Post on 07-Dec-2014
description
Journey through the Cloud:
Disaster Recovery
Ryan Shu3leworth – Technical Evangelist @ryanAWS
Common use cases & stepping stones into the AWS cloud Learning from customer journeys
Best pracFces to bootstrap your projects
Journey through the cloud
Explore AWS for a ‘non-‐producFon’ use case Phase systems into ‘live’ DR use with relaFve ease
Choose your success objecFves for a cloud project ‘out of band’
Disaster recovery
Why AWS for disaster recovery? AWS services that can be employed Common DR architectures Customer example Where to go next
Agenda
Why AWS for Disaster Recovery?
AWS is used in a variety of ways…
AWS & Disaster Recovery
Backup and disaster recovery system for its remote sales offices
Fast, secure and cost effec@ve backup and DR for Oracle Apps
Disaster recovery solu@on to backup and store cri@cal medical image data
DR and tes@ng environment reducing IT overhead and increasing availability
You might be able to:
Business & technical drivers
Reduce costs
Slash DR budgets by up to 50%
Reduce on-‐premise
Eliminate 30%+ of on-‐premise physical equipment
Consolidate sites
Eliminate the need to run a secondary site
Remove aging technologies
Eliminate tape for backup and
archive
DR is part of a wider set of policies and controls…
DR & business conFnuity
High availability Backup Disaster recovery
Keep your applica@ons running 24x7
Make sure you data is safe Get your applica@ons and data back aPer a major
disaster
DR is part of a wider set of policies and controls…
DR & business conFnuity
It’s not an all or nothing thing Choose what needs to failover and what does not
Some things more important than others Some things will s@ll be working
High availability Backup Disaster recovery
Keep your applica@ons running 24x7
Make sure you data is safe Get your applica@ons and data back aPer a major
disaster
Each set of IT assets will have different requirements…
DR & business conFnuity
Recovery Time ObjecFve (RTO)
How quickly you need this asset to be
recovered? e.g. 1min? 15min? 1hr? 4hrs? 1day?
Recovery Point ObjecFve (RPO)
How ‘fresh’ the recovery must be for the
asset? e.g. zero data loss, 15mins out of date?
Assets will sit on a spectrum of technical complexity…
DR & business conFnuity
Rebuild when required from offsite backup
Run hot-‐hot configuraFon with
auto-‐failover
The fundamental economic model…
UFlity, on-‐demand datacenter
Primary Site
Routers Firewalls Network
Applica@on Licenses Opera@ng Systems
Hypervisor Servers SAN
Primary Storage Backup Archive
Secondary Site
Routers Firewalls Network
Applica@on Licenses Opera@ng Systems
Hypervisor Servers SAN
Primary Storage Backup Archive
The fundamental economic model…
UFlity, on-‐demand datacenter
Primary Site
Routers Firewalls Network
Applica@on Licenses Opera@ng Systems
Hypervisor Servers SAN
Primary Storage Backup Archive
AWS Routers Firewalls Network
Applica@on Licenses Opera@ng Systems
Hypervisor Servers SAN
Snapshot Storage Backup Archive
The fundamental economic model…
UFlity, on-‐demand datacenter
Primary Site
Routers Firewalls Network
Applica@on Licenses Opera@ng Systems
Hypervisor Servers SAN
Primary Storage Backup Archive
AWS Routers Firewalls Network
Applica@on Licenses Opera@ng Systems
Hypervisor Servers SAN
Snapshot Storage Backup Archive
Secondary site costs
Availability Zone
AWS is global Region
Cer6fica6ons
SOC 1 Type 2 (formerly SAS70)
ISO 27001
PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM
FISMA Moderate Compliant Controls
HIPAA & ITAR Compliant Architecture
Physical Security
Datacenters in nondescript faciliFes
Physical access strictly controlled
Must pass two-‐factor authenFcaFon at least twice
for floor access
Physical access logged and audited
HW, SW, Network
SystemaFc change management
Phased updates deployment
Safe storage decommission
Automated monitoring and self-‐audit
Advanced network protecFon
Built to enterprise security standards
http://aws.amazon.com/security
AWS services that can be
employed
Amazon Simple Storage
Service (S3)
AWS Import/Export
AWS Storage Gateway Service
AWS Direct Connect
Amazon Virtual Private Cloud
(VPC)
Amazon Route 53
Amazon Elastic Compute Cloud
(EC2)
Amazon Relational Database Service (RDS)
Amazon Elastic Block
Storage (EBS)
Object storage & transfer services
Networking services FoundaFon services
S3 and Elas@c Block Store
AWS storage is ideal for DR
