Gartner Critical Capabilities for Recovery-as-a-Service
 

Gartner Critical Capabilities for Recovery-as-a-Service

on

  • 870 views

IT leaders who evaluate and manage recovery services are confronted by hundreds of service providers, with significantly different capabilities and services. They should use this research to identify ...

IT leaders who evaluate and manage recovery services are confronted by hundreds of service providers, with significantly different capabilities and services. They should use this research to identify RaaS providers with road maps and capabilities that align with their organizations' recovery needs.

Statistics

Views

Total Views
870
Views on SlideShare
865
Embed Views
5

Actions

Likes
0
Downloads
20
Comments
0

1 Embed 5

http://www.linkedin.com 5

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Gartner Critical Capabilities for Recovery-as-a-Service Gartner Critical Capabilities for Recovery-as-a-Service Document Transcript

  • G00247389 Critical Capabilities for Recovery as a Service Published: 7 November 2013 Analyst(s): John P Morency, Robert Naegle IT leaders who evaluate and manage recovery services are confronted by hundreds of service providers, with significantly different capabilities and services. They should use this research to identify RaaS providers with road maps and capabilities that align with their organizations' recovery needs. Key Findings ■ Hundreds of service providers worldwide offer recovery as a service. ■ Provider capabilities, service levels and management responsibilities vary significantly among providers. ■ The initial RaaS focus on virtual-machine-only recovery is evolving to include broader support for hybrid configurations that support the recovery of VMs and colocated servers and storage. ■ Service levels based on recovery point objectives and recovery time objectives vary by provider, with some vendors supporting near-zero RPO SLAs. ■ Customer management of a RaaS configuration varies by provider and can also be affected by the maturity and capability of the provider portal. ■ Service pricing from different providers for the same recovery configuration can vary by as much as two to three times. Recommendations ■ Identify which RaaS providers' road maps and capabilities most closely align with your organization's short- and longer-term recovery requirements. ■ When performing RaaS due diligence, emphasize a vendor's ability to provide a complete solution, support for a variety of VM types, heterogeneous storage controller replication, complementary data backup and archival services, flexible recovery testing policies, proven data privacy management controls and a track record of successfully managing application failovers following disasters. ■ Investigate low-risk opportunities to augment recovery capabilities with RaaS for a lower recovery tier application or set of applications.
  • ■ Assess the management trade-offs and potential cost savings of alternative providers. Compare these with the recovery infrastructure and management processes you have in place. What You Need to Know This document was revised on 7 November 2013. For more information, see the Corrections page. Thus far, recovery as a service (RaaS) has been adopted far more broadly by small and midsize businesses (SMBs) than by larger enterprises. A key reason for this is that large enterprises are more likely to have established recovery facilities (whether internally owned or leased), as well as the in-house expertise and mature processes needed for sustainable recovery assurance. This expertise is a combination of the technical savvy required to test and manage recovery operations and expertise in meeting the specific recovery expectations of the business, especially over a recovery operations period that may last several weeks or months. The same cannot generally be said for smaller organizations — thus, the reason for the broader adoption of a service that is viewed by them as less costly and more flexible, while still being managed by a single provider. An accurate assessment of your organization's IT disaster recovery management (DRM) maturity, combined with the use of the capability assessments contained in this research, will help determine the extent to which RaaS deployment will be part of your IT service management (ITSM) portfolio. Gartner estimates that the global RaaS market will be approximately $564 million in 2013, with a projected compound annual growth rate (CAGR) of at least 21% during the next three years (see "Market Trends: Assessment of the Rapidly Growing Market for Cloud-Based Recovery Services"). RaaS instances support a combination of virtualized Windows- and Linux-based servers. Some also support physical servers, either those activated from a "bare metal" restore backup image or physically colocated server and storage equipment. One important step in the RaaS due diligence process is service pricing analysis. To gain better insight into pricing differences among providers, Gartner defined three reference configurations (small business, midsize enterprise and large enterprise) and requested "ballpark pricing estimates" from the providers included in this assessment. Because of its predominance in RaaS implementations, VMware virtual machines (VMs) are used as the reference VM in these example configurations. Note that these scenarios are applicable to any virtualization technology, including Microsoft Hyper-V and Citrix Xen, as well as Linux .KVM and .ovf. The specifics of each configuration are: ■ Small Business — 50 VMware VMs (two-core virtual CPU and 4GB of RAM per VM), 5TB of production storage, 12-hour recovery time objective (RTO) and four-hour recovery point objective (RPO) service levels, and two supported recovery exercises per year. ■ Midsize Enterprise — 250 VMware VMs (125 VMs with two-core virtual CPU and 4GB of RAM per VM and 125 VMs with four-core virtual CPU and 16 gigabytes of RAM per VM), 25 terabytes Page 2 of 35 Gartner, Inc. | G00247389
  • of production storage, eight-hour RTO and two-hour RPO service levels, and four supported recovery exercises per year. ■ Large Enterprise — 500 VMware VMs (100 VMs with two-core virtual CPU and 4GB of RAM per VM, 200 VMs with four-core virtual CPU and 16GB of RAM per VM, and 200 VMs with eight-core virtual CPU and 32GB of RAM per VM), 25 terabytes of production storage, eighthour RTO and two-hour RPO service levels, and four supported recovery exercises per year. Not all of the providers provided pricing data, but most did. Table 1 contains the lowest, highest and average pricing quotes for each of the three reference configurations. Gartner, Inc. | G00247389 Page 3 of 35
  • Table 1. RaaS Service Pricing by Configuration Small-Business Configuration Midsize-Enterprise Configuration Large-Enterprise Configuration Lowest Service Price Quote $7,140 $26,517 $48,544 Median Service Price Quote $11,724 $50,685 $172,253 Highest Service Price Quote $19,715 $79,871 $362,060 Source: Gartner (November 2013) Page 4 of 35 Gartner, Inc. | G00247389
  • These results show that there are significant service pricing differences in all three categories. For the small-business configuration, the highest quote exceeds the lowest quote by a factor of 2.8. In the midsize-enterprise configuration scenario, the lowest and highest quotes differ by a factor of just over 3.0. The range in service pricing is most dramatic for the large-enterprise configuration. For this configuration, one finds a differential of nearly 7.5 between the highest and lowest price quotes. To some extent, these results provide some insight into why most production RaaS configurations are closer in size to the small-business configuration than to large-enterprise configuration. Obviously, pricing is not the only consideration when selecting a provider. In addition to the service capabilities discussed in this research, it's also important to consider the ease with which a service transition can be made should a provider relationship not work out. This becomes especially important if a provider decides to exit the market. Recently, cloud storage provider Nirvanix told its customers that they had two weeks to find another home for their terabytes of data, because the company was closing its doors and shutting down its service. This shutdown was strikingly similar to one initiated by RaaS provider Doyenz. On 10 August 2012, Doyenz sent