Data Protection in Amazon Web Services

There are a variety of ways to protect your information while using Amazon Web Services (AWS) but how you approach data protection is dependent on your specific environment. Below, we explore a few use cases and touch on different ways to protect data. One noteworthy takeaway from the use cases below is that data protection should factor in your initial designs, not as an add-on after the fact.

AWS EC2 / Cloud Computing

There are multiple approaches to using AWS to run software on EC2 instances, including Amazon’s recommendation, using Third Party Backup Software and a combination of the two:

Approach #1: Amazon’s Recommendation: First off, there is no “backup software” in AWS. Your data is protected through a combination of tools and processes. The general idea is that you automate the deployment processes of setting up both your AWS environment (VPCs, EC2, security groups, etc.) as well as the applications and their configurations. This gives you the ability to deploy or rebuild your environment in minutes. This approach does require more effort up front, but the ability to either scale your environment or quickly recover it is well worth the initial investment in time. Furthermore, giving yourself the ability to rebuild the application means the only thing you’ll really need to “backup” is the data that is being constantly updated such as databases or application data. AWS has service offerings such as RDS (Relational Database Service) that offload the management of a database, including data protection. You can then use some of the native features in AWS such as snapshots, S3 replication, etc. to protect your variable data. Amazon not only provides the tools to protect your data, but also gives you the capability to process and automate them. You can do this using a combination of AWS EC2 CLI, scripting, and other tools. While this can work great in small environments it can become tedious having to manage hundreds of applications, as there is no centralized management (unless you develop it).

Approach #2: Third Party Backup Software: If the first method seems complicated, an alternate, and easier, approach is to use a Third Party Backup Software within AWS. Using a third party “backup software” in AWS provides the tools and features missing in AWS such as centralized management, reporting, ability to recover data quickly, among other features.

Approach #3: Combination: If you take the first approach and layer “backup software” on top for the management and other polished features, this can improve the overall functionality of data protection, as well as reducing the complexity of maintenance and support. Supportability of your cloud environment should also be a primary concern, beyond your main deliverable and data protection.

AWS can also be used as a “Cloud Backup” destination of Enterprise Data Centers, leading to our second use case.

Cloud Backups of Enterprise Data Centers using AWS

The goal of a cloud backup is to have a reliable, off-site copy of data that is in scope for recoverability. Your recoverability goals should be the main drivers of this strategy as opposed to picking a methodology first and then making it fit. Mainstream data protection applications support S3 as a remote data target. S3, a storage platform offered by Amazon, provides a cost-effective place to store file data. You can simply create a replica of your backup save sets to a S3 bucket in AWS and setup policies in S3 to tier data down to Glacier for long-term storage. When designing the tiering up or down of backup sets, please be sure to fully understand the Service Level Objectives for recovering data from these different Amazon tiers. Lastly, most recoveries are performed from recent backups, thus part of the design may include keeping a local copy of the backups for at least a week or so. If your backup software doesn’t provide the ability to communicate to S3 you can replicate your backup data to S3 via a S3 gateway.

The final use case we’ll look at is using AWS as a Disaster Recovery (DR) target.

Disaster Recovery

AWS has many data centers across different geographical locations. As a result, designing and implementing disaster recovery of native AWS resources is simple and one of the many great features from Amazon. Using AWS as a DR target from your Enterprise Data Center presents some complexities and there are a few challenges in supporting this. Generally, Enterprise Data Centers run VMs under VMware vSphere. Since AWS doesn’t yet support VMware to run VMs (instances), a conversion process needs to happen to “import” the systems to run as EC2 instances. Additionally, an initial data sync is also needed that could exceed the capabilities of traditional data transfer tools. These challenges can be addressed through features in backup software or other third-party solutions. This added complexity is one of the reasons that many enterprise environments are looking at Cloud DR solutions that are natively compatible with VMware and Hyper-V.

What next?

As shown, there are many approaches to data protection as well as a number of details to take into consideration from both a business and technical perspective. If you are exploring different protection options, our team at Edge Solutions specializes in data management and the protection of your assets. We can address not only data protection but also the security considerations and business objectives. Give our team a call at 888-861-8884 or contact us online to talk about how to protect your information while using Amazon Web Services further.

About Alex Theodore

Technology consultant and engineer. Learning all about the cloud. Cooking enthusiast. Alex has become a trusted advisor to our customers by sharing his knowledge, and taking an open approach to working on technology challenges. His ability solve problems in a creative manner, and his consulting skills have become a valuable asset to our customers.

Scroll to Top