Data Protection involves building and implementing an IT strategy to safeguard critical data from security threat, corruption or complete data loss. As businesses undergo digital transformation, data generation and storage of that data continues to grow exponentially and given businesses now rely on critical IT platforms for revenue generation, there is little tolerance for downtime or data loss.
However, IT platforms do fail; it is unrealistic to build or assume to have a system that will never fail. Hence, the ability for businesses to recover from failure will be dependent on the robust measures put in place to ensure data can be restored quickly after a failure incident.
Prior to the advent of public cloud platforms, implementing data protection has been cost prohibitive given the upfront capex investment in additional physical infrastructure. Furthermore, the overhead management of the infrastructure, test drills to simulate disaster incident, automated orchestration and storage scalability have all been major blockers for businesses to recover from failures at set RTO and RPO targets.
With the AWS cloud platform, customers now have access to a scalable platform for implementing a data protection strategy at optimal price points without managing any physical infrastructure. Customers can leverage the range of services within the AWS platform to automate the restoration of data and ensure minimal downtime for critical IT system.
Building and implementing data protection in AWS requires a good understanding of the platform and the range of third party tools and products that seamlessly integrate with the AWS cloud platform. In addition, most of the leading storage and data protection vendors (e.g. Veeam, Veritas, NetApp etc) which clients use in on-premises environment already have robust solutions that integrate with the AWS cloud platform.
To help clients protect data, Insight is launching three propositions to minimise the impact of any data loss and ensure business continuity. These include:
- Scale on-premises storage by using AWS for backup and archive
- Disaster recovery to AWS for on-premises workloads
- Backup and recovery of native AWS and VMware Cloud on AWS workloads
Scale on-premises storage by using AWS for backup and archive
This is suitable for clients who are currently running out of on-premises SAN, NAS or tape storage and need a sustainable and scalable storage platform for backup and archive. This also applies to clients looking at implementing the 3-2-1 backup rule i.e. keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite. Once the data is in the cloud, it will facilitate implementing a cloud based disaster recovery strategy or carrying out data analytics using compute resources in the cloud.
AWS cloud platform provides the Simple Storage Service (S3), an object storage service that offers industry-leading scalability, data availability, security and performance. S3 is designed for 11 9’s durability and provides easy-to-use management features to help organise data and apply fine-grained access control.
S3 can be used as the target for backup and archive of on-premises workloads using native AWS backup services or third-party tools that integrate with S3. For example:
- AWS Storage Gateway services can be configured to leverage Amazon S3 as the target for backups, files and tapes.
- AWS Backup service can be used to backup data stored on AWS Storage gateway volumes which will leverage S3 for storage.
- Veeam Backup and Replication software provides a Cloud Tier capability where Amazon S3 can be used as a scale out backup repository (SOBR)
- Veritas NetBackup and Backup Exec supports using Amazon S3 as a backup repository with integration to Amazon Glacier and Glacier Deep Archive (less than £1 for 1TB/month)
- NetApp CloudSync can be used to sync data from ONTAP volumes to Amazon S3 as a secondary copy of data
Disaster recovery to AWS for on-premises workloads
To ensure business continuity, companies require a plan of action to respond to a disaster and eliminate the risk of losing business and reducing employee productivity. Disaster Recovery (DR) is about establishing an IT strategy that will be deployed in the event of a disaster. Traditionally, this is achieved by building two or more data centres, each with redundant power, networking, and connectivity, housed in separate facilities which can be cost prohibitive.
In today’s world, businesses can take advantage of the AWS global infrastructure to implement a DR strategy without the need to build multiple data centres. The pay-as-you-go model, flexibility, scalability and reliability of AWS provides the platform the foundation to implement a DR strategy tailored to meet set recovery targets.
The AWS cloud platform provides a range of services to help build a disaster recovery environment. These include:
- Compute - Amazon Elastic Cloud Compute (EC2) which can be used for the replication servers and to run the workload in a DR test/drill or actual DR incident. Amazon Machine Image (AMI) can also be used to build a packaged image of the application (with the OS and dependencies pre-installed) which will help reduce the RTO during a DR incident.
- Storage - Amazon Elastic Block Storage which provides a persistent storage for Amazon EC2 instances can be used to store replication data and then attached to the EC2 instances during failover.
- Networking – Amazon Virtual Private Cloud (VPC) which provides an isolated network within the AWS environment to run workloads and Site to Site Virtual Private Network (VPN) which can be used to setup an IPSec VPN tunnel to the on-premises environment.
- Automation Tools – AWS CloudFormation which enables building AWS infrastructure as a code to allow automation and orchestration during DR failover. In addition, AWS Lambda which provides a serverless compute service that can be leveraged to automate scheduled tasks or responses to events within the AWS platform.
Disaster Recovery can be implemented using these services as covered in this article. There are also a range of third-party tools that enable businesses to easily configure a DR environment on AWS. Some of these include: Veritas Replication Platform (VRP), CloudEndure Disaster Recovery and Zerto.
Backup and recovery of Native AWS and VMware Cloud on AWS workloads
Data protection, compliance and security is a shared responsibility between AWS and the end user. The customer is responsible for the customer data that is stored on the AWS platform while AWS operates, manages and controls the host operating system, virtualisation layer and the physical infrastructure provides the platform where data is stored.
A guiding principle for a shared responsibility model is that AWS is responsible for the security “of” the cloud while the customer is responsible for the security “in” the cloud.
This implies that customers running workloads on native AWS (using AWS services e.g. EC2, EBS, EFS etc) or in VMware Cloud on AWS are responsible for implementing measures to protect data in these environments and most importantly, be able to recover from a disaster incident as a result of failure in the AWS physical infrastructure or host operating system.
For native AWS workloads, its important to implement the cross region backup and archive of workloads i.e. storing backups in a different AWS region from where the workload is currently running and testing these backups regularly to ensure the environment can be restored in the new region. If there are data compliance requirements that prevent cross region transfer, customers can replicate data to different availability zone within a given region to improve resilience. Native AWS services such as AWS Backup and third party tools such as Veeam N2WS can be used to implement disaster recovery for native AWS workloads.
Similarly, VMware Cloud on AWS (VMC) customers will need to implement the backup and archive of VMs running in the software defined data centre (SDDC) on AWS. With the seamless integration of VMC with native AWS, backup files can easily be transferred to S3 storage and restored in the event of a disaster. Third party tools such as Veeam Backup and Replication, Veritas NetBackup and Druva can be used to implement the backup and archive of virtual machines on VMC to Amazon S3.
As an AWS Advanced Consulting Partner, Insight is well positioned to provide the technical expertise for AWS clients to implement data protection strategies and ensure seamless recovery in the event of a disaster.
Furthermore, Insight has built an unprecedented relationship with a range of technology partners who are leaders in providing data protection solutions on AWS. Some of these include Veeam, Veritas, NetApp and CloudEndure (part of AWS). For clients who currently use these vendor solutions on-premises or net new clients, Insight can provide the expertise required to leverage these vendor tools.
To guide clients through the implementation, Insight’s proven professional services engagement model can be tailored to meet individual clients’ need. These services include:
- Discovery – discuss business objectives to understand the pain points and the overall cloud strategy for the business.
- Assessment – deploy tools (where required) to get visibility of the current environment and build a high level design for the new environment.
- Build and Migration – implementation of the data protection strategy which will include setting up the AWS environment and deploying the tools to move data to the target area and automatically orchestrate disaster recovery.
To find out more Insight Data Protection Proposition for AWS, please contact your Insight Account Manager or get in touch via our contact form here.