a notice to its U.K. customers that it would be ceasing operations as of 31 August 2012, leaving its customers only three weeks to find an alternative provider. Although these unexpected shutdowns are not common, they can occur with short notice. To protect your organization's business interests, Gartner recommends that customers request the right and the means to take a regular backup or a continuous archive copy of their data over the course of the contract period. Having ready access to your data can speed up migrations and help you meet regulatory compliance and business continuity (BC) requirements independently of service provider business circumstances. Because of its evolving delivery maturity during the past five years, and because several hundred service providers across the world now support a RaaS offering, increased service-related due diligence is being undertaken by a wide range of organizations, including those in both the private and public sectors. For some of these organizations, the implementation scope is more ambitious than in previous years. More specifically, an increasing number of RaaS deployments have an implementation scope that includes hundreds of VMs and tens of terabytes of related production data storage. This assertion is based on data taken from both enterprise and service provider clients' inquiries serviced during the past three years. 1 Analysis Introduction This research focuses on seven critical capabilities that are essential to the selection of RaaS providers and services that are the best fits with an organization's business and IT operations management (ITOM) requirements. With organizations' continued interest in deploying more flexible and less costly alternatives to more traditional disaster recovery (DR) services, the number of providers and the service capabilities of individual providers continue to grow. Gartner clients Gartner, Inc. | G00247389 Page 5 of 35
  • looking to deploy RaaS during the next 12 months should use this research to understand how some providers in this space deliver managed recovery against the documented critical capabilities. Product Class Definition As the RaaS industry has grown, Gartner has found that RaaS providers can be segmented into: ■ Communication services providers (CSPs) ■ DR/BC service providers ■ Hosting and infrastructure as a service (IaaS) vendors ■ Direct cloud recovery vendors CSPs Most vendors in the CSP market offer a variety of infrastructure and managed services capabilities and view RaaS as a logical extension to their businesses. Building strong customer relationships and owning the network infrastructure are two ways they differentiate themselves. Sample vendors include AT&T, Allstream, CenturyLink and NTT Communications. DR/BC Service Providers These providers offer a complete set of DR/BC offerings and services on a global basis. They look to leverage their large data center and infrastructure footprints, which support traditional subscription and colocation-based recovery models, as well as their extensive experience and expertise to provide cloud-based recovery services focused heavily on enterprises. Sample vendors include HP, IBM BCRS and SunGard Availability Services. Hosting and IaaS Vendors By leveraging existing facilities, infrastructure and management processes, these providers of general IaaS, colocation or hosting services look to augment current capabilities with RaaS offerings. Offerings are primarily focused on SMBs and offer managed and self-service options. Although no provider can guarantee 100% uptime, hosting and IaaS offerings are designed to be as continuously available as possible. Sample vendors include Amazon Web Services (AWS), Bluelock, Hosting (formerly Hosting.com), IPR International, NaviSite (a Time Warner Cable Company), Rackspace and Verizon Terremark. Direct Cloud Recovery Vendors The primary business for these providers is cloud-based recovery services. This includes not only DR, but also backup, archiving and/or other cloud-based offerings. These providers are typically smaller than those in other segments and heavily focused on SMBs. Sample providers include Axcient, EVault, iland, nScaled, Recovery Networks and redIT. Page 6 of 35 Gartner, Inc. | G00247389
  • In this research, Gartner is evaluating the capabilities of a selected set of providers in each one of these segments, based on the inclusion criteria defined later. These vendors include: ■ CSPs — NTT Communications and Verizon Terremark, ■ Direct cloud recovery providers — Axcient and EVault ■ Hosting and IaaS providers — Bluelock, Hosting, IPR international and Rackspace ■ DR service providers — HP, IBM BCRS and SunGard Availability Services In addition to the provider segments, RaaS itself is also differentiated from traditional subscriptionbased recovery services, as well as colocation and managed hosting services. In contrast with subscription and managed facility offerings, service pricing and management responsibilities vary significantly. In some instances, the provider is little more than a caretaker of replicated VMs and production data images, with the customer being in complete control of both VM image replication and DR testing frequency. In others, the service delivery and management model is strikingly similar to more traditional service management models. In these instances, the provider has almost complete control of replication frequency management, RTO service levels, recovery test scheduling and recovery infrastructure operations management. Both classes of provider are included in this assessment. Figure 1 shows the relative differences in the extent of provider involvement (shown along the xaxis), together with the breadth of VM replication support (along the y-axis). Two key vectors of differentiation characterize provider services. Figure 1. Provider Management and VM Support Breadth Comparison Matrix Self-Service VM-Specific Support IBM Hybrid Configuration Support Vendor-Managed Source: Gartner (November 2013) Gartner, Inc. | G00247389 Page 7 of 35
  • As noted earlier, several hundred providers worldwide offer one or more RaaS-related services. However, it was not possible to include all of those providers in this assessment. Therefore, the approach that we have taken is to include providers that we believe represent each of the individual categories. This has caused the assessment to be primarily focused on the North American market, which has been the most active during the past five years. In future updates, we will include a more representative balance of worldwide providers. Critical Capabilities Definition Seven critical capabilities have been applied to assess the alternative RaaS offerings: ■ Physical and Virtual System Recovery — The criteria in this category assess VM support breadth, service alternatives for supporting on-premises VM and production data replication (including the use of SAN-to-SAN replication, as well as hypervisor and VM guest-based replication), the activation of physical servers via a bare metal restore process, and support for hybrid configurations composed of activated VMs and physical server and storage equipment. In this category, higher scores were given to providers that support the most diverse set of replication options and have the most experience supporting hybrid configurations. ■ Testing and Declaration — This capability is specific to the support for and incremental costs of recovery testing and disaster declaration. Vendors that provide the greatest amount of recovery testing flexibility at the lowest cost models received higher scores. ■ Service Manageability — This refers to the degree to which the provider manages RTO- and RPO-based service levels, flexibly supports processor and storage resource bursting, can support recovery testing for configurations that are split between cloud- and non-cloud-based data centers, the extent to which on-premises operations management utilities can manage recovery configurations in the cloud, and support for post recovery operations failback from the cloud to the primary production data center. Once again, support for all these criteria resulted in a high score. ■ Pricing Policy — Processor and storage resource pricing policy was assessed in this category, in addition to policies specific to operations support and resource bursting fees. Providers that scored well in this category generally had simple, straightforward pricing policies for resource utilization, supported lower pricing for resources that were used less frequently, had few if any fixed management fees and managed a moderate level of resource bursting during recovery exercises, without imposing additional service charges. ■ Resiliency — In this category, higher scores were given for built-in backup of replicated VM images and related production data, clear customer credit policies for missed service levels, a demonstrated and successful track record of regular recovery testing of the cloud infrastructure, and a set of well-defined management processes and supporting tools for both incident reporting and fault management. ■ Security and Compliance: Scores were determined based on the existence and use of provider operations controls for identity management; data eradication; role-based access; and compliance with standards such as SSAE 16 SOC 2, DoD 5220.22-M, NIST 800-88, ITAR, FISMA, HIPAA and PCI. Page 8 of 35 Gartner, Inc. | G00247389
