September 20, 2017
So you’re ready to upgrade your BDR. You know you want it to protect your mission-critical data and deliver assured uptime through rapid recovery.
At the same time, you’ve heard horror stories about solutions that prove themselves inadequate after a flood or server failure or ransomware attack. And there’s the less obvious problem of solutions that don’t pay their own way when it comes to keeping your team productive and your data safe. Downtime is measured in dollars, after all, and many BDR solutions cost more than they’re worth.
So how can you tell when a BDR solution is mostly snake oil? Here are 10 questions to ask.
1. How fast can you recover?
First and foremost, you want your BDR solution to deliver speed. If a vendor you’re evaluating is vague about RTOs or says that recovery in minutes isn’t possible, look elsewhere. The right solution does offer near-immediate recovery, letting you spin up a virtual clone of your environment in minutes after any site, system or storage failure. That includes physical and virtual production servers.
2. How fast will your performance be?
Ask if the system is using data deduplication – without it, high bandwidth requirements can slow down network performance. Also check if your backups can perform as fast as your regular environment, or if they’re sluggish and difficult to access for users.
3. Will this BDR solution help protect you from cybercrime?
Your BDR isn’t going to detect anomalies or threats, but it will – or should – play a role in helping you evade the worst repercussions of a cyberattack. Imagine that you’re the victim of a Ransomware attack. Can you quickly recover and avoid paying the ransom or will the delays and complications of recovery force you to pay it just to resume operations?
Also ask any potential vendors about their data centers and security protocols. Are they certified to meet compliance requirements like PCI, HIPAA & SOC 2? What protections do they have in place for data migration, cloud tenancy and remote access?
4. Does the solution offer encryption?
Criminals know that it’s your most critical and sensitive data that gets backed up, making your backups a logical place to head once they’re in your system. Encryption keeps that data inaccessible. It can also help you avoid certain penalties in the event of a breach, given that HIPAA and other regulatory institutions will sometimes exempt you from costly and embarrassing notification laws if your stolen data has been encrypted.
Ask vendors if and how they use encryption. Ideally any backup stored in the cloud should pass through a 128 bit AES encrypted session over a 256 bit AES VPN tunnel before leaving your network and then be encrypted again at rest. That cryptography should also be accompanied by protocols such as restricting access to encryption keys, protecting transmission over open networks and using best practices for wireless networks.
5. Can the solution grow with you?
At some point, you’ll want to add more VMs or more storage or scale out your production environment. Data growth is unavoidable in most organizations and that’s good, because it’s a sign of a healthy business. As your data grows, so will your backup needs. But some BDR solutions say they’ll grow with you and fail to mention all the headaches and extra costs that will incur.
Ask about any calculations into your yearly growth – is the vendor assuming five, ten, or more percent growth for you? What if you go from 10 terabytes this year to 15 terabytes next year? Also ask about any licensing. What’s covered in your model? Will you be hit with unforeseen costs when you reach a certain amount of VMs? If your prospective vendor can’t answer these questions for you, or seems not to want to work with you in the scalability area – move on. There’s a good chance they want you to settle on a small solution now so you’ll need to pay for a bigger one down the road.
6. Is the solution easy to use or complex and time-consuming?
BDR simplicity lets your team focus on important work and helps them recover quickly when disaster hits. Unfortunately many solutions on the market require considerable ongoing management, like manual testing, and involve complicated failover processes.
Look for a solution that streamlines the entire BDR lifecycle – from making backups to testing and using them. Automation can eliminate hours or even days of manual work and guarantee accurate and functional backups. One-click failover can eliminate the need for training and complex instructions, and get you back online in minutes.
7. Is long-term archiving available?
Many BDR solutions don’t allow for archiving, which is different from backing up your data. Look for a solution that can keep you nimble, allowing you to quickly restore deleted files, conduct search and retrieval functions, retrieve specific data for an audit or delete specific documents. Good archiving features allow nuanced actions to save your team hours of hunting for lost files or managing specific file groups.
8. Is the solution really unified – or hiding multiple vendors under one umbrella?
Too often an organization will select a solution that seems unified, only to realize they’ve bought a package of tools involving a variety of vendors. Or a vendor will encourage you to adopt different point solutions for your VMs, your physical servers, your archiving solution and your workloads in AWS. Soon your team is consumed with different licensing, different pricing, different hardware and software updates, and functional gaps between the solutions.
Unified BDR solutions can offer rapid recovery, local and cloud storage, and long-term arching. By keeping all BDR functions under one umbrella, your team will save time and enjoy the efficiency of an ecosystem that works as a cohesive whole.
9. What kind of support will you have?
Vendors will all promise great support, so you’ll need to ask for details. Is it third-party support or is the support offered by the same developers who built the product? Are you dealing with one team that understands how each component of the solution works together or a collection of multiple vendors? Is the support team located in another country? Can you call and speak to someone immediately, or will you need to leave a message and wait days for a response? When a server fails or a part of your system malfunctions, you’ll need a support person who can understand and resolve the issue quickly without passing you onto someone else.
10. Can the solution offer partial or full site recovery?
If a vendor tells you partial recovery is all you need, don’t listen. It sounds reasonable on the surface; some data and systems are more important than others. But just because a solution can back up everything, doesn’t mean it can recover everything. A massive disaster, or a minor event that becomes a cascading event, can force you to make impossible decisions between what has to be up and what can stay offline, inevitably disappointing users. Look for a solution that can replicate all your apps and data, and keep everything running without impacting performance.
When it comes to detecting snake oil BDR, the safest way to evaluate vendors is to ask them for proof of concept. Instead of accepting the canned demonstration they offer, ask them to show they can meet your RTO and spin up your entire environment at one time. You’ll know then if this solution can meet your BDR needs, today and tomorrow.