Traditional backup software works for on-premises workloads, but protecting the data for workloads running in the cloud is a new game. Backup windows may be non-existent, data may be scattered across geographies and platforms, and there may simply be too much to effectively traverse with traditional methods. Protecting cloud workload data requires some adjustments to your thinking. Join our storage experts to learn more about best practices for preventing loss, rolling back to recovery points, and fitting into backup windows. We will cover protection features and design considerations for protecting data with S3, Glacier, EBS and EFS.
Learning Objectives:
• Learn how to design for recovery points and recovery times using the native AWS storage tools for file, block and object storage
2. Agenda
Traditional vs Cloud protection
Amazon S3 - Object storage
EC2 AMIs
EBS
RDS
Third Party Tools
Q&A
3. Traditional Datacenter
Servers
Hypervisor
OS
App
OS
App
OS
App
OS
App
Servers
Tier-1 SAN / NAS
AWS Cloud
App + OS
Management
& Infrastructure
Primary Storage
Region
Availability Zone 1 Availability Zone 2
AMI
(Amazon
Machine
Image)
Configuration Scripts
Cloud Formation
Templates
App
Data
Cloud
formation
Auto-
scaling
Amazon
S3
EC2
root
EC2
root
EC2
root
EC2
root
EC2
root
EC2
root
EC2
root
EC2
root
RDS
Requires Protection
*
Traditional protection vs Cloud protection
4. Amazon EFS
File
Amazon EBS
Amazon EC2
Instance Store
Block
Amazon S3 Amazon Glacier
Object
Storage is a platform: AWS Storage Maturity
5. Amazon S3 Amazon Glacier
Object
Object Storage is the Destination for Backups
RDS DynamoDB RedShift
Database
EMR Data Pipeline Kinesis
Analytics
LambdaEC2
Compute
CloudFront
Elastic
Transcoder
Content Delivery
6. What is Amazon S3
Highly durable object storage at cost effective prices
Internet-scale storage
Grow without limits
Low price per GB
per month
No commitment
No up-front cost
Built-in redundancy
Designed for
99.999999999%
durability
Benefit from AWS’s
massive security
investments
7. Key Features of Amazon S3
Data Management
Cost monitoring and controls
Lifecycle management
Ease of use
Programmatic access using AWS SDKs
REST APIs
Management Console, AWS CLI
Event Notifications
Delivered using SQS, SNS, or Lambda
Enable you to trigger workflows, alerts or
other processing
Data protection
Versioning
Cross-region replication
Security
Multi-factor authentication delete
Flexible access control mechanisms
Time-limited access to object
Access logs
Multiple client and server-side Encryption options
8. Active data Archive dataInfrequently accessed data
S3 - Standard S3 – Standard
Infrequent Access
Glacier
Choice of storage class on Amazon S3
9. Preserve, retrieve, and restore every version of
every object stored in your bucket
S3 automatically adds new versions and
preserves deleted objects with delete markers
Easily control the number of versions kept by
using lifecycle expiration policies
Easy to turn on in the AWS Management Console
Key = photo.gif
ID = 121212
Key = photo.gif
ID = 111111
Versioning
Enabled
PUT
Key = photo.gif
Amazon S3 Versioning
11. Best Practice
Tip: Restricting deletes
Bucket policies can restrict deletes
For additional security, enable MFA (multi-factor
authentication) delete, which requires additional
authentication to:
Change the versioning state of your bucket
Permanently delete an object version
MFA delete requires both your security credentials
and a code from an approved authentication device
12. Automated, fast, and reliable asynchronous replication of data across AWS regions
Only replicates new PUTs. Once S3 is
configured, all new uploads into a source
bucket will be replicated
Entire bucket or prefix based
1:1 replication between any 2 regions
Versioning required
Source
(Virginia)
Destination
(Oregon)
Use cases:
Compliance—store data hundreds of miles apart
Lower latency—distribute data to regional customers)
Security—create remote replicas managed by separate AWS accounts
Amazon S3 Cross-region Replication
13. Client-side encryption use AWS SDKs
You manage the encryption keys and never send them to AWS
Server-side encryption (SSE) with Amazon S3 managed keys
“Check-the-box” to encrypt your data at rest. Keys managed by S3
SSE with customer provided keys
You manage your encryption keys and provide them for PUTs and GETS
SSE with AWS Key Management Service managed keys
Keys managed centrally in AWS KMS with permissions and auditing of usage
For more details – watch Encryption and Key Management in AWS:
https://www.youtube.com/watch?v=uhXalpNzPU4
Amazon S3 Data Encryption Options
14. Amazon Glacier
is optimized for
infrequent retrieval
Stop managing
physical media
Even lower cost than
Amazon S3;
Same high durability
3-5 hour retrieval latency
%5 free tier on retrievals
$0.007 per GB/month
$86 per TB/year
Replace tape libraries, VTLs
What is Amazon Glacier
Archival storage for infrequently accessed data
15. Key Features of Amazon Glacier
Vault Inventory
Inventory all archives
Available as JSON or CSV
Ease of use
Programmatic access using AWS SDKs
REST APIs
Management Console, AWS CLI
Data Retrieval Policies
Define data retrieval limits and cost ceiling
Example: ”Free Tier Only”, “Max Retrieval Rate”
Access Controls
Integrated with AWS IAM