  • ■ Value-Added Services — Providers were assessed based on the set of available services that supplement the RaaS offering. Examples include data backup and archive management services; services that are specific to industry verticals, such as healthcare, government or financial services; support for additional hardware that may be required by a customer, but are not part the standard service offering; and support for private, virtual private or hybrid network service offerings, as well as the breadth and depth of global technical support services. Use Cases This research evaluated RaaS provider capability in four different use cases: ■ Production and Application Data Recovery — Providers were assessed in terms of their ability to provide a single recovery service solution for a combination of VM and non-VM based systems, physical server and storage systems, and the backup and recovery of data that was not otherwise contained in a VM's virtual file store. These requirements are reflected in the relatively high evaluation weighting (25%) that was given to the resiliency and security and compliance capabilities. ■ Mission-Critical Workload Recovery — Here, the focus was on a provider's ability to effectively recover and manage production applications that would be considered missioncritical by the service customer. In this use case, the highest weighting percentage (20%) was equally allocated to the physical and virtual system recovery, manageability, pricing policy, and security and compliance categories. ■ Extended Recovery Operations — Operations failover for the service customer is an absolute minimum service prerequisite. However, in light of recent events (e.g., Hurricane Sandy), it is also important to assess a provider's ability to support postrecovery application operation for an extended period of time, which may be several days, weeks or perhaps even months. For this use case, the highest weightings were given to security and compliance (25%), physical and virtual system recovery (20%), manageability (20%) and pricing policy (20%) to assess provider effectiveness. ■ Managed Service Failover — Not all events that disrupt IT service operations are major disasters. In fact, most are localized events that occur inside the data center itself and do not affect all production operations. When these events occur, it is extremely useful to fail over the operations of the affected applications to a separate set of servers and storage. In this use case, we assessed each of the providers on the extent to which they could effectively support managed application failovers. In this category, the two capabilities considered most critical are manageability (25%) and pricing policy (25%). Table 2 looks at the weightings of all use cases in this research. Each use case weighs the capabilities individually based on the needs of that case, which affects a provider's use case score. Each provider may have a different position based on its capability and the weighting for each one. The overall use case score is the result of composite scoring for each provider's service, which is the average of the four different use cases. Gartner, Inc. | G00247389 Page 9 of 35
  • Figure 2. Critical Capabilities Weighting for the Four Use Cases Critical Product Capabilities Overall Production Application and Data Recovery Physical and Virtual System Recovery 16.0% 5.0% 20.0% 20.0% 15.0% Testing and Declaration 10.0% 10.0% 7.5% 5.0% 7.5% Manageability 18.0% 10.0% 20.0% 20.0% 25.0% Pricing Policy 16.0% 5.0% 20.0% 20.0% 25.0% Resiliency 11.0% 25.0% 7.5% 5.0% 7.5% Security and Compliance 20.0% 25.0% 20.0% 25.0% 15.0% Value-Added Services 9.0% 20.0% 5.0% 5.0% 5.0% 100.0% 100.0% 100.0% 100.0% 100.0% Total MissionCritical Workload Recovery Extended Recovery Operations Managed Service Failover Source: Gartner (November 2013) Inclusion Criteria To be evaluated in this research, a provider's services must meet the following minimum requirements: ■ RaaS services must have been available for at least one year prior to the publication of this research. ■ Services must have at least 50 terabytes of VM images and related production data under management. ■ Services must have a service installed base of at least 25 customers, at least three of which must be referenceable. ■ Services must offer a set of complementary services for IaaS, data backup, data replication, data archival, managed hosting or facility colocation. ■ Services must offer definable SLAs for service availability, recovery times, problem resolution or some combination thereof. ■ Services must offer fault-resilient and secure network capabilities, including dedicated and shared links. ■ Services must offer pay-as-you-go pricing for computing and storage capacity, as well as data transfer at a granular level. This is a representative sampling of providers that typify the broader market landscape, and the profiling of these providers does not necessarily imply a Gartner endorsement or recommendation. Providers invited to participate in this assessment that declined include Accenture, AT&T, Amazon Web Services (AWS), Capgemini, Cognizant, iland and NaviSite. Geminare initially agreed to Page 10 of 35 Gartner, Inc. | G00247389
  • participate, but was excluded because it does not directly offer managed services. Its offering (Cloud CORE) is a cloud management platform software marketed to RaaS providers for their service delivery operations. Geminare has 14 large RaaS partners, including NTT Communications Critical Capabilities Rating The following table shows the scoring results in the seven critical capabilities categories for the 11 providers. These results weighted the scoring of individual criteria differently, based on the significance of a specific criterion within the context of a given capability. Each of the products that meets our inclusion criteria has been evaluated on the critical capabilities, on a scale of 1.0 to 5.0 (see Note 1 for a discussion of our methodology): 1 = Poor or absent: Most (or all) defined requirements for a capability are not achieved. 2 = Fair: Some requirements are not achieved. 3 = Good: Meets requirements. 4 = Excellent: Meets and exceeds some requirements. 5 = Outstanding: Significantly exceeds requirements ("best in class"). These results reflect specific capabilities (see Figure 3), independent of use case, as well as for specific use cases. They do not imply that providers that received higher scores are uniformly superior to those that received lower scores. Gartner recommends that clients evaluate providers based on a prioritized set of their organizations' specific requirements. Gartner, Inc. | G00247389 Page 11 of 35
  • IBM SmartCloud Virtual Server Recovery (VSR) Axcient Cloud Continuity Bluelock 4004 VDC EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 HP Enterprise Cloud Services - Continuity Release 2.0 IPR Intl ZoneIT NTT Cloud Recovery Rackspace VM Replication Service SunGard Recover2Cloud for Server Replication Verizon/Terremark Virtual Disaster Recovery (VDR) Figure 3. Product Rating on Critical Capabilities Physical and Virtual System Recovery 3.3 4.1 2.7 3.1 2.5 2.9 3.3 4.3 3.0 3.3 3.3 Testing and Declaration 3.5 4.3 3.4 3.5 3.9 2.7 2.8 3.9 3.7 2.6 2.8 Manageability 2.8 2.8 3.2 2.7 2.5 2.9 3.0 3.4 2.4 3.1 3.1 Pricing Policy 2.6 3.5 3.0 3.4 3.5 2.7 3.2 3.2 2.4 3.4 3.5 Resiliency 4.0 3.8 4.1 3.4 3.6 3.8 3.6 4.1 3.2 4.8 3.8 Security and Compliance 2.9 3.6 3.2 2.6 2.9 3.1 2.8 3.0 3.2 3.5 3.2 Value-Added Services 4.1 2.2 3.2 2.6 2.4 3.6 2.9 3.8 2.4 4.3 3.5 Product Rating Source: Gartner (November 2013) Page 12 of 35 Gartner, Inc. | G00247389
