Progressive managed service providers are always looking to capture new revenue and retain loyal clients by delivering more value. Often this means looking at expanding the services catalog far beyond being a break/fix hosting provider. Mid-sized MSPs today are listening to the market and being open minded about new possibilities.
On top of basic operational duties, many have extended their portfolio of surrounding services like network resiliency, printing, identity management, SIP Trunking and cloud security for examples. Now building on the new economic advantages of cloud computing, small and mid-sized MSPs can offer Disaster Recovery as a Service (DRaaS) to a wider base of potential clients. Disaster Recovery investments and planning are no longer just for the Fortune 1000. Here we discuss the challenges and benefits of building a DRaaS service, and list the key deliverables from a quality MSP.
Table of Contents
Disaster Recovery Products Scope
Gartner defines DRaaS as "a productized service offering in which the provider manages server image and production data replication to the cloud, disaster recovery runbook creation, automated server recovery within the cloud, automated server failback from the cloud, and network element and functionality configuration, as needed."
Essentially the difference of DRaaS from a managed backup service is that the MSP is not only responsible for collecting the data and applications, they also orchestrate the recovery from agreed upon playbooks. The data may reside or be directed to the customer premises, the MSP’s IaaS or a third-party cloud provider. DRaaS services from MSPs have simplified the otherwise impossible task of setting up alternate computing sites to resume production quickly after an interruption. Restoration is completed within a predictable timeframes to meet business objectives.
You may think of weather, forest fires and earthquakes as common natural disasters that potentially interrupt operations. Today’s business leaders must anticipate potential risks of civil unrest, evacuations, extended power grid interruptions, and security threats such as ransomware that hold critical data hostage.
Why Clients Consider Purchasing DRaaS
Many clients that have outsourced or outtasked IT functions to an MSP will see the value in purchasing DRaaS. This type of managed IT service is a combination of operational responsibilities, software automation and Professional Services. In today’s economy built on electronic commerce most enterprises can easily calculate the mounting costs of unplanned downtime. The lost revenue from restoring web services after 24 minutes or 24 hours is enormous.
A real-life example of an IT disaster with a successful recovery is discussed here:
Further reading Real-Life Disaster Recovery Scenario from an MSP
Further to lost sales is the possible long-term damage to the brand with loss of consumer confidence if disasters are mishandled. The enterprise must evaluate common and rare risks so they are somewhat anticipated and planned for. Today most everyone has backups either done in-house or with an MSP partner.
Human nature also shows that confusion and panic may set in to paralyze operations when faced with the pressure of unknown variables. Extended failures are often due to operational assumptions that haven’t been fully validated by testing.
Although the client may see the value of planning, they may not have the specific resources or want to invest in always-on standby servers, licenses and redundant communications. Given the maturity of automated cloud backup software and quick provisioning times of cloud resources, a savvy MSP can now put together a DRaaS offer with attractive rates.
Why Offer DRaaS as a Part of Your IT MSP Catalog
If the MSP already has operational responsibility for creating and storing valid backup data, they are in a great position to offer a DRaaS to add value, and gain wallet share. In fact the technology difference from a solid managed backup service to DRaaS is not a big leap. It is a matter of planning, documentation and discipline processes all outlined by new Professional Services engagements.
Ultimately a growing MSP will want to move beyond a ‘Service Provider’ posture and also become a ‘Trusted Advisor’ to select accounts.
A ‘Trusted Advisor’ is a status which an MSP can gain by demonstrating integrity and technical expertise to a client, listening well and collaborating with professionalism, thus developing a trustful business relationship. It often leads to multiple solution sales where the client believes the vendor or consultant always has their best interest at heart.
Offering DRaaS will allow the MSP to get to know the client’s business priorities and operations to another level. When trust is established and operations are intertwined, there is more likelihood of long term loyalty.
After building DRaaS, today’s progressive MSPs can leverage these services as a differentiator over regional completion. This add-on service option can also be leveraged later in time to retain strategic accounts coming up for contract renewal.
As of 2019 here are the main business reasons MSPs develop a DRaaS offer:
- The industry now has a mature definition for a DRaaS offering
- A client’s business case for this investment can be easily justified
- Gain a new recurring revenues & high margin Professional Services
- Increase your total value delivered and loyalty with IT clients
- Cloud backup platforms now automate monitoring, processes and compliance at new lower costs over previous manual labor playbooks
- Advanced backup services are becoming table stakes for full service MSPs
Seven Key Features for DRaaS
Below are high-level service components of a quality service. Your final service description will encompass several standard features and customizations. Here are some main considerations to take stock in towards justifying and starting development.
Cross-Platform Infrastructure Support
Best practices in storage and recovery of critical data include the 3-2-1 Rule. This approach says you should build 3 copies of your data, have 2 different mediums (disk, tape or cloud) and 1 copy should be off-site from the production location.
