journey through the cloud: disaster recovery

Journey through the Cloud:

Disaster Recovery

Ryan Shuttleworth – Technical Evangelist @ryanAWS

Common use cases & stepping stones into the AWS cloud Learning from customer journeys

Best practices to bootstrap your projects

Journey through the cloud

Explore AWS for a ‘non-production’ use case Phase systems into ‘live’ DR use with relative ease

Choose your success objectives for a cloud project ‘out of band’

Disaster recovery

Why AWS for disaster recovery? AWS services that can be employed Common DR architectures Customer example Where to go next

Agenda

Why AWS for Disaster Recovery?

AWS is used in a variety of ways…

AWS & Disaster Recovery

Backup and disaster recovery system for its remote sales offices

Fast, secure and cost effective backup and DR for Oracle Apps

Disaster recovery solution to backup and store critical medical image data

DR and testing environment reducing IT overhead and increasing availability

You might be able to:

Business & technical drivers

Reduce costs

Slash DR budgets by up to 50%

Reduce on-premise

Eliminate 30%+ of on-premise physical equipment

Consolidate sites

Eliminate the need to run a secondary site

Remove aging technologies

Eliminate tape for backup and

archive

DR is part of a wider set of policies and controls…

DR & business continuity

High availability Backup Disaster recovery

Keep your applications

running 24x7

Make sure your data is safe Get your applications and

data back after a major

disaster

DR is part of a wider set of policies and controls…


It’s not an all or nothing thing Choose what needs to failover and what does not

Some things more important than others Some things will still be working

High availability Backup Disaster recovery

Keep your applications

running 24x7

Make sure your data is safe Get your applications and

data back after a major

disaster

Each set of IT assets will have different requirements…


Recovery Time

Objective (RTO)

How quickly you need this asset to be

recovered?

e.g. 1min? 15min? 1hr? 4hrs? 1day?

Recovery Point

Objective (RPO)

How ‘fresh’ the recovery must be for the

asset?

e.g. zero data loss, 15mins out of date?

Assets will sit on a spectrum of technical complexity…


Rebuild when required from offsite backup

Run hot-hot configuration with

auto-failover

The fundamental economic model…

Utility, on-demand datacenter

Primary Site Routers

Firewalls

Network

Application Licenses

Operating Systems

Hypervisor

Servers

SAN

Primary Storage

Backup

Archive

Secondary Site Routers

Firewalls

Network


Operating Systems

Hypervisor

Servers

SAN

Primary Storage

Backup

Archive




Firewalls

Network


Operating Systems

Hypervisor

Servers

SAN

Primary Storage

Backup

Archive

AWS Routers

Firewalls

Network


Operating Systems

Hypervisor

Servers

SAN

Snapshot Storage

Backup

Archive




Firewalls

Network


Operating Systems

Hypervisor

Servers

SAN

Primary Storage

Backup

Archive

AWS Routers

Firewalls

Network


Operating Systems

Hypervisor

Servers

SAN

Snapshot Storage

Backup

Archive

Secondary site costs

Availability Zone

AWS is global Region

Certifications

SOC 2

ISO 27001

PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM

FISMA Moderate Compliant Controls

HIPAA & ITAR Compliant Architecture

Physical Security

Datacenters in nondescript facilities

Physical access strictly controlled

Must pass two-factor authentication at least twice

for floor access

Physical access logged and audited

HW, SW, Network

Systematic change management

Phased updates deployment

Safe storage decommission

Automated monitoring and self-audit

Advanced network protection

Built to enterprise security standards

http://aws.amazon.com/security

AWS services that can be employed

Amazon

Simple

Storage

Service (S3)

AWS Import/Export

AWS Storage

Gateway Service

AWS Direct

Connect

Amazon Virtual

Private Cloud

(VPC)

Amazon

Route 53

Amazon Elastic

Compute Cloud

(EC2)

Amazon Relational

Database Service (RDS)

Amazon

Elastic Block

Storage (EBS)

Object storage & transfer services

Networking services Foundation services

S3 and Elastic Block Store

AWS storage is ideal for DR

Simple Storage Service Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Direct Connect Dedicated connection between your IT

infrastructure and the AWS datacenters

Extend your network infrastructure and

VLANs into AWS

VPN Connection A Hardware VPN connection connects

amazon environment to your datacenter

Internet Protocol security (IPsec) VPN

connection

Commonly used hardware supported

Virtual Private Cloud Private, isolated section of the AWS Cloud

Launch resources in a virtual network that you

define

complete control over your virtual networking

environment

Internet

Internet

Networking options

Common DR architectures

4 main patterns


Backup & Restore Pilot light

Warm standby in AWS

Multi-site solution in AWS & on-

premise

We’ll focus on 2 of them…



Warm standby in AWS


premise

Let’s start with Backup & Restore



Warm standby in AWS


premise

Advantages to starting a journey with this pattern

Backup & Restore pattern

Simple to get started

Easy starting point for exploring the

AWS cloud

Low technical barrier to entry

Focus on incorporating cloud into your

DR strategy, not on complex technical

issues related to hot-hot systems

Cost effective

Very high levels of data durability at

low price

Cost of storing snapshots in S3

Archiving possibilities beyond tape

using Glacier

The preparation process…


Take backups of

current systems

Store backups

in S3

Move to long term

archive in Glacier

The process…


Take backups of

current systems

Store backups

in S3

Detail how you will restoring from backup or

recover from archive

Move to long term

archive in Glacier

Glacier Long term durable archive

Long term Glacier archive

Durable Designed for 99.999999999%

durability of archives

Cost effective Write-once, read-never. Cost effective for long term storage. Pay for accessing data

