Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series

570 visualizaciones

Publicado el

Traditional backup software works for on-premises workloads, but protecting the data for workloads running in the cloud is a new game. Backup windows may be non-existent, data may be scattered across geographies and platforms, and there may simply be too much to effectively traverse with traditional methods. Protecting cloud workload data requires some adjustments to your thinking. Join our storage experts to learn more about best practices for preventing loss, rolling back to recovery points, and fitting into backup windows. We will cover protection features and design considerations for protecting data with S3, Glacier, EBS and EFS.

Learning Objectives:
• Learn how to design for recovery points and recovery times using the native AWS storage tools for file, block and object storage

Publicado en: Tecnología
  • Sé el primero en comentar

Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 19 November 2016 Best Practices for Protecting Cloud Workloads Lee Kear– AWS Storage Specialist Solutions Architect
  2. 2. Agenda  Traditional vs Cloud protection  Amazon S3 - Object storage  EC2 AMIs  EBS  RDS  Third Party Tools  Q&A
  3. 3. Traditional Datacenter Servers Hypervisor OS App OS App OS App OS App Servers Tier-1 SAN / NAS AWS Cloud App + OS Management & Infrastructure Primary Storage Region Availability Zone 1 Availability Zone 2 AMI (Amazon Machine Image) Configuration Scripts Cloud Formation Templates App Data Cloud formation Auto- scaling Amazon S3 EC2 root EC2 root EC2 root EC2 root EC2 root EC2 root EC2 root EC2 root RDS Requires Protection * Traditional protection vs Cloud protection
  4. 4. Amazon EFS File Amazon EBS Amazon EC2 Instance Store Block Amazon S3 Amazon Glacier Object Storage is a platform: AWS Storage Maturity
  5. 5. Amazon S3 Amazon Glacier Object Object Storage is the Destination for Backups RDS DynamoDB RedShift Database EMR Data Pipeline Kinesis Analytics LambdaEC2 Compute CloudFront Elastic Transcoder Content Delivery
  6. 6. What is Amazon S3 Highly durable object storage at cost effective prices Internet-scale storage Grow without limits Low price per GB per month No commitment No up-front cost Built-in redundancy Designed for 99.999999999% durability Benefit from AWS’s massive security investments
  7. 7. Key Features of Amazon S3 Data Management  Cost monitoring and controls  Lifecycle management Ease of use  Programmatic access using AWS SDKs  REST APIs  Management Console, AWS CLI Event Notifications  Delivered using SQS, SNS, or Lambda  Enable you to trigger workflows, alerts or other processing Data protection  Versioning  Cross-region replication Security  Multi-factor authentication delete  Flexible access control mechanisms  Time-limited access to object  Access logs  Multiple client and server-side Encryption options
  8. 8. Active data Archive dataInfrequently accessed data S3 - Standard S3 – Standard Infrequent Access Glacier Choice of storage class on Amazon S3
  9. 9.  Preserve, retrieve, and restore every version of every object stored in your bucket  S3 automatically adds new versions and preserves deleted objects with delete markers  Easily control the number of versions kept by using lifecycle expiration policies  Easy to turn on in the AWS Management Console Key = photo.gif ID = 121212 Key = photo.gif ID = 111111 Versioning Enabled PUT Key = photo.gif Amazon S3 Versioning
  10. 10. Versioning + lifecycle policies
  11. 11. Best Practice Tip: Restricting deletes  Bucket policies can restrict deletes  For additional security, enable MFA (multi-factor authentication) delete, which requires additional authentication to:  Change the versioning state of your bucket  Permanently delete an object version  MFA delete requires both your security credentials and a code from an approved authentication device
  12. 12. Automated, fast, and reliable asynchronous replication of data across AWS regions  Only replicates new PUTs. Once S3 is configured, all new uploads into a source bucket will be replicated  Entire bucket or prefix based  1:1 replication between any 2 regions  Versioning required Source (Virginia) Destination (Oregon) Use cases:  Compliance—store data hundreds of miles apart  Lower latency—distribute data to regional customers)  Security—create remote replicas managed by separate AWS accounts Amazon S3 Cross-region Replication
  13. 13. Client-side encryption use AWS SDKs  You manage the encryption keys and never send them to AWS Server-side encryption (SSE) with Amazon S3 managed keys  “Check-the-box” to encrypt your data at rest. Keys managed by S3 SSE with customer provided keys  You manage your encryption keys and provide them for PUTs and GETS SSE with AWS Key Management Service managed keys  Keys managed centrally in AWS KMS with permissions and auditing of usage For more details – watch Encryption and Key Management in AWS: https://www.youtube.com/watch?v=uhXalpNzPU4 Amazon S3 Data Encryption Options
  14. 14. Amazon Glacier is optimized for infrequent retrieval Stop managing physical media Even lower cost than Amazon S3; Same high durability 3-5 hour retrieval latency %5 free tier on retrievals $0.007 per GB/month $86 per TB/year Replace tape libraries, VTLs What is Amazon Glacier Archival storage for infrequently accessed data