A hybrid of cloud and local storage is common and the MSP should have internal capacity plus alliances with regional or hyperscale cloud providers.
Architecture That Supports RPO and RTO Targets
Your standard offer or custom build must accommodate the client’s business requirements. Once a disaster is declared, the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two cornerstone business parameters of disaster recovery services.
Essentially the target age (how far back in time) of the data do we need, and how quickly in elapsed time do we need to resume application(s) back into production. From there the solution’s architecture can be finalized and a plan can be costed. Some Professional Services and architecture alterations may be required in order to get a viable DR plan into production.
Professional Services to Create the Plan
Aside from recurring revenue a mature DRaaS service will pull in billable hours to explore the client’s objectives, shape the client’s solution, and document the final plan for sign -off. These Professional Services could be billed outright, or blended into the monthly IT services invoice.
Reliable IT Operations
An MSP needs a proven track record of being proactive to events and effective in restoring IT services per contracted SLAs. A common operational web dashboard should be shared with the client to prove daily readiness should a disaster strike.
DR Testing to Verify Plans
100% of the best-laid plans need to be tested and signed off by all parties. Testing can be piecemeal or a total run- through of a mock disaster. All testing must be periodic to account for subtle environmental changes that will impede DR success. Classic MSP DR testing methodologies are further discussed here:
Further reading Disaster Recovery Testing: Scenarios, Best Practices, Methods
Feedback and Lifecycle Adjustments
Every well-written DR plan needs adjustment over time as conditions and priorities change. Each plan should be reviewed if there are changes in personnel, policy, infrastructure or expansion. Your DRaaS should follow a discipline Governance Model that not only periodically reviews the plan, but tests components on a regular basis. Each party has a responsibility to inform and adjust to changes in technology or the common business environment.
MSP Pricing Model
Your DRaaS can be costed and billed in a variety of valid models. Likely the client will want to continue only per device, or per user pricing. Known costs can be divided by units billed, but that assumes only modest design changes in low overall growth.
Remember DRaaS is a premium service that delivers a guaranteed overall outcome. Consider a fixed premium monthly invoice based on the overall architecture and actual resources consumed.
MSP billing design options are further discussed in the following article:
Further reading MSP Pricing Models
MSP vs. Client DRaaS Responsibilities
Obviously your service design details may differ, but here are the classic roles and responsibilities that can be outlined in an MSP’s DRaaS contract.
|DRaaS Service Function||MSP Responsibilities||Client Responsibilities|
|Creating DR Plan||The MSP owns based on consultation||Client articulates requirements & signs off|
|Collects backups||The MSP owns and shares daily success||The client will observe success & react if needed|
|Incident Management||MSP owns proactive alarms & ticket process||Client will participate in resolving internal faults. Client can also create an Incident ticket|
|Change Management||MSP owns production change requests||Client submits changes & provides notice of future service level changes|
|Reporting||MSP owns Service Reporting & SLA results||Client attends periodic Service Reviews.|
|DRaaS Testing||MSP owns periodic testing & follow up process||Client participates & resolves own action items|
|Performing the Recovery||MSP performs infrastructure & data recovery||Client is available & verifies return to production|
A guiding checklist of DR client interactions from education, plan creation and ongoing plan testing is further discussed here:
Further reading Disaster Recovery Plan Checklist
Should You Offer BaaS Only, or DRaaS, or Both?
So should the ambitious MSP develop and promote only a managed backup service or a full Disaster Recovery as a Service offer? The marketing material may sound similar at a high level, but the roles and responsibilities are very different.
Ultimately it depends on the profiles of your target clients along with your talent pool and business plans. Fortunately the leap from BaaS to DRaaS does not involve new large investments to gain automation towards enabling DR success.
Consider also that the IT client can always upgrade at a later date to a Disaster Recovery Service when you have delivered operational excellence in Managed Backup. Clients will upgrade with you if a Trusted Advisor relationship is reached. Further discussion of BaaS vs. DRaaS development decisions are found here:
Further reading Backup and Disaster Recovery as a Service: BaaS vs DRaaS
Choosing the Right Software for Your DRaaS Offering
MSPs will not need to invent or code new software applications to perform backups and display the real-time results. Look for a DR software partner that enables efficient support of small and mid-sized clients with modest requirements. They should also be able to scale to handle complex designs without product customization.
Look for these attributes when selecting a BaaS or DRaaS partner:
- Cross-platform support – Windows, MacOS, Linux and endpoints
- Storage-agnostic – mix and match local, cloud and hybrid designs
- Capable of application-aware backups
- Efficient use of compression and bandwidth throttling
- Intuitive scripting and common templated tools for push button activation
- Encryption for added security on data at rest, or in transit
- Full visibility and control from a shared customer web portal
- Integration APIs into MSP ticketing, security and business systems
- Enable regulatory compliance for PCI, HIPAA and others
- Ability to white-label client dashboards and reports as your own
- Proven compatibility with hyperscale computing providers