The Recovery Point Objective (RPO) defines the maximum age of the data in a backup in order for a company to be able to work meaningfully during emergency operations. It therefore defines the minimum necessary data backup cycles.
Table of Contents
When an incident such as a fire or ransomware attack results in the failure of a company's IT system, some loss of data is very likely. Even real-time backups cannot completely prevent losing data during widespread outages. With the RPO, Management therefore sets a target in the disaster recovery plan, which describes the maximum length of time during which created data may be lost without causing significant damage to the company.
The RPO thus also determines the maximum age of the latest backup version, which may not be exceeded. It thereby defines the time intervals at which the company must perform backups. For example, an RPO of 60 minutes requires a backup every 60 minutes. This metric is therefore important for determining whether a company's backup schedule is sufficient for disaster recovery. It is also an important metric for negotiating SLAs (service level agreements).
Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are among the most important parameters of a data protection or disaster recovery plan. Both express maximum permissible tolerance values when IT systems fail and are specified in minutes, hours, or days.
But while the RPO describes a period of time before the failure, the RTO stands for a period of time after the incident: The RPO shows the time between the last backup and the incident, whereas the RTO stands for the span between the outage and the restart of the systems.
Here's an example: If the RTO for a particular server is three hours and the RPO is 30 minutes, this means that it must be back up and running within three hours of an outage, using data created no more than 30 minutes before the outage. The purpose of the RTO, then, is to avert revenue loss, reputational damage, and contractual penalties due to SLA violations that result from the failure of a system. The object of the RPO, on the other hand, is to limit damage caused by the loss of customer data, such as orders in an online store or transactions at a bank.
A company's management sets RPOs primarily according to the frequency with which an application's data is updated and its importance to the company's success.
For example, an online retailer stores product data and order data in different databases. Since it does not add new goods very often, the product database does not need a very low RPO. The RPO of the order database, on the other hand, needs to be very small because products are purchased frequently and every lost transaction means lost sales and angry customers. Here are some other factors to consider when setting the RPO:
- Service Level Agreements (SLA) that have been agreed with customers.
- Industry-specific factors - Companies that deal with sensitive information, such as financial transactions or healthcare data, need to back up data more frequently.
- Compliance regulations often include provisions for disaster recovery, data loss and data availability.
- Management must consider the cost of implementing disaster recovery and backup solutions and put it in relation to the benefits.
Measures to achieve RPO goals can be automated very well. The Open Telekom Cloud offers you several options:
- The Volume Backup Service (VBS) is a classic backup service for virtual hard disks in the Open Telekom Cloud. The backup copies can be created manually or automated at specified times.
- Cloud Server Backup Service (CSBS)saves entire system landscapes consisting of virtual machines (Elastic Cloud Server, ECS) and all associated volumes as a backup in one step. It backs up all servers at exactly the same time to ensure the highest consistency of data.
- With the Cloud Backup and Recovery (CBR) service, you can create backup copies of both cloud servers (ECS), virtual disks (EVS) and file servers (SFS Turbo) from a common console. This makes it especially easy to manage your backups.
- For failover scenarios with an RPO close to zero, the Storage Disaster Recovery Service (SDRS) is available. It performs continuous synchronization of data between two different availability zones, i.e. physical data centers of the Open Telekom Cloud, for virtual machines from the Elastic Cloud Server (ECS) offering. The service supports solutions that do not have local hard disks or dedicated network cards assigned.
In addition, we provide virtual machines (Elastic Cloud Server, ECS), bare metal servers and suitable network technology on which you can operate your own disaster recovery solution. Our services offer maximum security, in accordance with European data protection regulations and, if required, also in compliance with the BSI criteria for georedundancy.
You can find more information about the Open Telekom Cloud data protection solutions on our Disaster Recovery overview page.