  • To determine an overall score for each product in the use cases, the ratings in Figure 3 are multiplied by the weightings shown in Figure 2. These scores are shown in Figure 4. Figure 5 provides our assessment of the viability of each product. Gartner, Inc. | G00247389 Page 13 of 35
  • Vendor/ Product Name IBM SmartCloud Virtual Server Recovery (VSR) Axcient Cloud Continuity Bluelock 4004 VDC EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 HP Enterprise Cloud Services - Continuity Release 2.0 IPR Intl ZoneIT NTT Cloud Recovery Rackspace VM Replication Service SunGard Recover2Cloud for Server Replication Verizon/Terremark Virtual Disaster Recovery (VDR) Axcient Cloud Continuity Bluelock 4004 VDC EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 HP Enterprise Cloud Services - Continuity Release 2.0 IPR Intl ZoneIT NTT Cloud Recovery Rackspace VM Replication Service SunGard Recover2Cloud for Server Replication Verizon/Terremark Virtual Disaster Recovery (VDR) Use Cases IBM SmartCloud Virtual Server Recovery (VSR) Figure 4. Overall Score for Each Vendor's Product Based on the Nonweighted Score for Each Critical Capability Overall 3.2 3.5 3.2 3.0 3.0 3.1 3.1 3.6 2.9 3.5 3.3 Production Application and Data Recovery 3.5 3.4 3.4 3.0 3.0 3.3 3.1 3.6 2.9 3.8 3.4 Mission Critical Workload Recovery 3.1 3.5 3.1 3.0 3.0 3.0 3.1 3.6 2.8 3.4 3.3 Extended Recovery Operations 3.0 3.5 3.1 3.0 2.9 3.0 3.1 3.5 2.8 3.4 3.3 Managed Service Failover 3.0 3.4 3.1 3.0 3.0 3.0 3.1 3.5 2.8 3.4 3.3 Source: Gartner (November 2013) Figure 5. Product Viability Product Viability Excellent Excellent Good Good Good Good Good Good Good Excellent Good Source: Gartner (November 2013) Page 14 of 35 Gartner, Inc. | G00247389
  • Similar to the critical capabilities and the use cases, product viability is calculated using the same one-to-five scale. Individual viability scores are determined for service strategy, support, delivery execution and provider investment, producing the aggregate viability score. The product rating for the use cases is shown in Figure 6. Figure 6. Product Rating Product Rating Chart NTT Cloud Recovery SunGard Recover2Cloud for Server Replication Axcient Cloud Continuity Verizon/Terremark Virtual Disaster Recovery (VDR) IBM SmartCloud Virtual Server Recovery (VSR) Bluelock 4004 VDC HP Enterprise Cloud Services - Continuity Release 2.0 IPR Intl ZoneIT EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 Rackspace VM Replication Service 0 10 20 Physical and Virtual System Recovery Testing and Declaration Manageability Pricing Policy Resiliency 30 Security and Compliance Value Added Services Source: Gartner (November 2013) Product viability is distinct from the critical capability scores for each product. It is our assessment of the vendor's strategy and the vendor's ability to enhance and support a product throughout its expected life cycle; it is not an evaluation of the vendor as a whole. Four major areas are considered: strategy, support, execution and investment. Strategy includes how a vendor's strategy for a particular product fits in relation to the vendor's other product lines, its market direction and its business overall. Support includes the quality of technical and account support, as well as customer experiences with that product. Execution considers a vendor's structure and processes for sales, Gartner, Inc. | G00247389 Page 15 of 35
  • marketing, pricing and deal management. Investment considers the vendor's financial health and the likelihood of the individual business unit responsible for a product to continue investing in it. Each product is rated on a five-point scale from poor to outstanding for each of these four areas, and it is then assigned an overall product viability rating. The weighted capabilities scores for all use cases are displayed as components of the overall score (see Figure 7). The individual use case scores are shown in Figure 8 through Figure 11. Figure 7. Overall Use Case Overall Use Case NTT Cloud Recovery SunGard Recover2Cloud for Server Replication Axcient Cloud Continuity Verizon/Terremark Virtual Disaster Recovery (VDR) Bluelock 4004 VDC IBM SmartCloud Virtual Server Recovery (VSR) IPR Intl ZoneIT HP Enterprise Cloud Services - Continuity Release 2.0 EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 Rackspace VM Replication Service 0.00 1.00 2.00 Worst Fit to Use Case 3.00 4.00 5.00 Best Fit to Use Case Physical and Virtual System Recovery Testing and Declaration Manageability Pricing Policy Resiliency Security and Compliance Value Added Services Source: Gartner (November 2013) Page 16 of 35 Gartner, Inc. | G00247389
  • Figure 8. Production Application and Data Recovery Use Case Production Application and Data Recovery Use Case SunGard Recover2Cloud for Server Replication NTT Cloud Recovery IBM SmartCloud Virtual Server Recovery (VSR) Verizon/Terremark Virtual Disaster Recovery (VDR) Bluelock 4004 VDC Axcient Cloud Continuity HP Enterprise Cloud Services - Continuity Release 2.0 IPR Intl ZoneIT HOSTING Cloud Replication 3.0 EVault Cloud Disaster Recovery Service Rackspace VM Replication Service 0.00 1.00 2.00 Worst Fit to Use Case 3.00 4.00 5.00 Best Fit to Use Case Physical and Virtual System Recovery Testing and Declaration Manageability Pricing Policy Resiliency Security and Compliance Value Added Services Source: Gartner (November 2013) Gartner, Inc. | G00247389 Page 17 of 35
  • Figure 9. Mission-Critical Workload Recovery Use Case Mission Critical Workload Recovery Use Case NTT Cloud Recovery Axcient Cloud Continuity SunGard Recover2Cloud for Server Replication Verizon/Terremark Virtual Disaster Recovery (VDR) Bluelock 4004 VDC IPR Intl ZoneIT IBM SmartCloud Virtual Server Recovery (VSR) EVault Cloud Disaster Recovery Service HP Enterprise Cloud Services - Continuity Release 2.0 HOSTING Cloud Replication 3.0 Rackspace VM Replication Service 0.00 1.00 2.00 Worst Fit to Use Case 3.00 4.00 5.00 Best Fit to Use Case Physical and Virtual System Recovery Testing and Declaration Manageability Pricing Policy Resiliency Security and Compliance Value Added Services Source: Gartner (November 2013) Page 18 of 35 Gartner, Inc. | G00247389
  • Figure 10. Extended Recovery Operations Use Case Extended Recovery Operations Use Case NTT Cloud Recovery Axcient Cloud Continuity SunGard Recover2Cloud for Server Replication Verizon/Terremark Virtual Disaster Recovery (VDR) Bluelock 4004 VDC IPR Intl ZoneIT IBM SmartCloud Virtual Server Recovery (VSR) HP Enterprise Cloud Services - Continuity Release 2.0 EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 Rackspace VM Replication Service 0.00 1.00 2.00 Worst Fit to Use Case 3.00 4.00 5.00 Best Fit to Use Case Physical and Virtual System Recovery Testing and Declaration Manageability Pricing Policy Resiliency Security and Compliance Value Added Services Source: Gartner (November 2013) Gartner, Inc. | G00247389 Page 19 of 35
  • Figure 11. Managed Service Failover Use Case Managed Service Failover Use Case NTT Cloud Recovery Axcient Cloud Continuity SunGard Recover2Cloud for Server Replication Verizon/Terremark Virtual Disaster Recovery (VDR) Bluelock 4004 VDC IPR Intl ZoneIT IBM SmartCloud Virtual Server Recovery (VSR) EVault Cloud Disaster Recovery Service HOSTING Cloud Replication 3.0 HP Enterprise Cloud Services - Continuity Release 2.0 Rackspace VM Replication Service 0.00 1.00 2.00 Worst Fit to Use Case 3.00 4.00 5.00 Best Fit to Use Case Physical and Virtual System Recovery Testing and Declaration Manageability Pricing Policy Resiliency Security and Compliance Value Added Services Source: Gartner (November 2013) Vendors Axcient Axcient Cloud Continuity Axcient Cloud Continuity (ACC) supports cloud-based recovery for VMware-, Hyper-V- and Xenbased VMs. Unlike most of the providers covered in this assessment, Axcient supports the replication of production VM images and data via a premises-based appliance. Proprietary appliance-based software manages incremental data change synchronization between the premise and the cloud, as well as supporting full system image recovery between dissimilar environments — such as physical server to virtual server or from one hypervisor to another. Page 20 of 35 Gartner, Inc. | G00247389