Logs accessible from S3

time

Exp

iry

Logs ✗ accessible from S3

Objects expire and are deleted

time

Exp

iry

Logs

Txns

✗ accessible from S3


time

accessible from S3

Object transition to

Glacier invoked

Exp

iry

Tran

siti

on

Logs

Txns



time

accessible from S3


Glacier invoked

Restoration of object requested

for x hrs

Exp

iry

Tran

siti

on

Logs

Txns



time

accessible from S3


Glacier invoked

Restoration of object requested

for x hrs

3-5hrs

Object held in S3 RRS for x hrs

Exp

iry

Tran

siti

on

3-5 hour retrieval time We assume you won’t access often

Push backups to AWS

Store AMIs for servers

Recover servers during DR

Corporate Data

Center

© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.

Elastic Data

Center

AWS Storage

Gateway

AWS Storage

Gateway installed

on-premise to

synchronize local

volumes

Corporate Data

Center


Elastic Data

Center

AWS Storage

Gateway

Local volumes

created under

Storage

Gateway

Corporate Data

Center


Elastic Data

Center

AWS Storage

Gateway

Usable with on-

premise

servers via

iSCSI interface

Corporate Data

Center


Elastic Data

Center

AWS Storage

Gateway

Primary on-

premise volumes

snapshotted,

compressed and

stored in Amazon

S3

Corporate Data

Center


Elastic Data

Center

AWS Storage

Gateway

Corporate Data

Center


Elastic Data

Center

AWS Storage

Gateway

Snapshot

pulled from S3

to restore local

volume

Corporate Data

Center


Elastic Data

Center

AWS Storage

Gateway

Snapshot

pulled from S3

to create cloud

instance

backed by

Volume

Gateway stored

volumes

Data stored locally

Asynchronous backup

EBS snapshots

iSCSI local interface

Up to 1TB volumes

Gateway cached

volumes

Data stored in S3

Recently read data cached

Low latency

iSCSI local interface

Up to 32TB volumes

AWS Storage appliances and backup management

RDS and Oracle RMAN

Let’s look at the Pilot Light pattern…



Warm standby in AWS


premise

Moving along the DR spectrum…

Pilot light architecture

Build resources around

replicated dataset

Keep ‘pilot light’ on by replicating core

databases

Build AWS resources around dataset and

leave in stopped state




replicated dataset


databases



Scale resources in AWS in

response to a DR event

Start up pool of resources in AWS when

events dictate

Match current production capacity through

auto-scaling polcies




replicated dataset


databases



Scale resources in AWS in

response to a DR event

Start up pool of resources in AWS when

events dictate

Match current production capacity through

auto-scaling policies

Switch-over to system in AWS

Pilot light

Stopped instances

Pilot light

Running instances

Customer example

EU region DR site for range of business applications

All running in a Virtual Private Cloud (VPC)

DR provision for applications dependent on Oracle and SQL Server databases

Includes DR for Active Directory and Windows file shares

VPC Subnet B

Region

Availability Zone

Client-to-site VPN Site-to-site VPN

S3 Bucketswith Objects

Bastion Host

Internet

On-premiseData Centre A

RemoteDesktops

AWS Direct Connect

On-premiseData Centre B

VPC Subnet D VPC Subnet F

Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Dual route connectivity

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Active Directory Replication

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Bastion Host

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Database replication

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Application images

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Desktop environments

VPC Subnet B

Region

Availability Zone



Bastion Host

Internet


RemoteDesktops

AWS Direct Connect



Databases

VPC Subnet E

Applications

VPC Subnet A

SmartSentinel

VPC Subnet G

FileServers

VPC Subnet C

ActiveDirectory

Proxy Server

Durable data backups

Where to go next

Technology and services organisations

Rich partner ecosystem

http://aws.amazon.com/backup-storage

http://aws.typepad.com

http://aws.amazon.com/whitepapers

Summary

The cloud makes backup and recovery easy

You can get started for pennies per month

The cloud will scale to accommodate all of your data

You retain visibility and control of your information

aws.amazon.com

journey through the cloud: disaster recovery

Technology

aws services

aws cloudlearning

aws datacentersextend

live dr use

aws cloudlaunch resources

disaster recoverysystem

banddisaster recovery

elastic block storeaws