Magic Quadrant for Disaster Recovery as a Service

Overview of Disaster Recovery as a Service (DRaaS)

There are three kinds of cloud-based recovery service; the main differences lie in provider and customer responsibilities:

• Disaster recovery as a service (DRaaS): The service provider manages virtual machine (VM) replication and, optionally, physical machine (PM) replication from the production data center into the cloud, VM/PM activation inside the cloud and recovery exercising within the cloud.
• Recovery using infrastructure as a service (IaaS): The customer manages VM replication from the production data center into the cloud, the provider manages VM activation inside the cloud and the customer manages recovery exercising within the cloud.
• Recovery using backup as a service (BaaS): The provider manages VM backup from the production data center into the cloud, the customer requests VM restoration (either inside or outside the cloud) and the customer manages recovery exercising (either inside or outside of the cloud).

Because DRaaS server and storage resources are both virtual and can be activated on demand, exercising flexibility and the rapid initiation of post-declaration recovery operations are often superior to more conventional approaches. Practically speaking, the DRaaS advantage here is limited. This is reflected in the fact that the server scope of the great majority of the approximately 18,000 active DRaaS production instances is less than 75 servers, and the related number of in-scope production applications is often no greater than 10.

These statistics show that the majority of early DRaaS adopters are small organizations whose data center infrastructure is typically less than 100 servers. In addition, they also reflect the fact that providers have far more experience in efficiently activating smaller server configurations than with configurations containing several hundred VMs.

DRaaS vendors initially provided VM recovery primarily for VMware. However, given the rapid growth of other VM types, such as Microsoft Hyper-V, Citrix Xen, Linux-centric KVM and Oracle VM (OVM), service instances are becoming increasingly heterogeneous. In addition, there is increasing customer demand for more integrated support of hybrid recovery configurations (that is, recovery configurations containing both virtual and physical servers). The result of this demand is that the service model is becoming more complex — in many cases, becoming quite similar to a traditional managed hosting model. For their part, providers are rapidly embracing this opportunity because of the high potential for significantly increased monthly service revenue.

Another evolving market requirement is the use of DRaaS not just for more traditional recovery exercising and post-disaster declaration recovery operations, but also as the means of more selectively failing over production applications into the cloud in order to support improved IT service continuity. The inevitable result is increased customer transition to more blended data center operations that span both the premises and the cloud.

Market Evolution, Growth and Segmentation

The DRaaS market originally emerged to address IT organizations' need to support increasingly aggressive recovery-time targets and more frequent and lower-cost testing while understaffed, or without requiring a significant time commitment by existing IT staff.

Initially, small organizations with less than 100 employees were DRaaS early adopters. This is because these organizations lacked the recovery data center, experienced IT staff and specialized skill sets needed to manage a disaster recovery (DR) program on their own. This made provider-managed DR, which requires no capital expense, an extremely attractive DR option. In contrast, much larger organizations with thousands of employees initially lacked interest in DRaaS for a number of reasons, including the following:

• Most large organizations already had multiple data centers that could serve as backups for each other.
• Few large organizations were moving to having only one or no in-house data centers or colocation sites.
• Closing a data center and decommissioning DR hardware could take years to plan, and DRaaS offerings were still new.
• Many large organizations that needed subscription services from DR service providers were conservative IT buyers, so not ready to move to a public cloud-based service — due to security concerns and/or long-term provider viability.
• The great majority of existing DRaaS instances were specific to VMware VM recovery, whereas larger enterprises tend to have more heterogeneity in their computing platform mix.
• Large cloud-based DR configurations were not necessarily a low-cost alternative and would be likely to require substantial (and costly) WAN bandwidth in order to support faster recovery point objectives (RPOs).
• The activation and management of large (that is, involving hundreds of VMs) multitenant DRaaS configurations was very challenging for those organizations with very low recovery time requirements (of a few hours or less).
• For large configurations, providers sometimes proposed the service alternative of a managed virtual private cloud. This approach supported the required recovery times more predictably; however, this improved recoverability came with a substantially higher monthly service price.

For larger organizations, many of these objections still remain. Since the beginning of 2013, however, improved DRaaS maturity, greater provider choice and lower monthly service costs have broadened the appeal of DRaaS across organizations of all sizes, dispelling the myth that the DRaaS "sweet spot" is limited to small businesses.

Historically, DRaaS has been thought of as having its heaviest adoption in regulated industries, such as financial services, retail and healthcare, which have government regulatory pressures to protect data. However, DRaaS providers in this Magic Quadrant reported adoption and strong interest across all verticals as the number of knowledge workers has increased and dependence on application and data availability has a direct impact on business performance. Moreover, although service providers reported adoption by all verticals, they largely reported no need to have vertical-specific offerings or sales initiatives. Overwhelmingly, DRaaS was seen as a horizontal offering by providers.

