How to Protect Your Business with Disaster Recovery as a Service

In the modern world, a business needs to protect their data, because losing that data could have devastating consequences. The virtual machines (VMs) used by companies for providing services should be backed up in safe places so that they can be restored if disaster strikes. Disaster recovery is the process of recovering those VMs with applications and services running on them. Today’s blog post explains Disaster Recovery as a Service (DRaaS), how DRaaS can protect businesses against disasters, and what you should look for in Disaster Recovery as a Service providers.

What Is Disaster Recovery as a Service?

When a company uses the traditional disaster recovery approach, the system administrators must configure hardware and the entire IT infrastructure at a remote disaster recovery (DR) site as well as implementing software that can back up and recover their virtual machines. Disaster Recovery as a Service providers (DRaaS) are emerging as an increasingly popular alternative to the classic DR approach. DRaaS saves costs by eliminating the need to buy physical infrastructure that must be configured and supported at a DR site. Instead, the DR infrastructure is virtual and is located in the cloud. A client enters into a contract with a managed service provider (MSP), who provides DRaaS. An MSP usually also provides Backup as a Service (BaaS) and Replication as a Service (RaaS). A client pays for the cloud infrastructure and cloud services provided on a “pay-as-you-use” basis. The client can typically configure the services through a web interface.

How to Protect Your Business with DRaaS

If you decide to protect your business and virtual infrastructure using Disaster Recovery as a Service, then consider the following points that can help you make the right decision.

Defining RPO and RTO

RPO and RTO are key metrics that form a basis around which to build your disaster recovery plan and business continuity plan. The RPO (recovery point objective) value defines the amount of data that a company can afford to lose. You should determine the time intervals between backup and replication jobs based on your RPO values. The RTO (recovery time objective) defines how long a business can tolerate VMs, with their applications and services, being offline. The time spent on recovery of the VM with applications and services should not exceed the RTO value; if the RTO is exceeded, the losses of funds and productivity become too great for the company to afford.

Disaster recovery sites in the cloud

Having a DR site set up in the cloud is one of the critical components for fast disaster recovery. A hot site is preferable over a cold site, because a hot site is pre-configured and ready for DR while a cold site is not. Check if there is a fast Internet connection with low latency to the DR site.

Selecting a managed service provider

The number of MSPs increases with each year due to the growing popularity of cloud services. Select a trusted certified MSP that can provide the appropriate level of support. Before selecting an MSP, create a checklist of your criteria and requirements. Compare different managed service providers and select the one that best meets your needs.

Choice of software

There is a number of different business data backup solutions that Disaster Recovery as a Service providers can use, from a variety of developers. The software used for disaster recovery can be available for manual installation by each individual customer in single-tenant mode or can be installed by DRaaS providers in a multi-tenant mode. It is crucial that you and your MSP use a robust data protection product developed by a reputable vendor. To make the right choice, check that the software used by the MSP can perform VM backup, replication, failover, and failback, as well as granular object recovery (e.g., for files, folders, or database objects).

Support for different virtualization platforms

Ensure that the DRaaS providers you are choosing among can provide suitable infrastructure for the virtualization platforms used in your virtual environment (e.g., VMware vSphere, Microsoft Hyper-V, and/or Amazon AWS EC2). The software used for disaster recovery by the managed service provider must support these platforms.

Self-service and ease of use

Make sure that the management interface is convenient and intuitive. There should be a complete range of functionality allowing you to configure the settings precisely the way you need them. With a self-service portal, you can configure the parameters for disaster recovery by yourself. This makes for greater agility in the framework of configuring and executing disaster recovery.

Security options

Security is always a concern when data protection is being considered. Check the security options provided by the MSP, such as firewall, antivirus, and encryption of traffic as well as stored data. By configuring a firewall, you can protect your virtual networks and virtual machines located in the cloud against unauthorized network access. VM encryption protects your VM data from being stolen by third-party users. Traffic encryption restricts traffic monitoring and analysis (e.g., during backup or replication jobs) by attackers. Protection against DDoS (Distributed Denial of Service) attacks is a useful option an MSP can offer; this reduces the likelihood of losing access to the provided cloud services.

Sufficient performance

There are several points where performance is especially important. You need high enough performance to run your VMs with applications and services in the cloud. DRaaS providers that use features to optimize performance when transferring backup data are preferable. This can include data compression before transferring, incremental backup, etc. Fast transfer of backup data plays a major part in achieving low RPOs, and recovery speed helps you achieve the desired RTOs.

Area of responsibility of the MSP

Choose an MSP that can provide support 24/7/365. A cloud provider can ensure high-quality services by finely regulating all parameters. What is the timeframe in which the provider will react when an issue occurs? What is the maximum permissible time before the issue is resolved by the managed service provider? What happens if the MSP can’t deliver the disaster recovery services promised? The amount of time allowed to resolve atypical requests must also be regulated. If the provider can assist in resolving an issue that is out of the scope of the services they are strictly required to provide, it is a big plus.

A Service Level Agreement (SLA) is a contract between an MSP and a customer that defines the list of the provider’s obligations. The SLA sets out guarantees for the level and quality of provided services (such as Disaster Recovery as a Service), the procedure for reporting problems, and the consequences for the MSP should the services fail to be provided. A managed service provider must be financially liable for any violation of the parameters defined in the SLA.

Flexible billing policy

Usually MSPs provide multiple services that can be integrated with each other. Ask if the provider is ready to provide a discount if you buy multiple services in a package (e.g., you might buy Disaster Recovery as a Service and email hosting together). The more services you buy, the lower the price you should pay for each service. Make sure that the provider has a clear and understandable billing structure. Check whether the provider charges for all VMs or only for those that are in a powered-on state (some charge based on the periods of time for which VMs are powered on). The best billing models are those where you pay only for the resources you use. Also ask how much notice you need to provide for termination, in case you no longer need the provided services.


Disaster Recovery as a Service is an effective way of reducing costs and offloading your IT department; however, there are certain factors that must be taken into account when choosing the right provider. Reliability of the DR software, billing policy, and security should be among the most important criteria.

Being a fast, reliable, and affordable disaster recovery solution, NAKIVO Backup & Replication can be used for in-house DR planning as well as the provision of DRaaS. There are a number of reputable cloud providers worldwide using the software to deliver reliable disaster recovery for their clients. If your company is considering providing managed services, download the full-featured free trial of NAKIVO Backup & Replication to see how you (and your clients) can benefit.

Article originally published on the NAKIVO website

NAKIVO is a US-based corporation dedicated to developing the ultimate VM backup and site recovery solution: