At AWS re:invent 2016, Tommy Johnston, senior cloud administrator at software company Aptean, made the case for moving from traditional backup architecture to cloud-based protection. Aptean needed a highly reliable, full backup solution that also allowed for ease of scale, automation, and instant recovery in case of a failure. They turned to AWS Marketplace Solutions to find a cloud-based backup solution that would help them take full advantage of AWS Snapshots and also be a suitable fit for their diverse client base, which spans six continents.
Why Backup Is Necessary, Even in AWS
Amazon Elastic Block Storage is designed to be highly reliable and durable, but you still need backup. Why? Because no system is completely immune to data loss. In his presentation, Tommy busts the myth that AWS EBS is so redundant you’ll never lose data. There’s no way to prevent incorrect deletes, for instance, he says. To protect your enterprise from all sorts of cloud-related disaster scenarios that would require a restoration of data — from human error to cryptoware attacks to an outage in an availability zone or a whole region (though rare) — an additional backup solution is a wise choice.
Traditional Backup Architecture vs. AWS
Back in the days of a physical data center, you’d need to take backups of your servers, manage your local storage, have room for the retention that you need, and then, to get to off-site, you’d have to use some sort of removable media (tapes, portable thumb drives, etc.) When you make the decision to take your removable backups off-site, as Tommy notes, some compliance regulations have security and other distance requirements that might lead you to want to use a service. In recent years, organizations have moved backup solutions to the cloud, with products such as Amazon S3 or Mozy. Adding virtualization onto the physical does help a little, but you still have the same challenges; it gets pricey and complicated with a traditional architecture.
Moving to AWS changes all that. With AWS EC2 instances, you can take snapshots and AMIs. AWS Snapshots are inherently replicated across all the AZs in a given region — solving the problem of off-site storage (and passing compliance, as well.)
Pains of Prior Solutions
When Aptean began considering hosting as one of their services, they evaluated their situation and saw Amazon snapshots as a solution to potential disaster scenarios. Aptean wanted to take nightly snaps for crash consistent backups, put database backups on a separate volume, and then take snapshots of that backup volume every four hours. The problem, however, was you couldn’t schedule a snapshot.
Their cloud team originally came up with a piecemeal plan to call automated snapshots using SOAP requests, scheduled using Cron jobs configured by tags on EBS volumes for scheduling and retention. That worked well for a few years, Tommy said, but had a number of pain points, including security with the advent of IAM, as well as SOAP calls being deprecated. Recovery was also a very difficult, manual process. Aptean decided they required a new solution and turned to N2W to meet their needs.
Advantages of Using Cloud Protection Manager
The main advantages of moving to the N2W solution, Tommy notes, were:
- Replacement of the root credentials with an IAM account
- Providing of good documentation on the least privileged permissions they could set up
- AWS API calls were fully supported, so there were no deprecation issues
- Multiple policies per instance, volume, etc.
- Really good management interface to assist with restore
Plus, N2W offered them some bonus features including reporting (a nightly email, for instance, that confirms all the policies have been executed successfully.) Previously, they had to audit their inventory to see how many volumes didn’t have snapshots within the last 24 hours. They did that audit once a month, whereas the report from N2W offers that service every day. It also offers cross-region DR so you can replicate your snaps across multiple regions: handy if you want to have a disaster recovery plan that includes replications across multiple regions or accounts.
Overall, using N2W had reduced costs and increased scheduling confidence; plus, AMI time has been reduced, as well as the overall maintenance window.
In summary, snapshots are the best way to backup EC2 instances, but there are holes that need to be filled in order to make it a solution that fits. With N2W, Aptean has confidence in their backup plan knowing that if a restore is needed they have help. If you’re a cloud administrator or an IT professional responsible for your organization’s backup or DR, Tommy’s re:invent 2016 presentation is a must-watch. He makes a clear case for deploying CPM, and lays out how doing so alleviated Aptean’s DR concerns, and renewed their confidence in their backup plan.