Reference customer survey results (as a part of the research for this Magic Quadrant) showed both the positives and negatives of vendors' DRaaS offerings. Of the nominated reference customers from the 14 Magic Quadrant participants, approximately 92% (62 customers) completed the survey. Two of the top three results — support for both virtual and physical servers, and DRaaS contract flexibility — had not previously been differentiating service features. However, providers have found the requirements for both virtual and physical server recovery configurations far more common than they previously thought. In addition, service pricing and contract terms have improved considerably during the past couple of years — in response to both larger opportunities and the fact that with well over 170 DRaaS providers in the market there is no lack of industry competition.

Despite the rapid evolution of the DRaaS industry, especially since the beginning of 2012, there are still several service features and pricing attributes that need improvement, according to the reference customers.

The most cited area for improvement — service cost-effectiveness — appears, at first, to be at odds with the industry perception that cloud-based recovery services are far less expensive alternatives to more traditional recovery approaches. However, Gartner has found that in many cases, fixed recurring pricing per VM per month can sometimes be prohibitively costly, especially when an in-scope configuration consists of hundreds of VMs. For this reason, many providers have adopted alternative pricing models — including the addition of a pay-for-usage option, as well as separate pricing for VMs that are supported on dedicated hardware versus a much less costly multitenant alternative.

An additional service attribute is the maximum length of time during which a customer can support operations at a cloud data center following the occurrence of a disaster. In this regard, provider policies vary significantly, both in terms of the maximum amount of time allowed and the associated daily usage pricing. Gartner recommends that clients include a provider's maximum usage duration policy as one of their due-diligence criteria.

No single DRaaS service attribute was overwhelmingly rated positively or negatively by the references. This may indicate that users feel today's services are simply "good enough."

Source: Gartner (April 2015)

Vendor Strengths and Cautions

Acronis

Acronis currently goes to market with Acronis Disaster Recovery as-a-Service (DRaaS) — formerly nScaled. Acronis' U.S. data centers for DRaaS are located in Ashburn, Virginia and Dallas, Texas. In addition, Acronis has two European DRaaS data centers located in London, U.K. and Frankfurt, Germany. Acronis DRaaS is also available in Japan through a partner. Acronis itself has a direct presence in 25 countries.

Currently, the Acronis DRaaS service offering is sold as a self-managed service, but is also available as a fully managed service through partners. The support team is available to provide day-to-day help desk support, to support clients during a disaster failover and to actively assist with the failback process. This support is available 24/365. Acronis sells mostly through a channel sales model. Almost all of Acronis' current production customers have hybrid recovery configurations.

Strengths

• Acronis received very high reference customer satisfaction scores for the quality of its technical support and SLA performance.
• Acronis has strong experience in the support of hybrid recovery configurations.
• The recovery console provides many functions that give Acronis' customers service control management, reporting and analytics for both their cloud and on-premises data and server protection.
• Acronis' runbooks are easy to build and are fully automated.
• Acronis' recovery testing is flexible and allows nondisruptive automated test activation and scheduling in a segregated environment.

Cautions

• Acronis DRaaS is a self-service offering only that allows customers to configure and monitor their recovery environment through a Web console. Acronis professional services and Acronis channel partners are able to offer DRaaS as a fully managed service.
• Acronis has limited experience in managing large enterprise recovery configurations.
• Acronis has had limited experience of supporting customers outside of the U.S. and the U.K.
• Currently, Acronis' regulatory compliance, in addition to Statements on Standards for Attestation Engagements 16 (SSAE 16), is limited to Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA).

Axcient

Axcient's current DRaaS offering is Axcient Business Recovery Cloud, which is primarily a self-managed solution sold both directly and through partners such as management service providers (MSPs) and system integrators. While 80% of Axcient's DRaaS revenue is currently from MSPs, Axcient also has a strong and growing base of small or midsize business (SMB) customers in the U.S. It currently has two service delivery data centers, one in the U.S. and one in Canada.

Axcient provides a Web-based portal, which is called the Remote Management Console (RMC). MSPs or users can select new devices to be protected, verify their status, receive alerts, recover files and virtualize an entire office instance. Axcient supports the replication of production VM images and data either via a premises-based appliance or via the Axcient Virtual Appliance, which was launched in 2014.

Strengths

• Axcient's per-server or per-virtual-host pricing is simple and all-inclusive, and its self-service model makes its pricing competitive. As a result, customer references rated Axcient's pricing and billing methodologies as being very transparent.
• Axcient owns its technology, and therefore isn't reliant on third parties for innovation.
• Administration of Axcient's GUI is simple and easy to use.
• Axcient also offers recovery of physical server operations through the use of bare-metal restore of backed-up system images to cloud-based servers.
• Axcient is compliant with regulations such as HIPAA, Payment Card Industry (PCI), Financial Industry Regulatory Authority (FINRA), Municipal Securities Rulemaking Board (MSRB) and GLBA.

