There’s a general rule of thumb that says: if you care about your data, you need to back it up. Historically, backup data has been kept on physical media (such as hard drives, NAS, and tapes). Nowadays, it’s stored in the cloud, since cloud providers offer storage services with a minimal availability of 99.5% and low per-gigabyte prices.
Keeping your systems properly backed up has always been a high priority, as data can be lost due to human error, hardware failures, regional virtual outages (rare, but it happens), natural disasters (such as floods, fires, or earthquakes), and malware and hacker attacks. Because of this, it’s really important to have a good backup strategy for all mission-critical systems. Some strategies for backing up your data include:
- Remote backup: All your backups are stored in an off-site location.
- Cloud storage: Keeping your data stored with some of the cloud storage companies.
- The 3-2-1 rule: Making multiple copies of your backup and storing them in different locations.
In this article we will explain how to apply the 3-2-1 backup rule in your AWS environment, and which tools you need to plan this strategy and properly secure your backups.
What is the 3-2-1 Backup Rule?
The 3-2-1 backup rule is a strategy for keeping your backups safe. This rule calls for:
- 3: Keeping three copies of your important data (primary data + two more backups)
- 2: Two of them should be stored on different storage media
- 1: One should be located in an off-site location
Having one backup of your data is not enough. Imagine that your backup is in one location, and that location gets hit by some event that causes you to lose all your data. That data cannot be recovered. If you keep multiple backups, however, the chances of losing them at the same time are lower. That’s why it’s recommended to keep at least three copies of your data.
Because storage media can fail, it is also important to keep your backups on more than one storage media type, away from the production data. You should store two copies of your data in two different types of storage media (like a network share, NAS, tape, or optical drive). For increased security, store one copy in an off-site location, like on an external hard-drive which is kept in a safe, or with a cloud provider.
You can add one more additional layer of security for your physical devices that hold your backups by encrypting the hard drive’s filesystem or storing it on a hard drive which has native encryption. This can help you keep your backup safe in case of unauthorized access. On Linux systems, for example, you can use LUKS to encrypt a file system. The only way to access the data on a LUKS encrypted file system is by knowing a passphrase or having a certificate to authorize your access. If you are using Windows, you can encrypt your file system with BitLocker.
The 3-2-1 Backup Rule in AWS
With N2WS Backup & Recovery, you can back up your EC2 instances, RDS, EBS, Redshift, Aurora and DyanamoDB databases. N2WS Backup & Recovery can be configured to keep data for a defined period, and most importantly, can copy backups to a different region and different account. When configuring the backup policy for your resources, just choose which region(s) you want your backup to be stored in, and N2WS Backup & Recovery will start copying to those locations.
So, how can you apply the 3-2-1 backup rule to AWS with N2WS Backup & Recovery? First, set up a policy for data that you want to backup. This policy should be in another region or account. Then, to have data saved on two different media, you need to copy your EBS snapshots on-premises or to another public cloud provider using N2WS and Veeam Backup & Replication. This way, you will have three copies of your data available: the primary data and two backups (one in another AWS region/account and one offsite). This bullet-proof approach can address any failure scenario and will allow you to resume business operations in timely-manner.
N2WS Backup & Recovery 2.4: New Features
N2WS Backup & Recovery 2.4 supports Amazon EBS snapshot decoupling and N2WS-enabled S3 repositories. The features introduced in the new version are:
- Archive Snapshots to Amazon S3: Reduced Long-Term Retention and Archival Costs: Save up to 40% of your total cost for storing backup data.
- VPC Capture & Clone: Capture your VPC settings, such as subnets, security groups, and routing tables, and copy them to another region. This reduces all manual work needed to configure this vital part of your Amazon infrastructure in another region.
- Enhanced RESTful API: Build your own applications that will communicate with N2WS and perform backup of your business-critical data.
- Cross-account incremental backups: Only the changes between backups are captured, which makes more efficient use of storage, lowers costs, and results in faster backups and restores.
Veeam Backup & Replication 9.5 Update 4: New Features
You can read about implementing the 3-2-1 backup rule using Veeam Backup & Replication, part of the Veeam Availability Suite, in this article. Here, we will focus on the new features that come with Veeam Backup & Replication 9.5 Update 4. They include:
- Native object storage with Veeam Cloud Tier: Veeam Cloud Tier is a scale-out backup repository which has unlimited capacity for your long-term data retention. It can be used with object storage services from various cloud providers, such as Amazon S3, Azure Blob Storage, and IBM Cloud Object Storage. It also provides optional server-side encryption, which is AES-256.
- No vendor lock-in: All archived backups can be imported and restored at any point in time.
- Space efficiency: Backup files are stored in a forever incremental manner. With this feature, duplicates between multiple full backups are prevented, which in turn, reduces storage costs.
- Bandwidth efficiency: When restoring from an object store repository, blocks are read from the closest backup file instead of pulling all blocks from object storage. Egress traffic is minimized, and the cost of restoring is reduced.
- Self sufficiency: There is no need to have an external catalog or metadata for stored backups. Because of this, you can import your backup on another cloud provider or on your on-premises.
- Reduced cost: Veeam does not charge for a per-terabyte subscription for offloaded backups, unlike secondary storage providers.
- Transparency: When you store backups to an object storage, they remain transparently accessible to all Veeam functionalities. That way, backups are readily available for restore from object storage and there is no need for prior staging of a backup.
Having a good backup strategy is important, as data loss can cause potential downtime in your service, or even worse, can result in your whole business going down. The 3-2-1 backup rule ensures that you always have redundant copies of your data in order to avoid losing it in the case of unpredicted events. Among all of the strategies for backing up data, this rule proves to be the most reliable because of its redundancy.
When it comes to the cloud, it is a bit harder to back up your data to a physical device, since you don’t really have access to the data, other than through the Internet. That is why it is important to employ tools such as N2WS Backup & Recovery, a great example of backing up your infrastructure in the cloud, to protect your backups. As already mentioned, this service can be used to back up your data to off-site destinations, ensuring you always have at least one proper backup ready to restore. Still, keep in mind that you should perform disaster scenarios every few months, in order to confirm that your disaster recovery process works as expected.