Disasters can and do happen. A range of threats and disasters can affect your company. They could be cyberattacks, but they could also just as likely be a natural disaster like, say, a pandemic. As the saying goes, hope for the best and prepare for the worst. When it comes to protecting your organization and your organization’s infrastructure, you must always be prepared for the worst by taking Disaster Recovery seriously.
At different levels, Disaster Recovery will have different requirements. At some levels, you can use simple backups in an alternative region plus a polished Infrastructure as code to deploy to active/pasive multi-region setups. Don’t forget to consider the impact on your infrastructure of third-party services. For example, authentication services are critical; you need to understand their impact on your application and users if they were to be threatened by a cyberattack or other disaster.
Knowing which DR method to apply depends on your Business Continuity Process (BCP) and the required SLAs. Every service that plays a critical role on your business should be considered to avoid any event that might impact your business over time, and more importantly, the users’ perception of your organization. One example could be third-party issue tracker services. If Atlassian goes down, it may not directly impact your users, but the service desk will be down, and you will not be able to accept support requests for some time.
To protect your company from any and all threats, we recommend putting in place a Business Continuity Plan. This is a process that creates a system of prevention and recovery. It is, at times, something some organizations ignore. However, they do so at their own risk. BCP not only puts in place a plan for DR, but it also helps you understand your organization as a whole. You need to understand everything that impacts your business in order to work around them, communicate to your users, and decide what actions to take in case of a disaster.
There are two primary metrics you will need to understand. One being the RTO: Recovery Time Objective, or how much time your business can tolerate being down. The second metric is RPO, or Recovery Point Objective, which refers to how much data loss your business can tolerate. These will determine the DR strategy you use.
There are four DR strategies we suggest you consider. The one you choose will be based on your RTO,RPO and budget.
This method maintains regular backups and keeps your IaC up to date, working with an alternative region to restore everything from scratch. This strategy might be more cost-effective, but both RTO and RPO are high.
Backups, data replication, and a scaled-down version of your infrastructure are all part of this method. You scale up or turn on this feature in case of a disaster in the primary location, and it requires some action to provide services. The RTO is better, and RPO is low, but it is more expensive to accomplish.
Warm standby is a fully functional application with replicated data in a different location. It may be small in size, but it works. It has an even better RTO and RPO but is even more expensive.
Here we have a fully functional app with live data replication. Users will be able to use your app from any site. This method, of course, has the best RPO and RPO, but it is also the most expensive option.
As you can see, there are multiple options and multiple things to consider when you implement your Disaster Recovery. In a perfect world, you would never have to worry about your organization facing a disaster that could shut your service down for any amount of time. However, we know this is not a perfect world, so you must be prepared. You must think at a higher level with a BCP (Business Continuity Plan) that considers everything that impacts your business firmly in mind.
Do you need help with putting a BCP in place or preparing for DR? Reach out to Flugel today.
2018, Cryptoland Theme by Artureanec - Ninetheme