Author: Pash Hrnic, Solution Architect
At CDW, we’ve seen many trends start and flourish, while others fade into the background. In this blog we will be discussing the As a Service subscription that has found its way into almost every IT budget since the birth of public cloud. Specifically, Backup as a Service1 (BaaS), and the various ways it can be delivered and consumed.
Unfortunately, data protection is an area that businesses are trying to limit their spend, as it is a non-differentiating business function. You’ll be hard-pressed to hear news about how an organizations’ backup system propelled it ahead of its competitors. However, backups still need to be performed to ensure that data is guarded, and compliance requirements are met. To ensure organizations have more time to focus on applications and services that drive business value, many are turning to service providers to offload their day-to-day backup operations.
In addition to discussing the various ways BaaS can be delivered and consumed, we will also provide an overview of service provider models that are available. Additionally, we will outline our selection criteria in hopes of helping business leaders and end-users better understand the subtle differences and details between the variety of solutions available.
BaaS “À la Carte”
While typically Software as a Service (SaaS) or hybrid-based, the first style of BaaS is à la carte. Customers leveraging this style of service are presented with a broad set of features, each of which require separate licenses or subscriptions. For example, virtual machine (VM) backups might be sold in packs of ten, while licenses for mailbox protection services are sold per inbox or named user. Storage costs are usually bundled in with each license type, however, some providers also offer capacity-based licensing and extended capacity costs for vast datasets.
This style offers a centralized management console that lives in the cloud. It closely resembles the traditional on-premises solutions, though the core infrastructure for the solution sits in the providers’ data centre while small elements of the solution are installed on-premises, or within cloud environments as proxy or gateway appliances. Some products in this category can also accommodate a physical appliance, with direct or network storage attached, to hold data nearline for rapid restores, compliance, or to reduce cloud egress2 costs when performing restores.
- Since the “master” server exists as a cloud-based SaaS portal, compute resources such as physical servers, or virtual machines are not required, thus reducing the cost that a typical on-premises master server might incur (e.g., co-location space, power/cooling, operating system (OS) licensing etc.).
- As with the typical SaaS model, system administrators can focus on maintaining, updating and securing on-premises server assets and business-critical applications, which results in less management overhead.
- Customers of a SaaS-based backup solution can rest assured that the core of their backup infrastructure is inherently highly-available. The responsibility of managing uptime for the core backup components rests with the providers.
- Direct-to-cloud simplicity and scalability, as storage targets fall under the management of the service provider. In some cases, BaaS products in this category offer flexibility for customers to bring their own storage.
- À la carte BaaS can protect virtual machines, containers, applications and physical servers from almost everything that on-premises counterparts can.
- Intermediate-level administrative staff are still required to manage the day-to-day backup operations, such as daily health checks, re-run failed jobs, complete restore requests, etc.
- This style of service is missing add-on features such as storage array integrations and advanced analytics; and tape support comes as an afterthought.
- Full functionality is dependent upon internet connectivity and is typically slower than on-premises solutions, especially when copying or replicating directly out to a cloud target. Additionally, speeds are limited to the organization’s available internet bandwidth.
While SaaS-based backup tools have become a popular alternative to on-premises solutions, they are still aimed towards mid-market or mid-sized environments. Enterprise customers with sprawling environments that have legacy server components and tape technologies, might want to look at the other styles of BaaS to meet their overall or specific backup needs.
The ‘niche’ category of BaaS products is very useful when protecting a single element or application within the IT service portfolio. In this style, cloud-hosted application vendors provide redundancy that ensures the availability of the present state of the data. Uptime for these is guaranteed by the service provider, but the responsibility of data protection falls upon the customer. In some cases, short-term rollback solutions are available, but in most cases, native tools do not protect against service-impacting data loss events, nor do they retain data for longer-term or compliance purposes. Also, native toolsets usually do not have the storage target flexibility, reporting or indexing capabilities required by small, medium and large customers alike. The niche BaaS is essentially a stopgap solution that addresses any shortcomings of a SaaS provider’s built-in data protection solution.
Like the previous category, niche BaaS solutions are delivered via a SaaS model – though they typically protect vendor or application specific data. These niche BaaS offerings can target specific SaaS applications where the customer is not the custodian of their data. For example, there are BaaS offerings designed to protect cloud-based collaboration suites. Similarly, there are products that will protect popular online customer relationship management (CRM) databases as well.
There are also vendor-specific BaaS offerings designed to integrate with their native storage products. An example of this is where a storage vendor offers a BaaS to centrally orchestrate protection of data that resides across their on-premises and cloud-based storage offerings. This BaaS product would be advantageous for those organizations that have standardized or homogenized their storage environments to a single vendor/manufacturer.
