Journey Through the Cloud: Disaster Recovery
-
Upload
amazon-web-services -
Category
Technology
-
view
769 -
download
2
description
Transcript of Journey Through the Cloud: Disaster Recovery
Journey through the Cloud:
Disaster Recovery
Ryan Shuttleworth – Technical Evangelist @ryanAWS
Common use cases & stepping stones into the AWS cloud Learning from customer journeys
Best practices to bootstrap your projects
Journey through the cloud
Explore AWS for a ‘non-production’ use case Phase systems into ‘live’ DR use with relative ease
Choose your success objectives for a cloud project ‘out of band’
Disaster recovery
Why AWS for disaster recovery? AWS services that can be employed Common DR architectures Customer example Where to go next
Agenda
Why AWS for Disaster Recovery?
AWS is used in a variety of ways…
AWS & Disaster Recovery
Backup and disaster recovery system for its remote sales offices
Fast, secure and cost effective backup and DR for Oracle Apps
Disaster recovery solution to backup and store critical medical image data
DR and testing environment reducing IT overhead and increasing availability
You might be able to:
Business & technical drivers
Reduce costs
Slash DR budgets by up to 50%
Reduce on-premise
Eliminate 30%+ of on-premise physical equipment
Consolidate sites
Eliminate the need to run a secondary site
Remove aging technologies
Eliminate tape for backup and
archive
DR is part of a wider set of policies and controls…
DR & business continuity
High availability Backup Disaster recovery
Keep your applications
running 24x7
Make sure your data is safe Get your applications and
data back after a major
disaster
DR is part of a wider set of policies and controls…
DR & business continuity
It’s not an all or nothing thing Choose what needs to failover and what does not
Some things more important than others Some things will still be working
High availability Backup Disaster recovery
Keep your applications
running 24x7
Make sure your data is safe Get your applications and
data back after a major
disaster
Each set of IT assets will have different requirements…
DR & business continuity
Recovery Time
Objective (RTO)
How quickly you need this asset to be
recovered?
e.g. 1min? 15min? 1hr? 4hrs? 1day?
Recovery Point
Objective (RPO)
How ‘fresh’ the recovery must be for the
asset?
e.g. zero data loss, 15mins out of date?
Assets will sit on a spectrum of technical complexity…
DR & business continuity
Rebuild when required from offsite backup
Run hot-hot configuration with
auto-failover
The fundamental economic model…
Utility, on-demand datacenter
Primary Site Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
Secondary Site Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
The fundamental economic model…
Utility, on-demand datacenter
Primary Site Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
AWS Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Snapshot Storage
Backup
Archive
The fundamental economic model…
Utility, on-demand datacenter
Primary Site Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Primary Storage
Backup
Archive
AWS Routers
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN
Snapshot Storage
Backup
Archive
Secondary site costs
Availability Zone
AWS is global Region
Certifications
SOC 2
ISO 27001
PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM
FISMA Moderate Compliant Controls
HIPAA & ITAR Compliant Architecture
Physical Security
Datacenters in nondescript facilities
Physical access strictly controlled
Must pass two-factor authentication at least twice
for floor access
Physical access logged and audited
HW, SW, Network
Systematic change management
Phased updates deployment
Safe storage decommission
Automated monitoring and self-audit
Advanced network protection
Built to enterprise security standards
http://aws.amazon.com/security
AWS services that can be employed
Amazon
Simple
Storage
Service (S3)
AWS Import/Export
AWS Storage
Gateway Service
AWS Direct
Connect
Amazon Virtual
Private Cloud
(VPC)
Amazon
Route 53
Amazon Elastic
Compute Cloud
(EC2)
Amazon Relational
Database Service (RDS)
Amazon
Elastic Block
Storage (EBS)
Object storage & transfer services
Networking services Foundation services
S3 and Elastic Block Store
AWS storage is ideal for DR
Simple Storage Service Highly scalable object storage
1 byte to 5TB in size
99.999999999% durability
Elastic Block Store High performance block storage device
1GB to 1TB in size
Mount as drives to instances with
snapshot/cloning functionalities
Direct Connect Dedicated connection between your IT
infrastructure and the AWS datacenters
Extend your network infrastructure and
VLANs into AWS
VPN Connection A Hardware VPN connection connects
amazon environment to your datacenter
Internet Protocol security (IPsec) VPN
connection
Commonly used hardware supported
Virtual Private Cloud Private, isolated section of the AWS Cloud
Launch resources in a virtual network that you
define
complete control over your virtual networking
environment
Internet
Internet
Networking options
Common DR architectures
4 main patterns
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-
premise
We’ll focus on 2 of them…
