aws journey through the aws cloud: disaster recovery
TRANSCRIPT
Journey through the Cloud:
Disaster Recovery
Ian Massingham – Technical Evangelist @IanMmmm
Common use cases & stepping stones into the AWS cloud Learning from customer journeys
Best practices to bootstrap your projects
Journey through the cloud
Explore and learn about AWS with a ‘non-production’ use case Phase systems into ‘live’ DR use with reduced risk
Benefit from lower costs & only pay for what you use Gain the ability to test DR procedures more frequently
Invoke DR whilst testing DR procedures if necessary
Disaster Recovery
Why AWS for disaster recovery? AWS services that can be employed Common DR architectures Customer case studies and examples Resources to learn more
Agenda
Why AWS for Disaster Recovery?
AWS is used in a variety of ways… AWS & Disaster Recovery
Fast, secure and cost effective backup and DR for Oracle Apps
“Using AWS has enabled us to move into a whole new market, while lowering our hosting
costs by 80 percent”
“Using AWS allowed us to implement a disaster recovery strategy at a fraction of the cost”
Find out more here : aws.amazon.com/solu6ons/case-‐studies
Galata benefits from increased DR scalability, flexibility and reduced
complexity
You might be able to: Business & technical drivers
Reduce costs
Slash DR budgets by up to 50%
Reduce on-premise
Eliminate 30%+ of on-premise physical equipment
Consolidate sites
Eliminate the need to run a secondary site
Remove aging technologies
Eliminate tape for backup and
archive
DR is part of a wider set of policies and controls… DR & business continuity
High availability Backup Disaster recovery
Keep your applications running 24x7
Make sure your data is safe
Get your applications and data back after a major
disaster
DR is part of a wider set of policies and controls… DR & business continuity
It’s not an all or nothing thing
Choose what needs to failover and what does not Some things more important than others
Some things will still be working
High availability Backup Disaster recovery
Keep your applications running 24x7
Make sure your data is protected and can be recovered if it is lost
Get your applications and data back after a major
disaster
Each set of IT assets will have different requirements… DR & business continuity
Recovery Time Objective (RTO)
How quickly you need this asset to be recovered?
e.g. 1min? 15min? 1hr? 4hrs? 1day?
Recovery Point Objective (RPO)
How ‘fresh’ the recovery must be for the asset?
e.g. zero data loss, 15mins out of date?
Assets will sit on a spectrum of technical complexity… DR & business continuity
Rebuild when required from offsite backup
Run hot-hot configuration with
auto-failover
The fundamental economic model… Utility, on-demand datacenter
Primary Site Routers Firewalls Network
Application Licenses Operating Systems
Hypervisor Servers
SAN fabric Primary Storage
Backup Archive
Secondary Site Routers Firewalls Network
Application Licenses Operating Systems
Hypervisor Servers
SAN fabric Primary Storage
Backup Archive
The fundamental economic model… Utility, on-demand datacenter
Primary Site Routers Firewalls Network
Application Licenses Operating Systems
Hypervisor Servers
SAN fabric Primary Storage
Backup Archive
AWS Routers Firewalls Network
Application Licenses Operating Systems
Hypervisor Servers
SAN fabric Snapshot Storage
Backup Archive
The fundamental economic model… Utility, on-demand datacenter
Primary Site Routers Firewalls Network
Application Licenses Operating Systems
Hypervisor Servers
SAN fabric Primary Storage
Backup Archive
AWS Routers Firewalls Network
Application Licenses Operating Systems
Hypervisor Servers
SAN fabric Snapshot Storage
Backup Archive
Secondary site costs
Availability Zone
AWS is global Region
Certifications SOC 2
ISO 27001
PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM
FISMA Moderate Compliant Controls
HIPAA & ITAR Compliant Architecture
Physical Security Datacenters in nondescript
facilities
Physical access strictly controlled
Must pass two-factor authentication at least twice
for floor access
Physical access logged and audited
HW, SW, Network Systematic change
management
Phased updates deployment
Safe storage decommission
Automated monitoring and self-audit
Advanced network protection
Built to enterprise security standards
http://aws.amazon.com/security
AWS services that can be
employed
Amazon Simple Storage
Service (S3)
AWS Import/Export
AWS Storage Gateway Service
AWS Direct Connect
Amazon Virtual Private Cloud
(VPC)
Amazon Route 53
Amazon Elastic Compute Cloud
(EC2)
Amazon Relational Database Service (RDS)
Amazon Elastic Block
Storage (EBS)
Object storage & transfer services
Networking services Foundation services
S3 and Elastic Block Store AWS storage is ideal for DR
Simple Storage Service Highly scalable object storage
1 byte to 5TB in size
99.999999999% durability
Elastic Block Store High performance block storage device
Volumes of 1GB to 1TB in size
Mount as drives to instances with snapshot/cloning functionalities
Direct Connect Dedicated connection between your IT infrastructure and the AWS datacenters Extend your network infrastructure and VLANs into AWS
VPN Connection A Hardware VPN connection connects amazon environment to your datacenter Internet Protocol security (IPsec) VPN connection Commonly used hardware supported
Virtual Private Cloud Private, isolated section of the AWS Cloud Launch resources in a virtual network that you define complete control over your virtual networking environment
Internet
Internet
Connecting to AWS
Common DR architectures
4 main patterns Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-premise
We’ll focus on 2 of them… Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-premise
Let’s start with Backup & Restore Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-premise
Advantages to starting a journey with this pattern Backup & Restore pattern
