Building a Disaster Recovery Plan - RTO & RPO

Building a Disaster Recovery Plan - RTO & RPO

Profile picture for user sarojini
Sarojini Devi Nagappan
19 August 2020

A disaster recovery (DR) plan is a must for any organisation who wants to minimise downtime in services. Usually, a DR plan is designed as a part of the risk mitigation strategy which fits the business environment. Disaster to an organisation can be a threat from theft, ransomware, a natural disaster, or any situation which leads to loss of data and application. A blog posted in the QLS solution group pointed out that at least 75% of small business owners do not have a disaster recovery plan. Also, 34% of those without a plan, consider disaster recovery plan as a low priority although it would take them up to three months to recover to loss. 

In most conditions, when a disaster strikes, the disaster recovery plan is referenced to know the exact recovery procedure to minimise downtime and prevent further data loss. A good disaster recovery plan will define the actions to be taken before, during, and after a disaster strike. While there are many parameters and components specified in a DR plan, recovery time objective (RTO) and recovery point objectives (RPO) are two essential metrics for data backup and recovery. Both terms describe steps for the recovery process, acceptable period for recovery, and frequency of backup. This blog will discuss RTO and RPO in disaster recovery (DR) planning.

Recovery Time Objective (RTO)

Recovery Time Objective defines the maximum downtime before recovery; in other words, how long can your application or database be offline before fully operational. So the metric here is the tolerable downtime period. For example, If you have defined the operational recovery time can be up to 4 hours, this means, the business operation can continue normally without any data restoration for at least 4 hours. The RTO timeline includes disaster detection, root cause investigation, and activating failover processes, and this varies for every organisation.

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Recovery point objective refers to the tolerable data loss period before recovery, and the time metric is particularly crucial for data backup and recovery activities. The organisation should decide their threshold for data recency and then define the backup schedule frequency accordingly in the DR plan. An appropriate backup schedule will ensure the data age is up to an acceptable moment at the restoration point. For example, if the organisation holds banking transactions on its database, then the frequency of database backups could be in seconds, which means at the restoration point, you would have only lost data from the last couple of seconds.

Recovery Point Objective (RPO)

RTO and RPO in Building a Disaster Recovery Planning 

To design an effective DR plan, firstly, conduct an assessment on the current environment to understand the following items:

  • Amount of data in the organisation
  • Location of the data
  • Impact of disaster to the business operation
  • Permissible downtime for database and applications

This step is vital for budget allocation and understanding the critical applications in the environment, which is useful for risk assessment. The second step involves conducting a risk assessment to know if there is a disruptive situation that will impact the image of the business. A risk assessment also indicates the possible threats for the organisation, which would trigger the execution of the DR plan. The third step to build the DR plan as part of the risk mitigation strategy. The DR plan should include the following:

  • The maximum allowed time for downtime which is the RTO
  • The allowed data loss which is the RPO
  • Data retention storage location which abides by the regulation for data protection

As a part of the risk mitigation strategy, the backup solution should be identified especially for the mission-critical applications like the databases holding all data. The identified backup solution should be able to perform backups and restore the data at minimal. The final step is to test the developed DR plan to ensure it works as intended for a particular scenario. Backups may not be valid until they are verified and tested; therefore, it’s best to restore and check your backups before anything terrible happens.

Backup Solutions for Disaster Recovery

Investing in a backup solution is an essential part of a workable DR plan. A selected backup solution should be able to automate the backup process of critical applications like databases on a specified duration. RPO can be used to indicate a good backup schedule plan whether it needs to be hourly, daily, weekly, and so on. Another useful feature to have in the backup solution is the ability to store data on the cloud, in case of any natural disaster, cloud backups are the best for immediate recovery. Of Course backup solutions as part of disaster recovery services must have the platform to restore the backups seamlessly to minimize downtime. Many vendors offer backup as a service, and the offerings come in various plans which even small businesses could afford at any point in time. Backup Ninja, Veeam, Solarwinds are some of the vendors providing backup as a service, rich in features and functionality in backup and recovery. 

Backup Ninja for Disaster Recovery

If you work with open source databases like MySQL, PostgreSQL, MariaDB, MongoDB, Percona, and Timescale, you would then be familiar with multiple steps and scripts to backup your database. Besides, if you are on a manual backup mode, there are high chances of overlooking timely backup, which leads to data loss during restoration in the event of a disaster. With Backup Ninja, you can easily have your database backups automated according to your preferred schedule locally or on a cloud. 

Backup Ninja for Disaster Recovery

The restoration process is also easy; you just need to select the backup files,  fill the other parameters, and you are all set to retrieve and restore your backups from Backup Ninja.

Backup Ninja for Disaster Recovery

Also, you get to monitor your backups all via a simple dashboard, and this allows you to keep tabs on the backup process, and it’s status for different servers.

Backup Ninja for Disaster Recovery

Conclusion

Everyone knows backups are an essential part of a disaster recovery plan. A careful analysis of the RTO and RPO parameters will be the best indication on backup scheduling and recovery timeline. As discussed earlier, RPO will indicate how much data loss at the point of recovery. Hence if the business requires data to be up to the moment at the restore point, then the backup schedule for that application will be frequent. As for the RTO, it is important to indicate the acceptable downtime, which is vital for business SLA’s. In conclusion, RTO and RPO are both critical metrics for a good backup and recovery planning.