Cautions

• Axcient remains primarily the provider of a self-service DRaaS solution. Customers requiring a broader range of management services can turn to Axcient's large partner community.
• Axcient's own professional services capabilities are somewhat limited, though it will assist with some services such as quick-start implementation. Customers requiring a broader range of professional services can turn to Axcient's large partner community.
• Axcient has limited direct experience with production customers in the large enterprise segment. Currently, only 10% of Axcient's installed base is made up of organizations with more than 1,000 employees.
• Reference customers cited the need for improvements in service cost-effectiveness and service portal utility.

Bluelock

Bluelock's Virtual Datacenters for Recovery-as-a-Service offerings enable customers to recover VMs and related production data inside a managed cloud. The service family has two variants:

• The "To-Cloud" version (the 4004) supports replication from customer-premises-based data center into the Bluelock cloud.
• The "In-Cloud" versions (4504 and 4508) support replication from a production hosting environment that is already operational inside the Bluelock cloud.

VM and production data replication from the primary data center is supported via hypervisor-based replication software supplied by Zerto or Veeam. Non-hypervisor-based replication is supported through the use of Vision Solutions' Double-Take, CommVault or with a client-chosen tool. Support for hybrid recovery configurations, including target recovery times, is defined in a customer-specific support plan.

Strengths

• Bluelock received a high reference customer satisfaction score for its ability to meet target recovery time objective (RTO) SLAs.
• Bluelock has strong professional services and robust onboarding, training and runbook development processes, which are demonstrated through its Recovery Assurance Program.
• Bluelock Portfolio allows customers to track and manage service costs and RPO realization.
• Support for both intracloud and intercloud hybrid recovery configurations is available with Bluelock.
• In-cloud data backup is standard with Bluelock.

Cautions

• Bluelock has limited, but growing, experience with hybrid recovery configuration support.
• Bluelock has limited experience of managing large enterprise recovery configurations.
• No support is currently in place from Bluelock for bare-metal restore of non-VMware servers or storage area network (SAN)-to-SAN VM replication.
• Service customers of Bluelock receive two Bluelock-assisted free recovery tests annually, but can choose to pay for additional tests at any time.
• Little integration with on-premises management utilities (apart from vCenter and vCloud Director) is supported by Bluelock.

Columbus Business Solutions

Columbus Business Solutions' (CBS') presence includes 42 countries in the Caribbean/Latin American region, including: Colombia, Panama, Honduras, Guatemala, Puerto Rico, Dominican Republic, El Salvador, Trinidad, Jamaica, Grenada, Curacao and Barbados. It provides support in both English and Spanish.

Currently, CBS's DRaaS service offering is sold as a fully managed service. This provider uses Geminare technology as the foundation for its recovery cloud services management system. In addition to DRaaS, the company offers connectivity, managed network services, IaaS, desktop as a service (DaaS) and colocation services.

Strengths

• CBS's operations availability service-level commitment is 100%.
• CBS was well above the provider median in terms of the number of actual disaster declarations that had been serviced.
• Reference customers rated CBS's service quality and its timeliness of provider support response and service problem resolution very highly.
• CBS also received the highest reference customer satisfaction rating on contract flexibility.
• Services are monitored 24/365 by the CBS network operations center, which is equipped with a security information and event management (SIEM) platform that can promptly identify patterns and events that may qualify as a potential threat or security incident.

Cautions

• The pending acquisition of CBS by Cable & Wireless Communications could create uncertainty about long-term service support.
• CBS's customer management portal for DRaaS was recently developed and is not as robust as some competing portals.
• CBS's regulatory compliance (PCI only) is not as broad as that of many of the other providers.
• Although support from CBS is available in both English and Spanish, the management portal is currently provided only in English.
• The breadth of CBS's professional services is limited.

Databarracks

Databarracks' DRaaS virtual data center is based upon a reserved server pool that is set at a percentage of the client's normal operations. This is fixed resource reservation; however, this reservation is not limited and a client can burst beyond this reservation up to the configuration of any or all of the protected VMs.

Databarracks uses PlateSpin, Veeam and Zerto technology to power its DRaaS offering. In addition to DRaaS, the company also offers IaaS. Databarracks is seen as possessing strong sector-based knowledge when serving the legal vertical, which has been one of the more aggressive early DRaaS adopters.

Strengths

• All Databarracks' customers have a commercial account manager from the sales team, a technical account manager, and escalation paths to the Service Delivery Management team.
• Reference customer satisfaction scores for Databarracks were excellent.
• Databarracks' flexible compute and storage capacity management processes facilitate ease of resource bursting.
• Databarracks allows clients to test as many times as they want during a year without additional cost.
• Rapid failover times are supported by Databarracks for both virtual servers (15 minutes or less) and physical servers (30 minutes or less).

