journey through the aws cloud; disaster recovery

Journey through the Cloud:

Disaster Recovery

Ryan Shu3leworth – Technical Evangelist @ryanAWS

Common use cases & stepping stones into the AWS cloud Learning from customer journeys

Best pracFces to bootstrap your projects

Journey through the cloud

Explore AWS for a ‘non-‐producFon’ use case Phase systems into ‘live’ DR use with relaFve ease

Choose your success objecFves for a cloud project ‘out of band’

Disaster recovery

Why AWS for disaster recovery? AWS services that can be employed Common DR architectures Customer example Where to go next

Agenda

Why AWS for Disaster Recovery?

AWS is used in a variety of ways…

AWS & Disaster Recovery

Backup and disaster recovery system for its remote sales offices

Fast, secure and cost effec@ve backup and DR for Oracle Apps

Disaster recovery solu@on to backup and store cri@cal medical image data

DR and tes@ng environment reducing IT overhead and increasing availability

You might be able to:

Business & technical drivers

Reduce costs

Slash DR budgets by up to 50%

Reduce on-‐premise

Eliminate 30%+ of on-‐premise physical equipment

Consolidate sites

Eliminate the need to run a secondary site

Remove aging technologies

Eliminate tape for backup and

archive

DR is part of a wider set of policies and controls…

DR & business conFnuity

High availability Backup Disaster recovery

Keep your applica@ons running 24x7

Make sure you data is safe Get your applica@ons and data back aPer a major

disaster

DR is part of a wider set of policies and controls…


It’s not an all or nothing thing Choose what needs to failover and what does not

Some things more important than others Some things will s@ll be working

High availability Backup Disaster recovery

Keep your applica@ons running 24x7

Make sure you data is safe Get your applica@ons and data back aPer a major

disaster

Each set of IT assets will have different requirements…


Recovery Time ObjecFve (RTO)

How quickly you need this asset to be

recovered? e.g. 1min? 15min? 1hr? 4hrs? 1day?

Recovery Point ObjecFve (RPO)

How ‘fresh’ the recovery must be for the

asset? e.g. zero data loss, 15mins out of date?

Assets will sit on a spectrum of technical complexity…


Rebuild when required from offsite backup

Run hot-‐hot configuraFon with

auto-‐failover

The fundamental economic model…

UFlity, on-‐demand datacenter

Primary Site

Routers Firewalls Network

Applica@on Licenses Opera@ng Systems

Hypervisor Servers SAN

Primary Storage Backup Archive

Secondary Site







Primary Site





AWS Routers Firewalls Network



Snapshot Storage Backup Archive



Primary Site





AWS Routers Firewalls Network



Snapshot Storage Backup Archive

Secondary site costs

Availability Zone

AWS is global Region

Cer6fica6ons

SOC 1 Type 2 (formerly SAS70)

ISO 27001

PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM

FISMA Moderate Compliant Controls

HIPAA & ITAR Compliant Architecture

Physical Security

Datacenters in nondescript faciliFes

Physical access strictly controlled

Must pass two-‐factor authenFcaFon at least twice

for floor access

Physical access logged and audited

HW, SW, Network

SystemaFc change management

Phased updates deployment

Safe storage decommission

Automated monitoring and self-‐audit

Advanced network protecFon

Built to enterprise security standards

http://aws.amazon.com/security

AWS services that can be

employed

Amazon Simple Storage

Service (S3)

AWS Import/Export

AWS Storage Gateway Service

AWS Direct Connect

Amazon Virtual Private Cloud

(VPC)

Amazon Route 53

Amazon Elastic Compute Cloud

(EC2)

Amazon Relational Database Service (RDS)

Amazon Elastic Block

Storage (EBS)

Object storage & transfer services

Networking services FoundaFon services

S3 and Elas@c Block Store

AWS storage is ideal for DR

Simple Storage Service

Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

ElasFc Block Store

High performance block storage device

1GB to 1TB in size

Mount as drives to instances with snapshot/cloning func@onali@es

0.000

250.000

500.000

750.000

1000.000

1 Trillion

750k+ peak transacFons per second

Objects in S3

Direct Connect Dedicated connec@on between your IT

infrastructure and the AWS datacenters

Extend your network infrastructure and VLANs into AWS

VPN ConnecFon A Hardware VPN connec@on connects

amazon environment to your datacenter

Internet Protocol security (IPsec) VPN connec@on

Commonly used hardware supported

Virtual Private Cloud Private, isolated sec@on of the AWS Cloud

Launch resources in a virtual network that you

define complete control over your virtual networking

environment

Internet

Internet

Networking options

Common DR architectures

4 main paherns


Backup & Restore Pilot light

Warm standby in AWS

Mul6-‐site solu6on in AWS & on-‐

premise

We’ll focus on 2 of them…



Warm standby in AWS


premise

Let’s start with Backup & Restore



Warm standby in AWS


premise

Advantages to star@ng a journey with this pahern

Backup & Restore pa3ern

Simple to get started

Easy star@ng point for exploring the AWS cloud

Low technical barrier to entry

Focus on incorpora@ng cloud into your DR strategy, not on complex technical issues related to hot-‐hot systems

Cost effecFve

Very high levels of data durability at low price

Cost of storing snapshots in S3

Archiving possibili@es beyond tape using Glacier

The prepara@on process…


Take backups of current systems

Store backups in S3

Move to long term archive in Glacier

The process…


Take backups of current systems

Store backups in S3

Detail how you will restoring from backup or recover from archive

Move to long term archive in Glacier

Push backups to AWS

Store AMIs for servers

Recover servers during DR

Glacier Long term cold storage

From $0.01 per GB/Month

99.999999999% durability

Long term archive Amazon Glacier

AWS Storage Gateway and backup management

RDS and Oracle RMAN

Let’s look at the Pilot Light pahern…



Warm standby in AWS


premise

Moving along the DR spectrum…

Pilot light architecture

Build resources around replicated dataset

Keep ‘pilot light’ on by replica@ng core

databases

Build AWS resources around dataset and leave in stopped state





databases


Scale resources in AWS in response to a DR event

Start up pool of resources in AWS when

events dictate

Match current produc@on capacity through auto-‐scaling polcies





databases


Scale resources in AWS in response to a DR event

Start up pool of resources in AWS when

events dictate

Match current produc@on capacity through auto-‐scaling policies

Switch-‐over to system in AWS

Pilot light

Stopped instances

Pilot light

Running instances

Customer example

EU region DR site for range of business applicaFons

All running in a Virtual Private Cloud (VPC)

DR provision for applicaFons dependent on Oracle and SQL Server databases

Includes DR for AcFve Directory and Windows file shares

VPC Subnet B

Region

Availability Zone

Client-to-site VPN Site-to-site VPN

S3 Bucketswith Objects

Bastion Host

Internet

On-premiseData Centre A

RemoteDesktops

AWS Direct Connect

On-premiseData Centre B

VPC Subnet D VPC Subnet F

Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Dual route connectivity

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Active Directory Replication

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Bastion Host

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Database replication

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Application images

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Desktop environments

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Durable data backups

Where to go next

Technology and services organisa@ons

Rich partner ecosystem

h3p://aws.amazon.com/backup-‐storage

h3p://aws.typepad.com

h3p://aws.amazon.com/whitepapers

Summary

The cloud makes backup and recovery easy

You can get started for pennies per month

The cloud will scale to accommodate all of your data

You retain visibility and control of your informaFon

aws.amazon.com get started on the free Fer