Supports MFA device access
Integrated Lifecycle Management
Integrated with Amazon S3 Lifecycle policies
Establish auto-archive rules for Amazon S3 objects
Tagging Support
Tag vaults for cost management
Filter cost reports based on tags
16. Working with AMI (Amazon Machine Images)
AZ1
AZ2 AZ3
Region
S3
Linux
Windows
EC2
root
Custom
EC2
root
EC2
root
Region
S3
Linux
Windows
Custom
Sydney
Oregon
17. Protecting data in EBS (Elastic Block Store)
AZ1
AZ2 AZ3
Region
S3
EC2
Instance
Store Elastic Block Store (EBS)
/data
Snap 1
Snap 2
Snap 3
EC2
Instance
Store
Elastic Block Store (EBS)
/data
19. RDS Backups
MySQL, PostgreSQL, MariaDB, Oracle, SQL Server
Scheduled daily backup of entire instance in user defined 30 minute backup window
Archive database change logs
35 day max retention for backups
Stored in S3
Latest restorable time is typically within 5 minutes of current time
Aurora
Automatic, continuous, incremental backups
Point-in-time restore
No impact on database performance
35 day retention
20. RDS Snapshots
Full copies of your Amazon RDS database that
are separate from your scheduled backups
User initiated
Backed by Amazon S3
Used to create a new RDS instance
Remain encrypted if using encryption
Can be shared with other accounts
Can be copied to other regions
21. Use cases:
Resolve production issues
Nonproduction environments
Point-in-time restore
Final copy before terminating a database
Disaster recovery
Cross-region copy
Copy between accounts
RDS Snapshots
22. Restoring creates an entire new database instance
You define all the instance configuration just like a new instance
Restoring
23. Redshift
Automatic, continuous, incremental backups
Point-in-time restore
By default - 1 day retention
Can be extended to 35 days
Can create final snapshot before deleting
a Redshift cluster
24. Automated Backup and instant recovery of EC2 environments
Brings Enterprise-class backup to Amazon EC2
Enables EC2 Disaster Recovery across AWS Accounts and Regions
Cloud Protection Manager
Easy and simple backup of VMs
Flexible, automated scheduling
Policy-based asset management
Application-consistent backup
Secure, reliable, scalable
Instant recovery of full VMs
Extensive Alerts and reporting
Point in time block-level incremental
snapshots
Snapshot data stored in S3
Instant recovery of volumes
Available across availability zones
Multi-region copy
Enterprise-class Backup Software AWS Native Snapshots
CPM Brings Backup to Amazon EC2
25. Commvault Ties Together On Premise and
Cloud Data Strategies
AWS and Commvault together combine to minimize
networking, storage and infrastructure costs, while
providing the business a sound data protection and
disaster recovery strategy.
Commvault Orchestrates the Enterprise
Back up in the Cloud: Keep backups of cloud
workloads internal to the cloud.
Back up to the Cloud: Allow on premise workloads
the ability to leverage AWS. For large data sets, seed
the cloud with snowball.
Disaster Recovery in the Cloud: Provide DRaaS,
recover workloads for on premise solutions and in
cloud workloads.
Workload Portability: Portability to and from the cloud.
For large data sets, seed the cloud with snowball.
Archiving to the Cloud: Moving legacy data to tier 2
storage in the cloud for long term archive.
26. IntelliSnap
Snapshot integration to
collapse backup windows
Discover and categorize Instances
By Region, Zone, OS, Name, etc
Recover entire VM, parts of a VM
or individual items from any copy
target
Discover
Restore
EC2
Policy driven retention of snap, object
storage, onsite disk and tape copies
Snapshot
Leverage
Copy
1
Live Browse Replicate Migrate
2 3 3
Automatically discover newly created
EC2 instances which fall outside
defined categories
Leverage AWS Snap engine for
• Agent-less Instance Protection
• Oracle Agent
• Linux FS Agent
EC2
EC2
Oracle
EC2
FS
EC2
S3
EC2
Glacier
S3-IA
27. Strategies for Cloud Data Protection – S3
Take advantage of S3
(maximize durability, scalability and costs efficiency)
Use Versioning to Create Recycle Bin
Use MFA Delete to prevent deletion
Use Cross Region Replication to Another Account for the most critical data
28. Strategies for Cloud Data Protection – EC2
Keep EC2 Instances stateless (less to protect)
Use AMIs + Scripts + Automation
(Cloud Formation, Auto-scaling or 3rd party tools)
Leverage AMIs to keep durable copies of pre-configured operating
systems and apps
29. Strategies for Cloud Data Protection - EBS
When using EBS, snapshots can create durable
copies of whole volumes
Third Party solutions can make managing your
EBS snapshots easier
30. Strategies for Cloud Data Protection - RDS
Leverage managed services for database workloads
Backups are done for you!
Easy to restore!
RDS Snaphots give you flexibility to point in time copy of your
database that can be copied to another region or another account.
31. What’s next?
Getting started with S3 and Glacier:
http://aws.amazon.com/s3/getting-started/
http://aws.amazon.com/glacier/getting-started/
Getting started with EC2 and EBS:
https://aws.amazon.com/ec2/getting-started/
https://aws.amazon.com/ebs/getting-started/
Getting started with RDS:
https://aws.amazon.com/rds/getting-started/
AWS Youtube channel:
https://www.youtube.com/user/AmazonWebServices/playlists