Cautions

• Databarracks is hesitant to provide proofs of concept for prospects and, in addition, requires payment upfront for onboarding new client projects.
• Databarracks requires that any resources used above the reservation are paid for on a pay-as-you-go basis of five-minute increments.
• Although physical to virtual server conversion is supported using PlateSpin Protect, Databarracks DRaaS VM support is currently limited to just VMware.
• Although Databarracks currently offers support for premises-to-cloud VM replication from multiple customer sites, it only has one service delivery data center that supports its cloud recovery service.

IBM

IBM Resiliency Services include Cloud Virtualized Server Recovery (CVSR), which is one of four cloud backup and recovery services. The other three are Cloud Managed Backup, Cloud Data Virtualization, and Cloud Application Resiliency. IBM CVSR is sold as a fully managed service and there are three service levels to choose from: its Gold level includes failover within minutes per server; the Silver level includes shared virtual servers provisioned within one hour for automated recovery; the Bronze level includes shared virtual server provisioning within six hours of declaration.

Currently, over half of IBM's CVSR customers have hybrid recovery configurations. In addition to DRaaS, the company offers a full breadth of resiliency and high-availability-related professional and managed services, including consulting, design, migration, implementation, business continuity management and cloud backup. IBM Resiliency Services also include site, facilities and data center operations services, to provide data center best practice strategy, design, build, relocation, consolidation, and data center management for resiliency from the ground up.

Strengths

• IBM's three service tiers support different levels of test frequency, declaration costs, recovery targets and service pricing.
• Clients can initiate premises-to-cloud failovers no later than one hour after issuing a disaster declaration.
• IBM offers one of the most comprehensive sets of related professional and managed services of any of the providers in this Magic Quadrant.
• IBM's fully managed service approach significantly reduces recovery management complexity for the enterprise customer.
• IBM has a solid provider portal interface in place for configuring a virtual recover data center, recovering servers and monitoring testing progress and completion.

Cautions

• IBM DRaaS may not be the appropriate choice for cost-conscious organizations looking for a self-managed service.
• IBM's recurring monthly service pricing for VMs and the supporting storage can command a premium over other providers.
• Reference customers cited the need for improvement in IBM's service billing transparency.
• Reference customers cited the need for improvement from IBM in supporting recovery time SLAs.

iland

Iland's DRaaS offering is iland Disaster Recovery-as-a-Service, which is a member of its Enterprise Cloud Services family. Iland DRaaS is supported as a fully managed service and supports the replication and recovery of VMware, Microsoft Hyper-V and Citrix Xen VMs inside the enterprise cloud. Several options for premise-to-cloud VM replication are supported, including SAN-to-SAN replication, as well as software-based VM replication through either VMware Site Recovery Manager (SRM), Zerto or Veeam Cloud Connect. In addition, replication of physical server images is supported through the use of Vision Solutions' Double-Take.

To its credit, iland received very high reference customer satisfaction scores for the quality of both its technical support and its account management. This reflects a focused attention on customer satisfaction that is jointly supported by its sales, engineering, support and professional services teams.

Strengths

• The account management focus of iland is the maintenance of a sound, long-term customer relationship.
• Target response times for all iland customers' questions and incident reports is 15 minutes or less.
• Reference customers' satisfaction with iland's technical support and account management quality was very high.
• Customers of iland can test operations failover and failback without restrictions at no additional charge.
• Iland's service uptime availability SLA is currently 100%.

Cautions

• The establishment and management of iland user groups has largely been informal up to this point.
• Iland has limited, but growing, experience with hybrid recovery configuration support.
• Iland's physical data center security was not as robust as that of other participants in this Magic Quadrant.
• Perimeter network security protection and monitoring was not as well-defined by iland as by other participants.
• DRaaS R&D investment by iland was low when compared with that of other participants.

NTT Communications

NTT Communications' (NTT Com's) DRaaS offering is Cloud Recovery, which is part of its Recovery as a Service Data Protection Suite. The DRaaS service offering is sold primarily as a self-managed service.

Customized RTO- and RPO-based service levels are supported, with a service delivery infrastructure availability level of 99.97%. Typically, customers purchase the total amount of computing and storage resources required for their recovery environment, plus a monthly fee for each replicated VM. Customers can add additional resources in the portal for recovery testing; failover and activated resources are billed to customers on a minute-by-minute basis.

