aws summit barcelona - backup & disaster recovery
DESCRIPTION
TRANSCRIPT
BACK UP & DISASTER RECOVERY
Vadim Zendejas Solutions Architect
AGENDA
Why AWS for disaster recovery
AWS services that can be employed
Common DR architectures
Customer example
Where to go next
HOT TOPIC FOR
ENTERPRISES
HOT TOPIC FOR
ENTERPRISES
Floods in Europe
Hurricane Sandy in USA
Typhoons in South East Asia
Earthquake in New Zealand
Tsunami and flooding in Japan
« Everything fails all the time »
Werner Vogels
CTO of Amazon
WHY AWS FOR DISASTER
RECOVERY?
REDUCE COSTS
Reduce DR budgets considerably
REDUCE ON-PREMISE
Reduce on-premise physical equipment
CONSOLIDATE SITES
Eliminate the need to run a secondary site
REMOVE AGING
TECHNOLOGIES
Eliminate tape for backup and archive
FAST, SECURE AND COST
EFFECTIVE BACKUP AND DR FOR
ORACLE APPS
DR & BUSINESS
CONTINUITY
DR IS PART OF A WIDER SET OF
POLICIES AND CONTROLS
Keep your applications
running 24x7
HIGH
AVAILABILITY
DR IS PART OF A WIDER SET OF
POLICIES AND CONTROLS
Keep your applications
running 24x7
HIGH
AVAILABILITY BACKUP
Make sure you data is
safe
DR IS PART OF A WIDER SET OF
POLICIES AND CONTROLS
Keep your applications
running 24x7
HIGH
AVAILABILITY BACKUP
DISASTER
RECOVERY
Make sure you data is
safe
Get your applications
and data back after a
major disaster
IT’S NOT AN ALL OR NOTHING THING
DR IS PART OF A WIDER SET OF
POLICIES AND CONTROLS
Keep your applications
running 24x7
HIGH
AVAILABILITY BACKUP
DISASTER
RECOVERY
Make sure you data is
safe
Get your applications
and data back after a
major disaster
EACH SET OF IT ASSETS WILL
HAVE DIFFERENT REQUIREMENTS
RECOVERY TIME
OBJECTIVE (RTO)
RECOVERY POINT
OBJECTIVE (RPO)
How fresh the recovery
must be for the asset?
e.g. zero data loss, 15mins
out of date?
How quickly you need this
asset to be recovered?
e.g. 1min? 15min? 1hr?
4hrs? 1day?
LEVEL OF AVAILABILITY
REQUIRED
REBUILD
WHEN
REQUIRED
FROM OFFSITE
BACKUP
RUN HOT-HOT
CONFIGURATION
WITH AUTO-
FAILOVER
UTILITY, ON-DEMAND DATACENTER
PRIMARY SITE
Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
SECONDARY SITE
Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
UTILITY, ON-DEMAND DATACENTER
PRIMARY SITE
Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
AWS
Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Snapshot Storage
Backup
Archive
UTILITY, ON-DEMAND DATACENTER
PRIMARY SITE
Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
AWS
Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Snapshot Storage
Backup
Archive
$
EU-WEST (Ireland)
ASIA PAC
(Singapore)
US-WEST (N. California)
SOUTH AMERICA (Sao Paulo)
US-EAST (Virginia)
AWS IS GLOBAL
ASIA PAC (Tokyo)
ASIA PAC
(Sydney)
GOV CLOUD
US-WEST (Oregon)
BACKUP AND DISASTER
RECOVERY SYSTEM FOR ITS
REMOTE SALES OFFICES
BUILT TO ENTERPRISE SECURITY STANDARDS
http://aws.amazon.com/security
CERTIFICATIONS
ISO 27001
SOC 1 Type 2 (formerly
SAS70), SOC 2, SOC 3
PCI DSS Level 1
DIACAP, FISMA, FIPS 140-2
HIPAA & ITAR Compliant
Architecture
PHYSICAL SECURITY
Datacenters in nondescript
facilities
Physical access strictly
controlled
Must pass two-factor
authentication at least twice for
floor access
Physical access logged and
audited
HW, SW, NETWORK
Systematic change
management
Phased updates deployment
Safe storage decommission
Automated monitoring and
self-audit
Advanced network protection
AWS SERVICES THAT
CAN BE EMPLOYED
Amazon Simple
Storage Service
(S3)
AWS Import/Export
AWS Storage
Gateway Service
AWS Direct
Connect
Amazon Virtual
Private Cloud
(VPC)
Amazon
Route 53
Amazon Elastic
Compute Cloud
(EC2)
Amazon Relational
Database Service (RDS)
Amazon
Elastic Block
Storage (EBS)
STORAGE &
TRANSFER SERVICES
NETWORKING
SERVICES
FOUNDATION
SERVICES
AWS STORAGE IS IDEAL FOR DR
SIMPLE STORAGE
SERVICE
ELASTIC BLOCK
STORAGE
High performance block storage device
1GB to 1TB in size
Mount as drives to instances with
snapshot/cloning functionalities
Highly scalable object storage
1 byte to 5TB in size
99.999999999% durability
AWS STORAGE IS IDEAL FOR DR
SIMPLE STORAGE
SERVICE
ELASTIC BLOCK
STORAGE
High performance block storage device
1GB to 1TB in size
Mount as drives to instances with
snapshot/cloning functionalities
Highly scalable object storage
1 byte to 5TB in size
99.999999999% durability
From $0.095 per GB/Month
From $0.10 per GB/Month
LONG TERM ARCHIVE
AMAZON GLACIER
Long term cold storage
From $0.01 per GB/Month
99.999999999% durability
NETWORKING OPTIONS
DIRECT CONNECT Dedicated connection between your
IT infrastructure and the AWS
datacenters