  • Having announced ACC in the fall of 2011, Axcient is a relative newcomer to the RaaS disaster recovery services market. It was previously a player in the cloud-based storage and data backup market. Since that time, the number of ACC production service instances has grown quickly to more than 3,000, which is a direct result of the Axcient's indirect sales and marketing focus on channel partner fulfillment throughout the U.S. and Canada. Although service fulfillment is managed by partners, the cloud infrastructure itself is hosted in Axcient-owned, managed and secured data centers. Axcient provides a Web-based portal, called Remote Management Console (RMC), which combines all the features of Axcient DR/BC solutions into a single interface. Users can identify new devices to be protected (servers, laptops, etc.), verify their status, receive alerts, recover files and virtualize an entire office instance within the Axcient Cloud. RTO and RPO are based on the individual customer's requirements and business needs. Service Strengths: ■ Testing and declaration strengths were driven by some of the most flexible and least expensive recovery testing policies, including an unlimited customer test policy and no disaster declaration fees. ■ MSP channel partners have the option of pooling storage resources across multiple clients to reduce monthly service management costs. ■ In addition to VM VMware-, Hyper-V- and Citrix Xen-based VM support, Axcient offers recovery of physical server operations through the use of bare-metal restore of backed-up system images to cloud-based servers. ■ Axcient offers a strong set of role-based access controls (RBACs) for enforcing customer access and management privileges. ■ Support for SSAE 16 SOC 2 testing is in place, as well as compliance with regulations such as HIPAA, PCI, FINRA, MSRB and GLBA. ■ Detailed audit logs are maintained for all data protection and recovery operations; this enables auditors to verify regulatory compliance. Service Cautions: ■ Few value-added services (beyond cloud-based backup) are available. Archival and professional services must be obtained from third-party partners. ■ Hybrid cloud configurations composed of activated VMs and colocated servers and/or storage units are not a supported service option. ■ Integration with premises-based management utilities (apart from an SNMP interface for basic on-premises appliance management) is limited. Gartner, Inc. | G00247389 Page 21 of 35
  • Bluelock Bluelock 4-Series Virtual Datacenter Bluelock's 4004, 4504 and 4508 Virtual Datacenter (VDC) offerings enable customers to recover virtual machines and related production data inside a managed cloud. The 4-Series service family has two variants: ■ The "To-Cloud" version (the 4004) supports VM and production data replication from customer premises-based data center into the Bluelock cloud. ■ The "In-Cloud" versions (4504 and 4508) support VM and production data replication from a production hosting environment that is already operational inside the Bluelock cloud. VM and production data replication from the primary data center is supported via hypervisor-based replication software supplied by Zerto. Hybrid configurations are supported through the crossconnection of colocated equipment with the Bluelock cloud inside one of the two provider service delivery data centers. Configuration and activation of cloud-based VMs is supported through a vCenter console that has access to the cloud-based target VMs through a secure virtual private network (VPN) tunnel. Bluelock's 4-Series RaaS services have only been available since May of 2013 (limited release began in February 2013) and support the replication and recovery of VMware-based VMs only. Bluelock's other two service offerings, its 2-Series and 5-Series, are IaaS offerings. The 2-Series supports cloud-based development and test configurations, and the 5-Series supports cloud-based production data center operations. Bluelock's production hosting service has been available since 2007; however, it was rebranded as the 5-Series Virtual Datacenter when the 2-Series offering was launched in 2012. Recovery testing and recovery operations are primarily customer managed through the combined use of vCenter (for VM configuration, change and activation management) and Bluelock Portfolio, Bluelock's service management portal for VM and storage resource monitoring. Recovery SLAs include an RTO of four hours for the To-Cloud service (the 4004) and RTO targets of either four or eight hours (customers chose the specific SLA they want) for the In-Cloud service (either the 4504 or the 4508). No RPO-based SLAs are supported. Service Strengths: ■ Bluelock's portfolio portal enables customers to effectively track, manage and alert on service utilization, cost and RPO. ■ Flexible support for both intracloud and intercloud hybrid configurations is available. ■ In-cloud data backup is standard for all customers. ■ A 15-minute response time SLA for disaster declarations is available. ■ A defined role in assisting its customers with operations failback as well as failover is available. Page 22 of 35 Gartner, Inc. | G00247389
  • ■ Strong physical security is a feature of Bluelock's service delivery data centers. Service Cautions: ■ No support is in place for bare-metal restore of non-VMware severs, SAN-to-SAN VM and related production data replication. ■ Service customers are limited to two free recovery tests per year under the standard service contract. Customers can conduct additional tests, if needed, but each additional test is subject to a test-specific service fee. ■ Little integration with on-premises management utilities (apart from vCenter and vCloud Director) is supported. EVault EVault Cloud Disaster Recovery Service EVault Cloud Disaster Recovery Service (CDR) is a managed service that enables customers to recover VMs, bare-metal restore images and production data inside a managed cloud. The service, formerly known as Remote Disaster Recovery (RDR), has been available since 2008. VMware .vmdk and Microsoft Hyper-V VM replication, as well as replication for related production data, is supported through premises-based software replication agents or an appliance that can be used to support local and cloud-based recovery. The growth of its global partner program during the past two years has resulted in CDR service availability for Europe, Africa and the Middle East, as well as North America. Recovery testing and recovery operations are largely provider-managed, requiring close management coordination between the CDR customer and EVault technical support staff. SLA tiers include a four-hour RTO and a five-minute RPO, a 24-hour RTO with a RPO target between 12 and 24 hours, and a 48-hour RTO tier that supports the same RPO target as the 24-hour RTO SLA. Monthly service pricing is determined by the aggregate cost of the individual ESX servers required to support the total number of VMs, rather than charging a per-VM monthly service price. This service pricing policy is different from the other 10 providers, whose pricing policy is based on a per VM basis, among other parameters. Service Strengths: ■ Service pricing is simple. ■ This is a solution-centric offering that bundles the development and delivery of a recovery exercising plan, provider assistance with exercise execution and the generation of a recovery exercise summary report that includes application-specific exercise results, as well as improvement opportunities for future exercises. Gartner, Inc. | G00247389 Page 23 of 35