Strengths

• NTT Com's DRaaS portal is highly functional and very easy to use.
• The NTT Com portal enables users to define, configure, set up and monitor virtually any level of service.
• NTT Com's DRaaS service supports virtual and physical servers in multiple geographies, which facilitates global support for hybrid configurations.
• NTT Com's customers are entitled to unlimited failover and recovery testing at no additional cost.
• Ongoing testing, which can be performed by NTT Com's customers, powers up the application, mounts the data store and tests the application's availability and data integrity.

Cautions

• Proof of concept pilots are mainly supported by NTT Com as the initial phase of production implementation.
• Because customer RTOs and RPOs are customizable in the DRaaS portal, it is the responsibility of NTT Com's customers to monitor their service-level compliance.
• Hyper-V recovery is not currently supported by NTT Com, although support is planned for no later than the end of the second quarter of 2015.
• Reference customers cited the need for improvement in the timeliness and quality of service of the technical support provided by NTT Com.

Peak 10

Peak 10's DRaaS offering, Recovery Cloud, is enabled through a software-based replication (supported through Zerto) to replicate vSphere-based production VMs. Support is provided for on-premises production configuration as well as for production configurations that are already operational within the Peak 10 cloud.

An experienced team of disaster recovery services specialists is available 24/365 to monitor data replication or to execute recovery testing and failovers. In addition, its high availability database as a service (DBaaS) supports the development, execution and testing of Microsoft SQL-dependent database applications.

Strengths

• Peak 10 received a very high overall reference customer satisfaction score for its support of hybrid recovery configurations.
• Peak 10's data centers and cloud infrastructure have been certified for Payment Card Industry Data Security Standard (PCI DSS) 2.0 Level 1 and HIPAA compliance.
• Peak 10 prospects can review any and all facility and operations audit results under nondisclosure agreement (NDA) and through a controlled portal.
• Customers of Peak 10 can configure multiple virtual protection groups at multiple data centers.
• A wide range of supporting security services are available to Peak 10's customers, ranging from basic firewalling to a managed compliance bundle.

Cautions

• Peak 10's Recovery Cloud is utilized almost entirely by SMB organizations.
• Service delivery is very geographically focused (that is, in the southeastern U.S.).
• A formal recovery service-level target for DRaaS premises to cloud configurations is not currently supported by the company. Peak 10 does support an RTO SLA when target and source are located in its own cloud.
• Since Recovery Cloud is a managed service, the level of customer-specific training is not as broad with Peak 10 as that offered by other providers. However, Peak 10 does build a customized runbook in collaboration with each customer.

Seagate

Seagate's DRaaS is the Seagate EVault Cloud Resiliency Service. It is highly customizable and is sold either as a self-managed or as a provider-managed service. Seagate EVault Cloud Resiliency is a managed service that supports customer recovery of VMs, bare-metal image restores and production data inside a managed cloud.

Recovery testing and recovery operations are largely provider-managed, requiring close management coordination between the service customer and technical support. Guaranteed SLA tiers include: a one-hour RTO and a five-minute RPO; a 24-hour RTO with an RPO target between four and 24 hours; and a 48-hour RTO tier with a four- to 24-hour RPO SLA.

Strengths

• Seagate offers a solution-centric product that bundles the development of a recovery exercising plan, as well as provider assistance, with exercise execution.
• Guaranteed service tiers, with corresponding RTO- and RPO-based service-level targets, are available from Seagate.
• Virtual CPU and storage capacity can be burst up to 15% beyond the allocated capacity at no extra charge from Seagate.
• Daily data integrity checking is performed by Seagate's service management software.
• Seagate's language support is the most extensive of all the providers in this Magic Quadrant.

Cautions

• Because Seagate's EVault Cloud Resiliency is primarily provider-managed, few service manageability tools for customers are supported.
• There is little integration between Seagate's EVault Cloud Resiliency and its on-premises management utilities.
• Seagate's operations control compliance with regulations such as PCI, Federal Information Security Management Act (FISMA) and International Traffic in Arms Regulations (ITAR) is limited.
• Provider portal functionality for most service tiers (except for the one-hour SLA tier) is limited with Seagate.
• Reference customers for Seagate cited a need for improvement in the areas of account management and professional services.

Sungard Availability Services

Sungard AS's DRaaS offering, which includes Recover2Cloud, Managed Recovery Program and Enterprise Storage Replication services, is primarily sold as a managed service, but also provides flexibility of customer-managed elements. Sungard AS enables customers to recover applications, physical and virtual infrastructure and production data inside a managed cloud.

Sungard AS's DRaaS services support the replication and recovery of a range of physical infrastructure as well as VMware, Microsoft Hyper-V and Citrix Xen VMs. In addition, Sungard AS also supports SAN-to-SAN VM replication for EMC and NetApp storage controllers. Recovery exercising is largely provider-managed — involving management coordination between the Sungard AS customer and the technical support staff to ensure successful test execution and ongoing performance improvements.

