RPO vs RTO - what's the difference and why is it important?
When building any Disaster Recovery or Business Continuity plan, there are a number of key metrics you will put in place to set a goal on where business can resume/operate in times of disaster.
Two crucial metrics are:
Recovery Point Objective (RPO): Measurement of the maximum tolerable amount of data to lose without causing serious damage to your business
Recovery Time Objective (RTO): Metric to calculate how quickly you need to recover your IT infrastructure and services following a disaster in order to maintain business continuity.
In this blog post we will be exploring RPO vs RTO. The differences and why they're important.
Recovery Point Objective (RPO)
How much data can your business afford to lose at any one time?
That defined time becomes your RPO, and should become the yard stick of how often you back your data up. If you find that your business can survive three to four days in between backups, then the RPO would be three days (the shortest time between backups).
Depending on application priority, RPOs typically range from 24 hours down to near-zero (measured in seconds). If you identify 8-hour-plus RPOs, you could take advantage of your existing backup solution. 4-hour RPOs will require scheduled snapshot replication, and near-zero RPOs will need continuous replication.
Recovery Time Objective (RTO)
Calculating RTO starts with question “How long can we afford to be without our data?” Another way of looking at it is asking, “How long can our services be out of operation?”
The shorter the time is in response to these questions, the more you will have to budget into your backup and DR strategy.
If, for example, you confirm that your RTO is six hours, then you will need to ensure a high level of preparation and a higher budget to ensure that systems can be recovered quickly. On the other hand, if the RTO is two weeks, then you can probably budget less and invest in less advanced solutions.
The most cost effective way to calculate RTO would be to look at all applications and databases separately. Assessing which ones take higher priority and working from that basis. You can set different RTOs for different business processes.
RPO vs RTO
The RTO and RPO contrary to popular belief, do share a number of similar characteristics,
- They differ according to individual application priority. Even the most advanced, deep-pocket corporations cannot justify the cost of delivering highly available RTO or RPO for all applications. In this flexible, scalable era - there is no need to.
- IT prioritizes applications and data not only by revenue but also by risk.
- They are measured in units of time. For RTO, it's the amount of time that passes between application failure and availability. For RPO, it's the amount of time between the loss of data and the preceding backup.
Despite their similarities, RPO and RTO serve different roles. RTO is specific to applications and databases and RPO is concerned with the amount of data that is lost following a failure event.
Do you need some help in analysing RPO vs RTO in your organization? Get in touch with us today to see how we can put together a business continuity plan for your business critical applications.