies have a sort of stratified approach to data recovery. In the traditional parlance of the data center, you might think of it as a hot backup, which can fail over immediately, and contrast it with a warm site or a cold site for less critical recoveries.
The SLA equation
With a cloud computing SLA, an obvious question is whether or not the recovery time objective for your organization can be met by the provider. Likewise, is there alignment between your desired recovery point objectives and theirs?
"When you see availability claims, if you see a number with a whole lot of nines, be sure you have the right perspective," Schulz said.
In other words, availability equals access plus durability. Is the data really available, and can you get access to it?
"Part of all those nines you see is durability, which is usually reflected in how many copies of your data they have in different locations or on different systems and in different zones," Schulz said.
The other part of the equation is accessibility: how and when you can actually access your data after an incident. Accessibility, Schulz said, is a combination of having multiple safe, uncorrupted copies of the data and when and how fast you can actually get full access to the data.
Beyond those specifics, Schulz said what you look for in a cloud computing SLA should probably be based on what you are doing on premises. Ultimately, it is up to you to understand the many tools and options from cloud providers, "because only you can prevent either local or cloud data loss," Schulz said.