Strengths

• Sungard AS provides one-stop solutions for the integrated management of applications and data recovery previously supported by point services.
• Crash-consistent and application-consistent recovery across multitier applications (both physical and virtual) is supported by Sungard AS.
• Sungard AS has a breadth of data backup and application recovery professional services.
• Sungard AS's physical and logical isolation of customer configurations minimizes the probability of security breaches.
• Sungard AS supports compliance with SSAE 16 service organization control (SOC) 2, as well as PCI DSS, HIPAA and International Organization for Standardization (ISO) 9001.

Cautions

• Sungard AS's service manageability tools for customer usage are provided primarily in a portal.
• Because Recover2Cloud is a provider-managed service, minimal integration was required between Sungard AS's portal and on-premises operations management utilities. However, this is beginning to improve as a result of management portal integration with on-premises Enterprise Storage Replication (ESR)-NetApp, ESR-Actifio and ESR-EMC software.
• Sungard AS's recovery SLAs are a function of the type of VM as well as the size of the VM configuration.
• With Sungard AS, external audits of cloud operations are only performed once a year.
• Although Sungard AS received very high scores in six of the seven customer reference service delivery categories, Recover2Cloud customers did cite a need for improvement in day-to-day service management quality.

Verizon

Verizon's Virtual Disaster Recovery (VDR) service (based on VMware technology) enables customers to recover VMs and production data inside a managed cloud. The VDR service has been available for nearly five years, having been officially launched in November 2010.

Recovery testing and recovery operations are primarily provider-managed, requiring close management coordination between the VDR customer and Verizon's technical support staff in both cases. Customers can negotiate RPOs for the purposes of SLAs, dependent on the architectural configuration. Terms can be negotiated for RTOs, again dependent on the DR architecture.

Strengths

• Verizon has a broad range of VM and related production data replication mechanisms.
• Verizon's customers can burst as much additional CPU and RAM as they need, to support an actual disaster declaration, at no extra charge.
• Verizon received a very high overall reference customer satisfaction score for its support organization's responsiveness, timeliness of service problem resolution, and professional services quality.
• Several production customers of Verizon have achieved FISMA (moderate and high), HIPAA and PCI compliance.
• Verizon has a large professional services organization with significant business continuity (BC) and IT DR project experience.

Cautions

• Verizon's DRaaS customers typically have one test per year as part of their standard contract. However, customers can require that additional tests are supported as part of their DR contract with Verizon.
• Because of the demand for provider-managed services from the enterprise customers Verizon serves, VDR is largely a managed service. Use of management portal capabilities is generally limited to internal Verizon staff.
• Although little integration exists between Verizon's VDR operations management software and customers' on-premises management utilities, this is by design to maintain compliance and to allow the customers to retain full management accountability for their security environment.
• Reference customers cited the need for Verizon to improve its operations security and end-user privacy management.

VMware

VMware currently goes to market with its DRaaS offering vCloud Air Disaster Recovery, which is sold as a self-service solution or as a managed service through one of its many partners. The target market for vCloud Air Disaster Recovery is the VMware vSphere (vSphere version 5.1 or later is required) customer base. Service integration with vCenter eliminates the need for customers to familiarize themselves with a separate provider portal interface.

The VM replication process is managed by a variant of vSphere replication, in order to facilitate support for VMs that reside on direct-attached storage (DAS) or networked-attached storage (NAS) as well as those stored on SANs. Supported RPOs range from 15 minutes to 24 hours.

Strengths

• VMware's service pricing is very straightforward and easy to understand.
• A range of technical support is provided by VMware, including 24/365 support for Severity 1 issues.
• A service availability uptime guarantee of 99.9% is currently supported by VMware.
• VMware's customer service commitments can be as low as one month.
• VMware's vCloud Air supports a broad level of regulatory compliance, including ISO 27001, SOC 1 (SSAE 16)/SOC 2 Type 2, SOC 3 and HIPAA/Health Information Technology for Economic and Clinical Health (HITECH).

Cautions

• VMware's service is still in its very early stages.
• VMware's own professional services are limited. Its support services team will onboard customers. Customers requiring a broader range of professional services can turn to VMware's large partner community.
• Because of its current support focus on just VMware environments, support does not exist for data center configurations that include Hyper-V, Xen, KVM or Open Virtualization Format (OVF). Today, vCloud Air Disaster Recovery only supports VMs. There are VMware partners who leverage vCloud Air Disaster Recovery as the core of a managed services capability and add support for physical systems and synchronous replication as needed.
• Reference customers cite that VMware's service contracts could be more flexible.