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-
premise
Let’s start with Backup & Restore
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-
premise
Advantages to starting a journey with this pattern
Backup & Restore pattern
Simple to get started
Easy starting point for exploring the
AWS cloud
Low technical barrier to entry
Focus on incorporating cloud into your
DR strategy, not on complex technical
issues related to hot-hot systems
Cost effective
Very high levels of data durability at
low price
Cost of storing snapshots in S3
Archiving possibilities beyond tape
using Glacier
The preparation process…
Backup & Restore pattern
Take backups of
current systems
Store backups
in S3
Move to long term
archive in Glacier
The process…
Backup & Restore pattern
Take backups of
current systems
Store backups
in S3
Detail how you will restoring from backup or
recover from archive
Move to long term
archive in Glacier
Glacier Long term durable archive
Long term Glacier archive
Durable Designed for 99.999999999%
durability of archives
Cost effective Write-once, read-never. Cost effective for long term storage. Pay for accessing data
Logs accessible from S3
time
Exp
iry
Logs ✗ accessible from S3
Objects expire and are deleted
time
Exp
iry
Logs
Txns
✗ accessible from S3
Objects expire and are deleted
time
accessible from S3
Object transition to
Glacier invoked
Exp
iry
Tran
siti
on
Logs
Txns
✗ accessible from S3
Objects expire and are deleted
time
accessible from S3
Object transition to
Glacier invoked
Restoration of object requested
for x hrs
Exp
iry
Tran
siti
on
Logs
Txns
✗ accessible from S3
Objects expire and are deleted
time
accessible from S3
Object transition to
Glacier invoked
Restoration of object requested
for x hrs
3-5hrs
Object held in S3 RRS for x hrs
Exp
iry
Tran
siti
on
3-5 hour retrieval time We assume you won’t access often
Push backups to AWS
Store AMIs for servers
Recover servers during DR
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
AWS Storage
Gateway installed
on-premise to
synchronize local
volumes
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
Local volumes
created under
Storage
Gateway
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
Usable with on-
premise
servers via
iSCSI interface
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
Primary on-
premise volumes
snapshotted,
compressed and
stored in Amazon
S3
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
Snapshot
pulled from S3
to restore local
volume
Corporate Data
Center
© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Elastic Data
Center
AWS Storage
Gateway
Snapshot
pulled from S3
to create cloud
instance
backed by
Volume
Gateway stored
volumes
Data stored locally
Asynchronous backup
EBS snapshots
iSCSI local interface
Up to 1TB volumes
Gateway cached
volumes
Data stored in S3
Recently read data cached
Low latency
iSCSI local interface
Up to 32TB volumes
AWS Storage appliances and backup management
RDS and Oracle RMAN
Let’s look at the Pilot Light pattern…
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Multi-site solution in AWS & on-
premise
Moving along the DR spectrum…
Pilot light architecture
Build resources around
replicated dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset and
leave in stopped state
Moving along the DR spectrum…
Pilot light architecture
Build resources around
replicated dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset and
leave in stopped state
Scale resources in AWS in
response to a DR event
Start up pool of resources in AWS when
events dictate
Match current production capacity through
auto-scaling polcies
Moving along the DR spectrum…
Pilot light architecture
Build resources around
replicated dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset and
leave in stopped state
Scale resources in AWS in
response to a DR event
Start up pool of resources in AWS when
events dictate
Match current production capacity through
auto-scaling policies
Switch-over to system in AWS
Pilot light
Stopped instances
Pilot light
Running instances
Customer example
EU region DR site for range of business applications
All running in a Virtual Private Cloud (VPC)
DR provision for applications dependent on Oracle and SQL Server databases
Includes DR for Active Directory and Windows file shares
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Dual route connectivity
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Active Directory Replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Bastion Host
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Database replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Application images
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Desktop environments
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Durable data backups
Where to go next
Technology and services organisations
Rich partner ecosystem
http://aws.amazon.com/backup-storage
http://aws.typepad.com
http://aws.amazon.com/whitepapers
Summary
The cloud makes backup and recovery easy
You can get started for pennies per month
The cloud will scale to accommodate all of your data
You retain visibility and control of your information
aws.amazon.com