The ‘niche’ category of BaaS solutions is a perfect companion or alternative to full-blown, on-premises solutions, as they protect data or services in scenarios where traditional applications may lack support, or where the implementation might not meet the customers’ requirements.
- This category is designed to protect data within a limited scope, keeping the solution easy to deploy and manage, and lowering costs.
- Minimal investment in administration overhead is required since the implementation is turnkey.
- No additional hardware is needed.
- It’s available as a subscription.
- A separate pane of management is required if the customer already has an on-premises data protection solution.
- Niche BaaS solutions almost always use a form of object storage, where storage targets are hardcoded into the solution. However, some do offer the option to bring-your-own-storage (BYOS).
“White Glove” BaaS
The third and the most comprehensive category is “white glove,” or fully managed BaaS. This category of BaaS is consumed through a monthly subscription with a managed service provider (MSP). The major difference between the other types of BaaS is that the “white glove” BaaS does not require any administration effort from the customer. This is an outsourced data protection solution, and MSPs who offer this service can typically “plug-in” to an existing on-premises solution, if supported, or they can deploy and manage data protection suites available from the top market leaders.
The primary benefit customers realize through a hands-off partnership with an MSP is a better utilization of their IT staff. Instead of dedicating one (or more), IT members to maintenance and management of the backup solution, IT staff can focus on high-priority revenue-generating projects.
One of the more important aspects of the service is the on-boarding process, which normally includes assessment and discovery of the customers’ existing IT environment and applications. Once complete, a solution can be put into place. Onerous day-to-day tasks like backup job configuration, performance monitoring and troubleshooting all become the responsibility of the service provider.
- Data protection architecture services and day-to-day operations of the backup environment are offloaded to the MSP.
- Performance monitoring and troubleshooting are performed by MSP.
- Staff augmentation allows the customer to leverage in-house IT staff for more important tasks and projects.
- MSP’s typically have a stringent set of rules and standards they need to follow, which ensures KPI’s are monitored and delivered upon both consistently and efficiently.
- 24/7/365 support.
- MSPs should always be informed prior to any additions, moves or changes to the infrastructure, which could complicate or delay internal change processes.
- Organizations are almost always limited to choose from three or four of the market leading solutions that an MSP supports.
- Incidents must be logged via email, web portal or phone. Depending on the request type and service-level agreement (SLA) with the provider, there could be a slight delay in time to resolution vs. having an on-premises backup admin.
- In addition to product licenses and support maintenance costs, the MSP typically includes a monthly service charge for the support.
“To BaaS or not to BaaS”
Now that we have a better understanding of the nuances between the different types of BaaS’, how does one decide which BaaS is the best fit for their organization? Here are some considerations:
- “Are there any protection gaps in the current strategy? Is my current data protection solution meeting the business or compliance requirements?” If these are difficult questions to answer, then all BaaS options should be considered. Consulting with one or more BaaS providers will uncover faults and pave the way for making improvements, giving you confidence in your backup strategy.
- “Do I have the expertise in-house? Does my IT team have the capacity to monitor and maintain day-to-day backup and restore operations?” In some cases, short-staffed IT teams simply don’t have the time to manage all the components of a backup solution. BaaS products need to be inspected carefully to ensure they align with your staff’s level of expertise and availability. For example, if an organization has a team of IT staff where day-to-day tasks can be shared and there is capacity within the team to manage backup operations, then a co-managed solution makes the most sense. However, if you have a small, concentrated team of developers focused on writing customer-facing applications, offloading backup tasks to an MSP for a fully managed service will allow them to better manage their time and focus on innovation and meeting business objectives rather than the mundane, day-to-day tasks.
2021 has been a difficult year in terms of both supply chain and labour shortages, and IT staff are being called upon to do more with less. As always, companies are looking to focus efforts on differentiating themselves and pushing ahead of their competition. Driven by ease of use, the BaaS model for data protection has proven it can adapt to meet business needs while giving back time to key personnel so they can positively transform their business.
At CDW, we can offer support through backup architecture, or Disaster Recovery as a Service (DRaaS), and can provide the right level of management across your backup and disaster recovery environments. If you are interested in learning more about any of the BaaS categories discussed in this blog, or if you are looking to transform your data protection strategy with a solution that is cost effective, reach out to the CDW team or visit our website.
- Backup as a service (BaaS): An approach to backing up data that involves purchasing backup and recovery services from an online data backup provider. Instead of performing backup with a centralized, on-premises IT department, BaaS connects systems to a private, public or hybrid cloud managed by the outside provider.
- Egress: Outbound data traffic
- Erin Sullivan, Tech Target, Backup as a Service – https://searchdatabackup.techtarget.com/definition/backup-as-a-service-BaaS
- Tech Target, What is egress? – https://www.techtarget.com/searchnetworking/definition/egress