  • ■ Multiple service tiers with corresponding RTO- and RPO-based service-level targets are available to accommodate a range of customer recovery requirements. ■ Virtual CPU and storage capacity can be burst up to 15% beyond the allocated capacity at no extra charge. ■ Daily data integrity checking is performed by the service management software. ■ A customer can replicate system image and production data as frequently as can be supported by the Internet-facing network circuit bandwidth. Service Cautions: ■ Because CDR is primarily provider-managed, few service manageability tools are supported, and there is little integration with on-premises management utilities. ■ Although support for SSAE 16 SOC 2 testing is in place, operations controls compliance with regulations such as HIPAA, PCI, FISMA and ITAR is limited. ■ Provider portal functionality is bounded. Hosting HOSTING Cloud Replication (HCR) 3.0 Hosting (formally Hosting.com), known for building and operating cloud environments for midsize enterprises, has aggregated several recovery technologies to build and deliver HCR. These technologies include VMware vCenter, Site Recovery Manager (SRM) and CommVault Enterprise Backup. In addition, Enterprise Backup is also used to support off-site data backups. Hosting supports a self-service model in which customers can manage VM configuration and activation through vCenter. Service levels offered to clients are aggressive; Hosting offers a 100% availability service-level commitment and a policy of refunding the costs of the recovery services in proportion to the time duration of the service outage. Hosting customers can replicate VM images and data into the cloud as frequently as desired. Replication cycles can be as frequent as every 15 minutes (limited only by the available network bandwidth). This supports aggressive recovery time targets. Service Strengths: ■ Support for "parked VMs" — a customer only pays the prorated portion of the monthly per VM rate corresponding to the amount of time during a given month that a VM was active. ■ Given its self-service management model, customers can test as frequently as needed. ■ Automated resource management facilitates virtual CPU and storage resource availability assurance. Page 24 of 35 Gartner, Inc. | G00247389
  • ■ No additional charges are incurred for disaster declarations. ■ A strong client-facing portal interface provides configuration management and reporting. ■ The company provides a well-defined service credit policy for all availability SLA violations. Service Cautions: ■ VM support is limited to VMware .vmdk files. ■ Hybrid cloud configurations composed of activated VMs and colocated servers and/or storage units are not a supported service option. ■ SAN-to-SAN replication of VMs and related production data is not supported. HP HP Enterprise Cloud Services Continuity HP's Enterprise Cloud Services Continuity Release 2.1 is a DR solution that targets large enterprises. The current release is the latest update to a service that initially became available in 2012. HP Enterprise Cloud Services Continuity supports the recovery of VMware-, Hyper-V- and Xen-based VMs. Physical-to-virtual server recovery support is provided for Windows, Linux, HP-UX, Solaris and AIX systems, facilitated by host, appliance or array-based replication. Recovery testing and recovery operations are primarily provider-managed, requiring management coordination between the Enterprise Cloud Services Continuity customer and HP support staff. The target SLA is a four-hour RTO and a 15-minute RPO. The Enterprise Cloud Services Continuity customer portal supports RPO assurance reporting by displaying the amount of time that the currently projected RPO will have extended beyond preset SLA levels, if that is the case. Service Strengths: ■ Support for a broad array of both physical and virtual servers is available. ■ SAN-to-SAN Replication services for HP XP, HP EVA and EMC SRDF storage arrays are available as an appliance-based replication service. ■ SSAE 16 Type 2 audits are performed annually, and data center operations controls are compliant with HIPAA and PCI. ■ Additional backup, data replication and archiving capabilities include cloud-based backup services, HP Autonomy LiveVault and HP Electronic Vaulting Services for Enterprises. ■ HP's professional services organization has strong capabilities for adapting Enterprise Cloud Services Continuity to address the requirements of organizations with complex heterogeneous IT infrastructures. Gartner, Inc. | G00247389 Page 25 of 35
  • ■ Its strong international presence includes technical support services in all countries in which HP has a market presence Service Cautions: ■ Because Enterprise Cloud Services Continuity is primarily provider-managed, few service manageability tools are supported, and there is little integration with on-premises management utilities. ■ Processor and storage resource bursting is not automatic; service customers need to formally request additional VM and storage resources from HP. ■ An additional monthly management fee is charged; the amount is determined following a discovery exercise designed to ensure that the service meets customer needs, while eliminating unnecessary costs. IBM IBM SmartCloud Virtualized Server Recovery IBM's RaaS offering is Smart Cloud Virtualized Server Recovery (VSR), which is one of four SmartCloud backup and recovery services. The other three are SmartCloud Managed Backup, SmartCloud Content Management and SmartCloud Application Resiliency. VSR extends IBM's subscription and colocation DR offerings with a cloud-based solution as part of a complete data center recovery strategy services portfolio. IBM promotes cloud-based resiliency and recovery as reliable, scalable and as having the ability to dramatically reduce RPOs and RTOs. VSR is mainly a provider-managed service, requiring close management coordination between the IT customer and the IBM SmartCloud technical support staff. IBM's three service tiers support different levels of test frequency, declaration costs, recovery targets and service pricing. Its "Gold Level" includes failover within minutes/server (based on cloud resource availability), 96 snapshots/day during data replication and 10 recovery tests per year. The "Silver Level" includes shared virtual servers provisioned within one hour for automated recovery, 24 snapshots/day during data replication and one recovery test/year. The "Bronze Level" includes shared virtual server provisioning within six hours of declaration, RPO from the last safe data backup, manual recovery and one recovery test/year. IBM also offers one of the most comprehensive sets of related professional services of any of the providers in this assessment. Service Strengths ■ Multiple service tiers with corresponding RTO- and RPO-based service-level targets are available to accommodate a range of customer recovery requirements. ■ IBM offers a combination of subscription-based recovery, colocation facilities and RaaS. ■ A complementary set of services for data backup, archival and managed application services is available. Page 26 of 35 Gartner, Inc. | G00247389
  • ■ IBM has deep subject area knowledge in its global support and professional services organizations. ■ A solid provider portal interface for configuring a virtual recover data center, recovering servers and monitoring testing progress and completion is available. ■ Detailed audit logs are maintained for all data protection and recovery operations, which is helpful in enabling auditors to verify regulatory compliance. Service Cautions: ■ System recovery is supported only for virtual servers. Servers that need to be recovered via bare-metal restore are a customer management responsibility. ■ All recovery testing is billable. ■ Processor and storage resource bursting is not supported. IPR International IPR International ZoneIT Disaster Recovery IPR's ZoneIT Disaster Recovery service is a managed virtual private data center (VPDC) service that enables its customers to recover VMs, bare-metal restore images and production data inside a managed cloud. Disaster Recovery is one of many services that support the operation and recovery of virtual private data centers. It has been available since late 2010, and it supports the replication and recovery of VMware and Xen VMs, as well as related production data. VM and data replication is supported through the use of Vision Solutions Double-Take software agents, as well as through SAN-to-SAN connections that support EMC RecoverPoint and NetApp's SnapMirror. IPR has a strong presence in the healthcare industry with several healthcare industry customers, and it is a Voluntary Hospital Association preferred vendor. In addition, its two production data centers support customers from 17 foreign countries. Both recovery testing and recovery operations are largely provider-managed, requiring close management coordination between the service customer and the IPR technical support staff. SLA tiers include a continuous service and data availability tier (Service Tier 0) that is facilitated through the use of synchronous replication, a one- to four-hour RTO with a zero- to one-hour RPO service level (Service Tier 1) and a two- to 24-hour RTO with an eight- to 24-hour RPO tier (Service Tier 2). Although ZoneIT Disaster Recovery was the service reviewed for this assessment, IPR is in the process of developing its service branding. Service Strengths: ■ Support for high availability, as well as recovery-centric operations, is available. Gartner, Inc. | G00247389 Page 27 of 35