Windstream

Windstream's DRaaS offering is Windstream Hosted Solutions Disaster Recovery as a Service (DRaaS). This DRaaS service offering is sold with both self-service and fully managed testing and recovery options, and the service is offered at multiple service levels. DRaaS RPO service levels are targeted at under 15 minutes; RTO service levels are offered at four hours for physical infrastructure, and less than one hour for cloud-to-cloud recovery.

Both SAN-based (through EMC and NetApp), host-based replication (either through Microsoft InMage or Veeam Software), and cloud-based replication (through Zerto and VMware's SRM) are supported. In addition, Windstream DRaaS supports application-consistent recovery points for Microsoft's Exchange, SQL Server and SharePoint, as well as Oracle applications.

Strengths

• Windstream received the highest overall reference customer satisfaction scores of the 14 providers discussed in this Magic Quadrant.
• Windstream's data center facilities are built to a 2N standard, meaning there are no single points of failure that could impact the main production infrastructure or its failover.
• Windstream supports a 100% uptime SLA for data center infrastructure components as well as the internal data center network.
• Online VM replication to another cloud data center is supported by Windstream; however, this is incrementally priced.
• Customers can remain in recovery operations at a Windstream data center for up to 60 days.

Cautions

• Only one service-level target between the premises and the cloud is currently supported by Windstream. However, an additional service level is supported for cloud-to-cloud configurations.
• The Windstream portal currently has limited reporting capabilities.
• External audits of cloud operations are performed just once a year with Windstream.
• Currently, Windstream does not offer unpaid customer trials.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor's appearance in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.

Added

This is the first version of this Magic Quadrant, so all providers are new.

Dropped

This is the first version of this Magic Quadrant, so no providers have been dropped.

In-scope services are one of two types. In the first, the service provider is responsible for managing VM replication, VM activation, exercise management and servicing customer disaster declarations. In the second, the provider role is relegated to just VM activation and shutdown, and the service customer is responsible for managing replication, exercise management and recovery operations following a disaster declaration. Services that only support production data backup or replication to the cloud are not in-scope for this Magic Quadrant.

Inclusion in the DRaaS Magic Quadrant was based on the provider's service(s) having the following attributes:

1. Specifically targeted and marketed as a DRaaS offering, as defined in the Market Definition/Description section of this report.
2. The cloud infrastructure is owned and managed by the provider. The provider is not layering its DRaaS offering on another provider's (for example, Amazon AWS, Microsoft Azure) IaaS.
3. The vendor must provide its DRaaS service in one of two ways:
   • The service provider is responsible for managing VM replication, VM activation, exercise management and servicing customer disaster declarations.
   • The provider role is relegated to just VM activation and shutdown, and the service customer is responsible for managing replication, exercise management and recovery operations following a disaster declaration.
4. The in-scope service(s) must have been in general availability for at least a year, as of 1 September 2014.
5. At least 25 discrete production customers as of 1 March 2014.
6. Determined by Gartner to be a significant player in the market via market presence and/or technology innovation.
7. Specifically targeted and marketed as a DRaaS offering.

Excluded Providers

Our initial participant candidate list included 30 service providers. The 16 providers who did not participate because they did not meet one or more of the previously listed criteria include Amazon Web Services (AWS), AT&T, CenturyLink, CSC, Dimension Data, Fujitsu, HCL Technologies, HP, Hosting, IPR, Microsoft, NaviSite (a Time Warner Cable company), Orange Business Services, Rackspace, Tata Consultancy Services (TCS) and Wipro.

Ability to Execute

Ability to Execute considers the provider's ability to provide a DRaaS offering that meets customer feature/function requirements, as well as the provider's ability to operate the tool with a high level of service guarantee and customer support.

• Product/Service: Core goods and services offered by the provider for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
• Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
• Sales Execution/Pricing: The provider's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
• Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the provider's history of responsiveness.
• Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
• Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
• Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

The Ability to Execute criteria that had a High weighting (see Table 1) include Product or Service, Customer Experience and Operations. Gartner felt that these criteria were the most directly relevant to a quality customer experience throughout the entire service life cycle. This is in direct contrast to the criteria that were more relevant to provider marketing and sales, including Marketing Execution (Low weighting), Overall Viability (Medium weighting), Sales Execution/Pricing (Medium weighting) and Market Responsiveness/Record (Medium weighting).

Source: Gartner (April 2015)

Completeness of Vision

• Market Understanding: Ability of the provider to understand buyers' wants and needs and to translate those into products and services. Providers that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
• Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
• Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
• Offering (Product) Strategy: The provider's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
• Business Model: The soundness and logic of the provider's underlying business proposition.
• Vertical/Industry Strategy: The provider's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
• Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
• Geographic Strategy: The provider's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.

Consistent with the approach taken for the Ability to Execute criteria, in which service capabilities, management maturity and quality of customer experience were strongly emphasized, Gartner only assigned a High weighting (see Table 2) to one set of criteria in the Completeness of Vision portion. This was the Innovation section. This approach contrasted with the Low weightings assigned to the Marketing Strategy, Sales Strategy and Business Model criteria.