  15. 15. Key Features of Amazon Glacier Vault Inventory  Inventory all archives  Available as JSON or CSV Ease of use  Programmatic access using AWS SDKs  REST APIs  Management Console, AWS CLI Data Retrieval Policies  Define data retrieval limits and cost ceiling  Example: ”Free Tier Only”, “Max Retrieval Rate” Access Controls  Integrated with AWS IAM  Supports MFA device access Integrated Lifecycle Management  Integrated with Amazon S3 Lifecycle policies  Establish auto-archive rules for Amazon S3 objects Tagging Support  Tag vaults for cost management  Filter cost reports based on tags
  16. 16. Working with AMI (Amazon Machine Images) AZ1 AZ2 AZ3 Region S3 Linux Windows EC2 root Custom EC2 root EC2 root Region S3 Linux Windows Custom Sydney Oregon
  17. 17. Protecting data in EBS (Elastic Block Store) AZ1 AZ2 AZ3 Region S3 EC2 Instance Store Elastic Block Store (EBS) /data Snap 1 Snap 2 Snap 3 EC2 Instance Store Elastic Block Store (EBS) /data
  18. 18. Amazon RDS engines Commercial Open source Amazon Aurora
  19. 19. RDS Backups MySQL, PostgreSQL, MariaDB, Oracle, SQL Server  Scheduled daily backup of entire instance in user defined 30 minute backup window  Archive database change logs  35 day max retention for backups  Stored in S3  Latest restorable time is typically within 5 minutes of current time Aurora  Automatic, continuous, incremental backups  Point-in-time restore  No impact on database performance  35 day retention
  20. 20. RDS Snapshots  Full copies of your Amazon RDS database that are separate from your scheduled backups  User initiated  Backed by Amazon S3  Used to create a new RDS instance  Remain encrypted if using encryption  Can be shared with other accounts  Can be copied to other regions
  21. 21. Use cases:  Resolve production issues  Nonproduction environments  Point-in-time restore  Final copy before terminating a database  Disaster recovery  Cross-region copy  Copy between accounts RDS Snapshots
  22. 22.  Restoring creates an entire new database instance  You define all the instance configuration just like a new instance Restoring
  23. 23. Redshift  Automatic, continuous, incremental backups  Point-in-time restore  By default - 1 day retention  Can be extended to 35 days  Can create final snapshot before deleting a Redshift cluster
  24. 24.  Automated Backup and instant recovery of EC2 environments  Brings Enterprise-class backup to Amazon EC2  Enables EC2 Disaster Recovery across AWS Accounts and Regions Cloud Protection Manager  Easy and simple backup of VMs  Flexible, automated scheduling  Policy-based asset management  Application-consistent backup  Secure, reliable, scalable  Instant recovery of full VMs  Extensive Alerts and reporting  Point in time block-level incremental snapshots  Snapshot data stored in S3  Instant recovery of volumes  Available across availability zones  Multi-region copy Enterprise-class Backup Software AWS Native Snapshots CPM Brings Backup to Amazon EC2
  25. 25. Commvault Ties Together On Premise and Cloud Data Strategies AWS and Commvault together combine to minimize networking, storage and infrastructure costs, while providing the business a sound data protection and disaster recovery strategy. Commvault Orchestrates the Enterprise  Back up in the Cloud: Keep backups of cloud workloads internal to the cloud.  Back up to the Cloud: Allow on premise workloads the ability to leverage AWS. For large data sets, seed the cloud with snowball.  Disaster Recovery in the Cloud: Provide DRaaS, recover workloads for on premise solutions and in cloud workloads.  Workload Portability: Portability to and from the cloud. For large data sets, seed the cloud with snowball.  Archiving to the Cloud: Moving legacy data to tier 2 storage in the cloud for long term archive.
  26. 26. IntelliSnap Snapshot integration to collapse backup windows Discover and categorize Instances By Region, Zone, OS, Name, etc Recover entire VM, parts of a VM or individual items from any copy target Discover Restore EC2 Policy driven retention of snap, object storage, onsite disk and tape copies Snapshot Leverage Copy 1 Live Browse Replicate Migrate 2 3 3 Automatically discover newly created EC2 instances which fall outside defined categories Leverage AWS Snap engine for • Agent-less Instance Protection • Oracle Agent • Linux FS Agent EC2 EC2 Oracle EC2 FS EC2 S3 EC2 Glacier S3-IA
  27. 27. Strategies for Cloud Data Protection – S3  Take advantage of S3  (maximize durability, scalability and costs efficiency)  Use Versioning to Create Recycle Bin  Use MFA Delete to prevent deletion  Use Cross Region Replication to Another Account for the most critical data
  28. 28. Strategies for Cloud Data Protection – EC2  Keep EC2 Instances stateless (less to protect)  Use AMIs + Scripts + Automation  (Cloud Formation, Auto-scaling or 3rd party tools)  Leverage AMIs to keep durable copies of pre-configured operating systems and apps
  29. 29. Strategies for Cloud Data Protection - EBS  When using EBS, snapshots can create durable copies of whole volumes  Third Party solutions can make managing your EBS snapshots easier
  30. 30. Strategies for Cloud Data Protection - RDS  Leverage managed services for database workloads  Backups are done for you!  Easy to restore!  RDS Snaphots give you flexibility to point in time copy of your database that can be copied to another region or another account.
  31. 31. What’s next? Getting started with S3 and Glacier: http://aws.amazon.com/s3/getting-started/ http://aws.amazon.com/glacier/getting-started/ Getting started with EC2 and EBS: https://aws.amazon.com/ec2/getting-started/ https://aws.amazon.com/ebs/getting-started/ Getting started with RDS: https://aws.amazon.com/rds/getting-started/ AWS Youtube channel: https://www.youtube.com/user/AmazonWebServices/playlists
  32. 32. Q&A Learn more at: http://aws.amazon.com/s3/ http://aws.amazon.com/ebs/ http://aws.amazon.com/rds/ leke@amazon.com

×