  • ■ Host-based and SAN-to-SAN replication are supported production data transfer options. ■ Multiple service tiers with corresponding RTO- and RPO-based service-level targets are available to accommodate a range of customer recovery requirements. ■ The company supports hybrid (i.e., mixed VM and physical server) configurations; the most common customer-owned physical systems are HP BladeCenters and IBM Series-i (i.e., AS/ 400). ■ Network service connectivity options include IPSEC VPNs and private Ethernets, as well as more-traditional T3 and T1 services. ■ SSAE 16 Type 2 audits are performed annually, and data center operations controls are compliant with both HIPAA and PCI. Service Cautions: ■ Because ZoneIT Disaster Recovery is primarily provider-managed, few service manageability tools are supported, and there is little integration with on-premises management utilities. ■ Provider portal functionality is limited to the submission of trouble tickets. ■ Recoverability current state cannot be easily assessed. NTT Communications NTT Communications Cloud Recovery Cloud Recovery, which is part of NTT Communications' Recovery as a Service Data Protection Suite, is supported by globally networked data center infrastructure. The service was announced at VMworld in August of 2012. The primary market for NTT Communications is large multinational companies that require recovery capabilities across diverse geographical regions. The service management model is primarily self-service, supported by Geminare's operations and data replication management software. The service delivery cloud is based on VMware's vCloud, and, although all VM formats are supported, most of the client systems running in production are VMware ESX-server-based. VM and related production data replications to the NTT Com cloud are near real time. Hybrid configurations composed of activated VMs and colocated physical servers are also supported. No formal RTO- and RPO-based service levels are supported, but a service delivery infrastructure availability level of 99.97% is formally committed. Typically, customers purchase a total amount of computing and storage resources required for their recovery environment, plus a monthly fee for each VM replicated. Customers can add additional resources in the portal for recovery testing, and failover and activated resources are billed to customers on a minute-by-minute basis. Page 28 of 35 Gartner, Inc. | G00247389
  • Service Strengths: ■ The service is completely agnostic with respect to support of either virtual or physical servers. ■ Customers are entitled by contract to three recovery tests per server per year at no additional cost. Additional recovery tests are billed at $150 per test, with no time restriction. ■ Customers are able to burst their computing resources by logging into a portal and spinning up those additional resources. ■ Although data is being replicated, testing (called "Health Checks") can be performed that power up the application, mount the data store, and test the integrity of the application and the underlying data. ■ Provider encryption of data at rest is supported. ■ Detailed audit logs are maintained for all data protection and recovery operations, which is helpful in enabling auditors to verify regulatory compliance. Service Cautions: ■ The service customer is completely responsible for managing service-level compliance with RTO- and RPO-specific targets. ■ Production instances of Hyper-V and Red Hat Enterprise Linux VMs are limited. ■ Hybrid configuration deployment has been somewhat limited. Rackspace Rackspace VM Replication and Array-Based Replication Rackspace's cloud-based recovery services (based on VMware technology) enable customers to recover VMs and production data inside a managed cloud. The two distinct services include VM Replication and Array-Based Replication. Both support VM and related production data replication within the Rackspace cloud. In addition, Remote Data Replication, which is an on-premises version of the Rackspace replication offering, supports the replication of customer data from dedicated NetApp arrays to a multitenant NetApp array at Rackspace, based on a utility model. The main difference between these services and those offered by the other providers covered in this assessment is that the primary production and secondary recovery infrastructures operate in Rackspace-managed data centers. Hybrid recovery configurations composed of VMs and physical systems or servers are supported within the context of a single recovery domain. VM Replication has been available since October 2012 and supports the replication and recovery of VMware and LINUX .ovf VMs. Array-Based Replication, also available since October 2012, is supported through the EMC RecoverPoint appliance or NetApp SnapMirror software. Gartner, Inc. | G00247389 Page 29 of 35
  • Rackspace also offers a do-it-yourself DR option for customers running VMware environments onpremises, facilitated by the Dedicated VMware vCenter Server offering. Rackspace exposes the VMware vCenter Server API within the customer's hosted environment, enabling customers to connect third-party tools such as SRM to on-premises environments. DRM is the customer's responsibility, with Rackspace managing the hardware, VMware services and guest OS in the customer environment hosted at Rackspace. Recovery testing and recovery operations are largely customer-managed, with assistance provided by Rackspace technical support staff, as needed. RTO- and RPO-based SLAs are not formally supported; instead, both are managed by service customers to support their organization's unique recovery requirements. However, formal SLAs are supported for support staff response times when service or problem tickets are submitted by service customers. Service Strengths: ■ Rackspace emphasizes delivering a high-quality customer service experience, the mechanisms for which have been developed and refined at the company during the past 14 years. ■ It has significantly greater data replication capacity than the other providers, because the customer's production data center and virtual recovery facility operate within Rackspace data centers. This results in the available replication capacity being a function of data center network capacity; therefore, it doesn't depend on external carrier WAN services. ■ Support for software agent-based (through VMware's Site Recovery Manager) and SAN-to-SAN replication is available. ■ Support for as many as four recovery tests per year as part of the standard service contract is available. ■ No additional service fees are charged for a disaster declaration. ■ Service operations compliance with SSAE 16 SOC 2, PCI-DSS, ISO 27001 and EU Data Protection Safe Harbor is supported. Service Cautions: ■ System recovery is supported only for virtual servers. Servers that need to be recovered via bare metal restore can be supported via a separate backup and restore service that is part of Rackspace's managed hosting service. ■ Management portal capabilities are somewhat limited. ■ Resource bursting is unavailable. Page 30 of 35 Gartner, Inc. | G00247389
