Backup and Restore for Amazon Cloud Services Users

The AWS backup service provides protection for data used by Amazon customers. However, it is often worth considering alternative solutions offered by backup system providers.

It was Gordon Gekko, the main character in the film Wall Street, who declared that the most valuable commodity he knew was information. He might not have been a pleasant guy, but there was a lot of truth in what he said. What’s more, the value of information is increasing all the time, which means that it requires better and better protection. Today, this is much more difficult than in the days of Gordon Gekko. One of the reasons for this is that data is available in different formats and in a variety of places, from the home computer through the local server room to the data centres of external providers – Amazon, Microsoft or Google.

Backup plays a key role

Companies bear the responsibility of providing suitable digital protection for resources, irrespective of where they are processed and stored. Backup plays a key role in this process, as it helps to restore IT environments following an outage, or after a cyber-attack, for example by ransomware or malware. However, creating backup requires correct IT infrastructure management and compliance with requirements on data storage. This is not easy due to complex environments and the number of tools used by companies.

Some entrepreneurs move their backup to discs and tapes using a variety of software and hardware. Until quite recently, it seemed that completing tasks related to the storage and protection of data would become easier along with the development of cloud services. But in fact, the development of SaaS, IaaS and PaaS services has complicated matters even further. One classic example is that offered by Amazon AWS – the unquestioned leader on the market of cloud services. The Jeff Bezos firm offers a wide range of solutions, such as Amazon Simple Storage Service (Amazon S3), Amazon Elastic Block Store (Amazon EBS), Amazon Relational Database Service (Amazon RDS), Amazon Aurora, Amazon Redshift, Amazon DynamoDB and Amazon Elastic File System (EFS).

As can be seen in the list above, AWS offers different mass storage services, from system files and block storage volumes to relational databases and NoSQL. Although starting out with these products is relatively easy, data protection brings a bunch of problems related to replication, storage and backup, as well as recovering resources from a specific point in time. Service users cannot count on the goodwill of their provider for help in such cases. Like other cloud service providers, Amazon does not take responsibility for accidental or deliberate deletion of data by users or for their encryption by ransomware. Service users must ensure this themselves and need to choose one of two options – use the additional AWS Backup service provided by Amazon, or select an external firm specialising in developing backup tools, like Storware. vProtect offers backup services for AWS EC2 and provides the ability to store data on S3, with many additional advantages and without a vendor lock.

Advantages of AWS Backup

The AWS Backup service allows for the centralisation and automation of data protection in EC2, DynamoDB, Elastic Block Store, Elastic File System, Relational Database Service, Aurora and Storage Gateway. If a firm uses one of these solutions, it is worth considering investing in AWS Backup. This is definitely an interesting option for large companies looking for solutions to centralise backup management. Other arguments in favour of AWS Backup include relatively simple configuration and an intuitive console. The user also has access to a so-called Backup Vault – a container that groups data.

An AWS account can be used to create 100 such containers, and each of them can hold a million restore points. AWS Backup supports Key Management Service encryption for all backups. It must be pointed out that Backup Vault has its own access rights model, thanks to which it is easy to block access to it and prevent malicious deletion of data. What’s more, the user can define the backup storage time and move it to so-called cold storage, which reduces costs by about 80%. It is also possible to define backup plans using JSON templates, which you can integrate with automation processes and version the code. Once a plan has been defined, users can track activity related to creating backup by accessing the ‘tasks’ section of the AWS management console, or by using AWS API or CLI.

Data recovery after an outage

It would be a great simplification to compare backup tools without investigating their capabilities in terms of data recovery. In this area, Amazon has a certain advantage over backup system providers. Firstly, products from external firms cannot count on the same support as AWS Backup. In the majority of cases it is not necessary, although in critical situations such help is invaluable. Another benefit of using an Amazon product in the AWS backup strategy is the fact that the backups are stored in a single provider’s environment. This considerably simplifies and accelerates the process of restoring the system after an outage. But there is also a fly in the ointment in that an external provider can ensure more flexible resource recovery. For example, some programs allow for the restoring of Amazon EC2 virtual machine instances on Microsoft Azure.

AWS Backup is not perfect

AWS Backup is a relatively new solution – it debuted in January 2019. Prior to this, techniques for creating backup for AWS products was quite cumbersome, as every service required a separate solution for backup, automation and monitoring.

The launch of AWS Backup greatly streamlined processes related to creating backup and DR. Nevertheless, it is worth noting that it is still not compatible with S3, Elasticsearch, ElastiCache, Neptune, Redshift and DocumentDB. It’s true that AWS Backup standardises the protection of data belonging to Amazon customers, but unification also has its drawbacks. Let’s take, for example, Backup Vault – the containers holding data are solely in Amazon data centres.

In the case of a cyber-attack against the AWS cloud or a huge outage in the provider’s servers, organisations’ data and its backup would be in serious danger. Of course it is extremely improbable that the whole Amazon cloud would be compromised, but attacks on individual subscribers are not that uncommon. If an organisation’s AWS account is violated, all backup stored in the AWS cloud could meet the same fate as the organisation’s everyday data. On the other hand, many external providers offer products that can store backups outside the Amazon cloud. Another crucial question are the costs of backup.

How expensive is backup?

For the majority of customers, this is the most important factor when choosing a solution. Amazon charges subscribers for the space occupied by their backup. For example, an Aurora user pays 0.021 USD per GB per month; in the case of other RDS snapshots the price is 0.095 USD per GB per month. This means that creating a 500 GB RDS instance backup would cost 47.50 USD. Taking into account the fees that Amazon charges its customers for storage, there is a good chance that an organisation can lower their backup costs by storing their backups in another cloud.

To finish with, it’s worth drawing attention to one more key aspect, which is partly related to fees for services. While it seemed several years ago that customers would concentrate on cooperating with one cloud services provider, today the lion’s share of organisations already have or are trying to implement services offered by Amazon’s competitors, such as Microsoft Azure and Google Cloud Platform. As a result, firms more and more frequently look for systems that can ensure them one centralised interface for environment management, resource allocation, maintaining corporate order, security management and activity monitoring. A platform that enables users to view all the data belonging to an organisation, optimises mass storage costs and creates backup both of local resources and also of those based on the cloud.

We recommend reading the article ‘How to protect application data running in AWS’, in which we present, amongst others, the possibility of using Amazon cloud services in cooperation with the Storware vProtect system.

Pawel Maczka

text written by:

Pawel Maczka, CTO at Storware