Disaster Recovery Planning

Disaster Recovery (DR) planning ensures that your workloads can recover from catastrophic failures — region-wide outages, data corruption, ransomware attacks, or natural disasters. The GCP Architecture Framework emphasises that DR is not optional for production workloads; it is a fundamental requirement that must be designed, tested, and maintained continuously.

Key Concepts

RTO and RPO

Metric	Definition	Question It Answers
Recovery Time Objective (RTO)	Maximum acceptable time from disaster to full recovery	How quickly must you be back online?
Recovery Point Objective (RPO)	Maximum acceptable data loss measured in time	How much data can you afford to lose?

Example Targets

Workload	RTO	RPO	DR Pattern
E-commerce platform	15 minutes	0 (zero data loss)	Hot standby
Internal reporting tool	4 hours	1 hour	Warm standby
Development environment	24 hours	24 hours	Cold standby
Static marketing website	1 hour	24 hours	Backup and restore

DR Patterns on GCP

Pattern 1: Backup and Restore (Cold)

Characteristic	Details
Cost	Lowest — only pay for backup storage
RTO	Hours to days
RPO	Hours (depends on backup frequency)
How it works	Regular backups to Cloud Storage; rebuild infrastructure and restore data on demand

# Automated Cloud SQL backup
gcloud sql instances patch my-instance \
  --backup-start-time=02:00 \
  --enable-bin-log \
  --retained-backups-count=30

# Cross-region backup copy
gsutil -m cp -r gs://my-backups-europe-west2/* gs://my-backups-us-central1/

Pattern 2: Warm Standby

Characteristic	Details
Cost	Moderate — reduced-capacity infrastructure running in the DR region
RTO	Minutes to hours
RPO	Minutes (continuous replication)
How it works	Scaled-down replica of the production environment with continuous data replication

# Cloud SQL cross-region read replica
gcloud sql instances create my-instance-replica \
  --master-instance-name=my-instance \
  --region=us-central1

# Promote replica to primary during disaster
gcloud sql instances promote-replica my-instance-replica

Pattern 3: Hot Standby (Active-Active)

Characteristic	Details
Cost	Highest — full production capacity in both regions
RTO	Seconds to minutes
RPO	Zero (synchronous or near-synchronous replication)
How it works	Full production environment in multiple regions with traffic distributed by a global load balancer

# Cloud Spanner multi-region configuration (automatic)
gcloud spanner instances create my-instance \
  --config=nam-eur-asia1 \
  --processing-units=1000 \
  --description="Multi-region Spanner instance"

# Global HTTP(S) Load Balancer distributes traffic
gcloud compute url-maps create global-lb \
  --default-service=web-backend-global

Pattern 4: Pilot Light

Characteristic	Details
Cost	Low to moderate — minimal infrastructure running in the DR region
RTO	30 minutes to a few hours
RPO	Minutes (continuous data replication)
How it works	Core infrastructure (databases, DNS) running in DR region; compute scaled up on demand

Data Replication Strategies

Strategy	RPO	GCP Service
Synchronous replication	0	Cloud Spanner multi-region, Cloud SQL HA (within region)
Asynchronous replication	Minutes	Cloud SQL cross-region read replicas
Periodic backup	Hours	Cloud SQL automated backups, Cloud Storage copies
Continuous change streaming	Near-zero	Datastream (CDC), Database Migration Service

Disaster Recovery Planning

Disaster Recovery Planning

Key Concepts

RTO and RPO

Example Targets

DR Patterns on GCP

Pattern 1: Backup and Restore (Cold)

Pattern 2: Warm Standby

Pattern 3: Hot Standby (Active-Active)

Pattern 4: Pilot Light

Data Replication Strategies

GCP DR Services

More in Cloud