You can more - Fotolia
Choose the AWS backup strategy that best fits your needs
What's the best way to back up your valuable AWS data? Compare the recently launched AWS Backup product versus data protection offerings from other vendors.
Cloud providers do not usually back up data on their subscribers' behalf, so organizations must consider how best to protect their cloud-based data. For data in AWS, there are numerous third-party products from vendors such as Cloud Daddy, Druva and N2WS, but Amazon also provides a native product -- the aptly named AWS Backup.
There are several factors that subscribers must consider for their AWS backup strategy and to decide if it's better to protect their data using Amazon's product or an outside one.
What can be protected?
One of the most important considerations when deciding on an AWS backup strategy is which resources a particular product is capable of protecting. AWS Backup, for example, can back up DynamoDB, Elastic Block Store, Elastic File System, Relational Database Service and Storage Gateway data. For those who might not be familiar with the Storage Gateway option, it is a service that allows AWS subscribers to create iSCSI volumes accessible from on-premises systems.
Another important consideration is application consistency. AWS Backup is based on the use of snapshots. AWS snapshots have supported application consistency through Volume Shadow Copy Service for a while now, which is good news for organizations running Microsoft workloads on Elastic Compute Cloud (EC2) instances. However, organizations must consider whether or not AWS Backup can provide application-consistent backups of their non-Microsoft workloads, or if they will require a third-party product.
Where are backups stored?
AWS Backup is designed to store backups in a backup vault. A single AWS account can create up to 100 backup vaults, and each backup vault can accommodate up to 1 million recovery points. Backup vaults are encrypted using a Key Management Service key.
Although backup vaults are secure and easy to create, they do have one major shortcoming: Backup vaults exist within the Amazon cloud. As such, a cloud-level attack or outage would put an organization's AWS data and the backups of that data at risk.
While it is unlikely that the entire AWS cloud would be somehow compromised, attacks against individual subscribers do happen. If an organization's AWS account gets compromised, then any backups stored within the AWS cloud could potentially suffer the same fate as the organization's primary data. In contrast, many third-party backup providers offer products that can store backups outside of the Amazon cloud.
This brings up another important point for your AWS backup strategy. Amazon bills subscribers for the storage that is consumed by their backups. Given what Amazon charges its customers for storage, there is a good chance that an organization might be able to decrease its backup costs by storing backup data on a different cloud.
What about data recovery?
One cannot fairly compare backup products without also examining the recovery process. Amazon has a couple of big advantages over some of the competing backup vendors. First, because Amazon's product is proprietary, you can better depend on it. Competing backup vendors also provide reliable products, but in the event that help is needed getting a restoration to work properly, it may be easier to get full, end-to-end support if you go with Amazon's proprietary offering.
Another advantage to using Amazon's product for your AWS backup strategy is that because the backup data is stored within the Amazon cloud, that data does not have to traverse the internet during a restoration, thereby allowing a restore operation to complete quickly.
On the other hand, a third-party vendor might provide a more flexible recovery. Some vendors, for instance, will allow Amazon EC2 virtual machine instances to be restored to Microsoft Azure.
One final AWS backup strategy note: It is also worth considering whether a product meshes neatly with your existing backup, or if you will end up having to manage completely disparate systems.