Extend your network infrastructure
and VLANs into AWS
VPN CONNECTION A Hardware VPN connection
connects amazon environment to
your datacenter
Internet Protocol security (IPsec)
Commonly used hardware supported
VIRTUAL PRIVATE CLOUD Private, isolated section of the AWS Cloud
Launch resources in a virtual network that
you define
Complete control over your virtual
networking environment
Internet
Internet
DISASTER RECOVERY SOLUTION
TO BACKUP AND STORE
CRITICAL MEDICAL IMAGE DATA
COMMON DR
ARCHITECTURES
4 MAIN PATTERNS
Backup &
Restore Pilot light
Hot standby in
AWS
Multi-site solution
in AWS & on-
premise
BACKUP & RESTORE
PATTERN
ADVANTAGES TO STARTING A
JOURNEY WITH THIS PATTERN
SIMPLE TO GET
STARTED
Easy starting point for exploring the
AWS cloud
Low technical barrier to entry
Focus on incorporating cloud into
your DR strategy, not on complex
technical issues related to hot-hot
systems
COST EFFECTIVE
Very high levels of data durability
at low price
Cost of storing snapshots in S3
Archiving possibilities beyond
tape using Glacier
THE PREPARATION PROCESS
TAKE BACKUPS
OF CURRENT
SYSTEMS
THE PREPARATION PROCESS
TAKE BACKUPS
OF CURRENT
SYSTEMS
STORE
BACKUPS IN
S3
THE PREPARATION PROCESS
TAKE BACKUPS
OF CURRENT
SYSTEMS
STORE
BACKUPS IN
S3
MOVE TO
LONG TERM
ARCHIVE IN
GLACIER
THE PROCESS
TAKE BACKUPS
OF CURRENT
SYSTEMS
STORE
BACKUPS IN
S3
MOVE TO
LONG TERM
ARCHIVE IN
GLACIER
DETAIL HOW YOU WILL BE RESTORING FROM BACKUP
OR RECOVER FROM ARCHIVE
PUSH BACKUPS TO AWS
STORE AMIS FOR SERVERS
RECOVER SERVERS DURING DR
AWS STORAGE GATEWAY AND BACKUP MANAGEMENT
RDS AND ORACLE RMAN
RESTORE TIMES REDUCED FROM 15 TO 2½ HOURS
PILOT LIGHT
ARCHITECTURE
MOVING ALONG THE DR
SPECTRUM
Keep pilot light on by replicating
core databases
Build AWS resources around dataset
and leave in stopped state
BUILD RESOURCES AROUND
REPLICATED DATASET
MOVING ALONG THE DR
SPECTRUM
Keep pilot light on by replicating
core databases
Build AWS resources around dataset
and leave in stopped state
BUILD RESOURCES AROUND
REPLICATED DATASET
SCALE RESOURCES IN AWS
IN RESPONSE TO A DR EVENT
Start up pool of resources in AWS
when events dictate
Match current production capacity
through auto-scaling policies
SWITCH-OVER TO SYSTEM IN AWS
MOVING ALONG THE DR
SPECTRUM
Keep pilot light on by replicating
core databases
Build AWS resources around dataset
and leave in stopped state
BUILD RESOURCES AROUND
REPLICATED DATASET
SCALE RESOURCES IN AWS
IN RESPONSE TO A DR EVENT
Start up pool of resources in AWS
when events dictate
Match current production capacity
through auto-scaling policies
Stopped
instances
PILOT LIGHT
Database
replication
Running
instances
PILOT LIGHT
DR AND TESTING ENVIRONMENT
REDUCING IT OVERHEAD AND
INCREASING AVAILABILITY
HOT STANDBY
ARCHITECTURE
WHY USE HOT STAND BY?
When the Recovery Time Objective
has a low time for recovery policy
LOW RESTORING TIME
EXPECTED
CONSISTENT DATA SET
And when the Recovery Point
Objective has a higher level of
consistency expected
HOT STANDBY
Redirect
traffic
HOT STANDBY
MULTI-SITE SOLUTION
ON AWS AND ON
PREMISE ARCHITECTURE
OBJECTIVES OF A MULT-SITE
SOLUTION
When almost no downtime is
expected
DOWNTIME IS CRITICAL SCALABILITY IS REQUIRED
When primary site can not handle
heavy loads
MULTI-SITE SOLUTION
MULTI-SITE SOLUTION
Health
Checkups
CUSTOMER EXAMPLE
EU region DR site for range of business applications
All running in a Virtual Private Cloud (VPC)
DR provision for applications dependent on Oracle and SQL Server
databases
Includes DR for Active Directory and Windows file shares
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Dual route
connectivity
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Active Directory
Replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Bastion
Host
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Database
replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Application images
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Durable data
backups
WHERE TO GO NEXT
RICH PARTNER ECOSYSTEM
TECHNOLOGY AND SERVICES ORGANIZATIONS
http://aws.amazon.com/backup-storage
http://aws.typepad.com
http://aws.amazon.com/whitepapers
INFRASTRUCTURE IS NO LONGER A BARRIER
NO UP-FRONT EXPENSE
$ Physical Space
$ Power
$ Network
$ Servers
$ Certification
On-Premise Amazon Web
Services
$0 To get started
THE CLOUD
MAKES BACKUP
AND RECOVERY
EASY
✔
YOU CAN GET
STARTED FOR
CENTS PER
MONTH
THE CLOUD
WILL SCALE TO
ACCOMMODATE
ALL OF YOUR
DATA
FOCUS ON
YOUR BUSINESS
aws.amazon.com get started on the free tier