Simple to get started
Easy starting point for exploring the AWS cloud
Low technical barrier to entry
Focus on incorporating cloud into your DR strategy, not on complex technical issues
related to hot-hot systems
Cost effective
Very high levels of data durability at low price
Cost of storing snapshots in S3
Archiving possibilities beyond tape using Glacier
The preparation process… Backup & Restore pattern
Take backups of current systems
Store backups in S3
Move to long term archive in Glacier
The process… Backup & Restore pattern
Take backups of current systems
Store backups in S3
Detail how you will restoring from backup or recover from archive
Move to long term archive in Glacier
Glacier Long term durable archive
Long term Glacier archive
Durable Designed for 99.999999999%
durability of archives
Cost effective Write-once, read-never. Cost effective for long
term storage. Pay for accessing data
Logs accessible from S3
time
Exp
iry
Logs ✗ accessible from S3
Objects expire and are deleted
time
Exp
iry
Logs
Txns
✗ accessible from S3
Objects expire and are deleted
time
accessible from S3
Object transition to Glacier invoked
Exp
iry
Tran
sitio
n
Logs
Txns
✗ accessible from S3
Objects expire and are deleted
time
accessible from S3
Object transition to Glacier invoked
Restoration of object requested for x hrs
Exp
iry
Tran
sitio
n
Logs
Txns
✗ accessible from S3
Objects expire and are deleted
time
accessible from S3
Object transition to Glacier invoked
Restoration of object requested for x hrs
3-5hrs
Object held in S3 RRS for x hrs
Exp
iry
Tran
sitio
n
3-5 hour retrieval time We assume you won’t access often
Push backups to AWS
Store AMIs for servers
Recover servers during DR
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
AWS Storage Gateway installed
on-premise to synchronize local
volumes
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
Local volumes created under
Storage Gateway
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
Usable with on-premise servers
via iSCSI interface
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
Primary on-premise volumes
snapshotted, compressed and stored in Amazon
S3
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
Snapshot pulled from S3 to restore local
volume
Corporate Data Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data Center
AWS Storage Gateway
Snapshot pulled from S3 to create cloud
instance backed by
Volume
Gateway stored volumes
Data stored locally
Asynchronous backup EBS snapshots
iSCSI local interface Up to 1TB volumes
Gateway cached volumes
Data stored in S3
Recently read data cached Low latency
iSCSI local interface Up to 32TB volumes
AWS Storage appliances and backup management
RDS and Oracle RMAN
Let’s look at the Pilot Light pattern… Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-premise
Moving along the DR spectrum… Pilot light architecture
Build resources around replicated
dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset and leave in stopped state
Moving along the DR spectrum… Pilot light architecture
Build resources around replicated dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset and leave in stopped state
Scale resources in AWS in response to a DR event
Start up pool of resources in AWS when events
dictate
Match current production capacity through auto-scaling policies
Moving along the DR spectrum… Pilot light architecture
Build resources around replicated dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset and leave in stopped state
Scale resources in AWS in response to a DR event
Start up pool of resources in AWS when events
dictate
Match current production capacity through auto-scaling policies
Switch-over to system in AWS
Pilot light
Stopped instances
Pilot light
Running instances
Customer Example
EU region DR site for range of business applications
All running in a Virtual Private Cloud (VPC)
DR provision for applications dependent on Oracle and SQL Server databases
Includes DR for Active Directory and Windows file shares
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Dual route connectivity
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Active Directory Replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Bastion Host
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Database replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Application images
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Desktop environments
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Durable data backups
Where to learn more
Resources
Disaster Recovery on AWS: aws.amazon.com/disaster-recovery Architecture Center: aws.amazon.com/architecture Using AWS for Disaster Recovery
http://media.amazonwebservices.com/AWS_Disaster_Recovery.pdf Backup and Recovery Approaches Using AWS
http://media.amazonwebservices.com/AWS_Backup_Recovery.pdf
Summary
The cloud makes backup and recovery easy
You can get started for pennies per month
The cloud will scale to accommodate all of your data
You retain visibility and control of your information
AWS Training & Certification Certification
aws.amazon.com/certification
Demonstrate your skills, knowledge, and expertise
with the AWS platform
Self-Paced Labs
aws.amazon.com/training/ self-paced-labs
Try products, gain new skills, and get hands-on
practice working with AWS technologies
aws.amazon.com/training
Training
Skill up and gain confidence to design, develop, deploy and
manage your applications on AWS
Ian Massingham – Technical Evangelist @IanMmmm
@AWS_UKI for local AWS events & news
@AWScloud for Global AWS News and Announcements ©Amazon.com, Inc. and its affiliates. All rights reserved.
We typically see customers start by trying our services
Get started now at : aws.amazon.com/getting-started
Design your application for the AWS Cloud
More details on the AWS Architecture Center at : aws.amazon.com/architecture