Source: Gartner (April 2015)

Quadrant Descriptions

Leaders

Leaders have large, mature DRaaS practices. These players have nine-figure DRaaS revenue streams, significant industry experience in supporting a broad range of data center and managed operations services, a very strong provider-managed (versus self-service) approach to DRaaS management, and very sizable professional services organizations that provide a complete solution to customers in relation to recovery planning, exercising and management, regardless of geography.

Challengers

Challengers are far smaller in terms of annual revenue than the Leaders. They generally focus on specific geographical regions rather than having a broad international presence. However, they offer a very high-touch approach to service delivery, especially with respect to recovery runbook development and facilitated exercising, even though the size of their professional services organizations is far smaller than those of providers in the Leaders quadrant. In general, the Challengers also received very high reference customer ratings in relation to the quality of technical support delivered.

Visionaries

Visionary providers' service delivery experience is typically greater than most of the other assessed providers. This means that they have had a greater opportunity to either maximize the capabilities of their delivery platforms, gain more experience with the delivery of a high-quality provider portal, efficiently manage customized service delivery or significantly improve the maturity of their security management controls, or some combination of these. Visionary providers have been able to meet these challenges despite having much smaller annual revenue streams than the Leaders.

Niche Players

Niche providers have either had lower annual revenue, an evolving service and support infrastructure, were at an earlier stage of the delivery life cycle or were in the process of transitioning between service families, compared with providers in the other three categories. Also, a few of the Niche providers, but not all, have a very focused target market — for example, only SMB customers or only customers in one country. It is, however, important to point out that several of the Niche providers also obtained very high reference customer satisfaction scores (this is noted as relevant in the individual write-ups in the Vendor Strengths and Cautions section).

As more of the analog world becomes digitized, so downtime affects more of the world. However, infrastructure and operations (I&O) leaders must, in many cases, now shift their thinking away from internally facing DR strategies toward strategies for sustaining externally facing IT service continuity. This is especially true for I&O leaders who already are, or soon will be, tasked with supporting digital business and the Internet of Things (IoT), because the effectiveness of their strategies will be directly measured by the quality of the external customer experience and, ultimately, by the impact of that experience on both revenue and profitability.

Because digital business moments will typically be realized in very compressed time frames, the primary service-level metrics of traditional DR — RTOs and RPOs — no longer apply, as supporting Web services must be continuously available. As a result, IT leaders will be increasingly challenged to enable a broader level of IT service continuity.

There are several reasons for this, including:

• Customers can, and will, switch providers in competitive markets, should a service go down and if switching is easy.
• Customers will also be vocal about a negative service experience through the use of social media, resulting in a damaged organizational reputation and brand image.
• Service arbitrage logic, at both the originating and intermediate processing points of a digital business moment, will contain increasingly sophisticated brokering logic that will transparently bypass fulfillment points whose availability is less than a predefined threshold.

The current state of DRaaS constitutes a significant inflection point between the more traditional DR management (which was typically very inwardly focused) and the world of digital business in which outwardly focused managed availability will become a critical success factor. The initial market shift — toward an increasingly managed availability focus and the support for hybrid data center operation — represents the important beginnings of this transition. Within the next five years, cloud-based DR will increasingly transition to managed data center resilience across the premises and the cloud, thereby resulting in recovery and availability either becoming attributes of the managed infrastructure or being directly managed by the applications themselves.

DRaaS vendors include a mix of service providers that also support the following: communication services, DR/BC recovery services, hosting and IaaS and direct cloud recovery. Initially, these providers' services were attractive primarily to SMBs. This was because DRaaS freed up the time of the IT staff in these businesses and because they lacked a recovery data center.

However, larger organizations are now increasingly adopting DRaaS, though penetration into very large businesses (with 5,000 or more employees) is only 13% — half that of the second-smallest segment (businesses with between 1,000 and 5,000 employees). Wider adoption of DRaaS can be largely attributed to the proven viability of cloud-based solutions. Today, Gartner estimates the size of the DRaaS market to be approximately $1.3 billion, with a related compound annual growth rate of approximately 30%. By 2018, Gartner estimates that the size of the DRaaS market will exceed that of the market for more traditional subscription-based DR services.

Although the DRaaS market is growing and vendors offer a wide range of services, DRaaS customers still face several challenges:

• Hybrid recovery configurations often require a custom service agreement, especially for SLA definitions.
• Provider service-level commitments may vary by configuration size and required computing platforms.
• Declaration policy (that is, how many recovery exercises per year and how much time per exercise is allowed) varies by DRaaS provider.
• Provider portals do not yet provide a uniform management or access interface for hybrid recovery configurations.