  • SunGard Availability Services SunGard Availability Services Recover2Cloud SunGard's Recover2Cloud offerings are managed services that enable customers to recover VMs, bare-metal restore images and production data inside a managed cloud. Three distinct services make up the Recover2Cloud family: Recover2Cloud for Server Replication, Recover2Cloud for vCenter SRM and Recover2Cloud for Vaulting. All three support VM and related production data replication, with each service using its own premises-based software replication agent. Recover2Cloud services have been available since September of 2011 and support the replication and recovery of VMware, Microsoft Hyper-V and Citrix Xen VMs. In addition, SunGard also supports SAN-to-SAN VM replication for EMC and NetApp storage controllers, as well as hybrid reconfigurations made up of VMs and physical servers. In addition to being offered stand-alone, Recover2Cloud services support the delivery of SunGard's Managed Recovery Program (MRP), a differentiated service offering that supports the operations managed recovery of complex hybrid configurations. This is enabled by combinations of subscription, colocation, managed hosting and cloud-based services. Recovery testing and recovery operations are largely provider-managed, requiring close management coordination between the SunGard customer and its technical support staff. Recovery SLAs include an RTO of four hours and an RPO of 15 minutes for Recover2Cloud for Server Replication, an RTO of four to 14 hours and an RPO of 15 minutes for Recover2Cloud for vCenter SRM, and 24 hours for RTO and RPO in the case of Recover2Cloud for Vaulting. Service Strengths: ■ SunGard provides "one stop" solutions for the integrated management of applications and data recovery previously supported by point services. ■ Crash-consistent and application-consistent recovery across multitier applications (both physical and virtual) is available. ■ It has a breadth of data backup services and professional services offerings. ■ SunGard has a defined role in assisting its customers with operations failback and failover. ■ Physical and logical isolation of customer configurations minimizes the probability of security breaches occurring inside the cloud. ■ The company provides compliance with SSAE 16 SOC 2, as well as PCI-DSS, HIPAA and ISO 9001. Service Cautions: ■ Because Recover2Cloud services are primarily provider-managed, the richness of its provider portal interface was weaker than the portal interfaces of some of the other providers. Gartner, Inc. | G00247389 Page 31 of 35
  • ■ Few service manageability tools for customer usage are supported, and there is little integration with on-premises management utilities. Verizon Business-Terremark Worldwide Verizon Terremark Virtual Disaster Recovery Verizon Terremark's Virtual Disaster Recovery (VDR) service (based on VMware technology) enables customers to recover VMs and production data inside a managed cloud. The VDR service has been available for nearly three years, having been officially launched in November 2010. Three forms of VM and related production data are supported. The first is SAN-based and is supported by NetApp's SnapMirror, SnapVault and Data Ontap (Version 7.x and 8.x) software, as well as the IBM N series. The second is hypervisor-based through the use of Zerto software. The third (and one that is a differentiated capability) is application-specific recovery for Microsoft Exchange Database Availability Groups (DAG), Microsoft SQL Server Mirroring and Oracle Data Guard. VM replication and recovery is supported for VMware and Hyper-V VMs, with other hypervisors being considered on a custom basis. Recovery testing and recovery operations are primarily provider-managed, requiring close management coordination between the VDR customer and Verizon Terremark technical support staff for recovery testing, as well as for orchestrating the follow-up steps to an actual disaster declaration. SLA tiers include a standard one-hour RPO. The RTO SLA is somewhat different in that it is a one-hour response time for the initiation of VM restoration and activation from the time of declaration. Although the return-to-service process is automated, the return-to-service time depends on the number of servers being booted, as well as specific boot order dependencies. The return-to-service time is specific for each customer and will be determined more precisely as a result of conducting failover testing. Unless customers have many sequential boot order dependencies, the normally expected return to application service time would be less than two hours after the disaster declaration. Service Strengths: ■ Verizon has nearly three years of RaaS delivery experience. ■ Verizon has a broad range of VM and related production data replication mechanisms. ■ As part of its resource bursting management policy, although customers are guaranteed a minimum amount of CPU and RAM based on the number of VMs being replicated, and can also add additional virtual CPU and RAM to their guaranteed resource pool, they can also burst into as much additional CPU and RAM as they need to support an actual disaster declaration at no charge. Resource availability is managed on a best-effort basis. ■ Verizon has significantly greater data replication capacity than the other providers because the customer's production data center and virtual recovery facility operate within Verizon Terremark Page 32 of 35 Gartner, Inc. | G00247389
  • data centers. This causes the available replication capacity to be a function of data center network capacity; therefore, it doesn't depend on external carrier WAN services. ■ Several production customers have achieved FISMA (moderate and high), HIPAA and PCI compliance. ■ It has a large professional services organization with significant BC and IT DR project experience. Service Cautions: ■ Customers are limited to one test per year as part of the standard contract, with additional tests charged at $2,000 per test. ■ Because VDR is largely a provider-managed service, use of management portal capabilities is strictly limited to internal Verizon Terremark staff. ■ As another consequence of the provider-managed approach, no integration with on-premises management utilities is supported. Gartner Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Hype Cycle for Business Continuity Management and IT Disaster Recovery Management, 2013" "Market Trends: Assessment of the Rapidly Growing Market for Cloud-based Recovery Services" "Toolkit: Recovery-as-a-Service RFP Template" Evidence 1 Anecdotal evidence collected from nearly 3,000 Gartner client inquiries that have been serviced during the past three years. Critical Capabilities Methodology "Critical capabilities" are attributes that differentiate products in a class in terms of their quality and performance. Gartner recommends that users consider the set of critical capabilities as some of the most important criteria for acquisition decisions. This methodology requires analysts to identify the critical capabilities for a class of products. Each capability is then weighted in terms of its relative importance overall, as well as for specific product use cases. Next, products are rated in terms of how well they achieve each of the critical capabilities. A score that summarizes how well they Gartner, Inc. | G00247389 Page 33 of 35
  • meet the critical capabilities overall, and for each use case, is then calculated for each product. Ratings and summary scores range from 1.0 to 5.0: 1 = Poor: most or all defined requirements not achieved 2 = Fair: some requirements not achieved 3 = Good: meets requirements 4 = Excellent: meets or exceeds some requirements 5 = Outstanding: significantly exceeds requirements Product viability is distinct from the critical capability scores for each product. It is our assessment of the vendor's strategy and its ability to enhance and support a product over its expected life cycle; it is not an evaluation of the vendor as a whole. Four major areas are considered: strategy, support, execution and investment. Strategy includes how a vendor's strategy for a particular product fits in relation to its other product lines, its market direction and its business overall. Support includes the quality of technical and account support as well as customer experiences for that product. Execution considers a vendor's structure and processes for sales, marketing, pricing and deal management. Investment considers the vendor's financial health and the likelihood of the individual business unit responsible for a product to continue investing in it. Each product is rated on a five-point scale from poor to outstanding for each of these four areas, and it is then assigned an overall product viability rating. The critical capabilities Gartner has selected do not represent all capabilities for any product and, therefore, may not represent those most important for a specific use situation or business objective. Clients should use a critical capabilities analysis as one of several sources of input about a product before making an acquisition decision. Page 34 of 35 Gartner, Inc. | G00247389
  • GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM For a complete list of worldwide locations, visit http://www.gartner.com/technology/about.jsp © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.” Gartner, Inc. | G00247389 Page 35 of 35