Simple Storage Service
Highly scalable object storage
1 byte to 5TB in size
99.999999999% durability
ElasFc Block Store
High performance block storage device
1GB to 1TB in size
Mount as drives to instances with snapshot/cloning func@onali@es
0.000
250.000
500.000
750.000
1000.000
1 Trillion
750k+ peak transacFons per second
Objects in S3
Direct Connect Dedicated connec@on between your IT
infrastructure and the AWS datacenters
Extend your network infrastructure and VLANs into AWS
VPN ConnecFon A Hardware VPN connec@on connects
amazon environment to your datacenter
Internet Protocol security (IPsec) VPN connec@on
Commonly used hardware supported
Virtual Private Cloud Private, isolated sec@on of the AWS Cloud
Launch resources in a virtual network that you
define complete control over your virtual networking
environment
Internet
Internet
Networking options
Common DR architectures
4 main paherns
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Mul6-‐site solu6on in AWS & on-‐
premise
We’ll focus on 2 of them…
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Mul6-‐site solu6on in AWS & on-‐
premise
Let’s start with Backup & Restore
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Mul6-‐site solu6on in AWS & on-‐
premise
Advantages to star@ng a journey with this pahern
Backup & Restore pa3ern
Simple to get started
Easy star@ng point for exploring the AWS cloud
Low technical barrier to entry
Focus on incorpora@ng cloud into your DR strategy, not on complex technical issues related to hot-‐hot systems
Cost effecFve
Very high levels of data durability at low price
Cost of storing snapshots in S3
Archiving possibili@es beyond tape using Glacier
The prepara@on process…
Backup & Restore pa3ern
Take backups of current systems
Store backups in S3
Move to long term archive in Glacier
The process…
Backup & Restore pa3ern
Take backups of current systems
Store backups in S3
Detail how you will restoring from backup or recover from archive
Move to long term archive in Glacier
Push backups to AWS
Store AMIs for servers
Recover servers during DR
Glacier Long term cold storage
From $0.01 per GB/Month
99.999999999% durability
Long term archive Amazon Glacier
AWS Storage Gateway and backup management
RDS and Oracle RMAN
Let’s look at the Pilot Light pahern…
Common DR architectures
Backup & Restore Pilot light
Warm standby in AWS
Mul6-‐site solu6on in AWS & on-‐
premise
Moving along the DR spectrum…
Pilot light architecture
Build resources around replicated dataset
Keep ‘pilot light’ on by replica@ng core
databases
Build AWS resources around dataset and leave in stopped state
Moving along the DR spectrum…
Pilot light architecture
Build resources around replicated dataset
Keep ‘pilot light’ on by replica@ng core
databases
Build AWS resources around dataset and leave in stopped state
Scale resources in AWS in response to a DR event
Start up pool of resources in AWS when
events dictate
Match current produc@on capacity through auto-‐scaling polcies
Moving along the DR spectrum…
Pilot light architecture
Build resources around replicated dataset
Keep ‘pilot light’ on by replica@ng core
databases
Build AWS resources around dataset and leave in stopped state
Scale resources in AWS in response to a DR event
Start up pool of resources in AWS when
events dictate
Match current produc@on capacity through auto-‐scaling policies
Switch-‐over to system in AWS
Pilot light
Stopped instances
Pilot light
Running instances
Customer example
EU region DR site for range of business applicaFons
All running in a Virtual Private Cloud (VPC)
DR provision for applicaFons dependent on Oracle and SQL Server databases
Includes DR for AcFve Directory and Windows file shares
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Dual route connectivity
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Active Directory Replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Bastion Host
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Database replication
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Application images
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Desktop environments
VPC Subnet B
Region
Availability Zone
Client-to-site VPN Site-to-site VPN
S3 Bucketswith Objects
Bastion Host
Internet
On-premiseData Centre A
RemoteDesktops
AWS Direct Connect
On-premiseData Centre B
VPC Subnet D VPC Subnet F
Databases
VPC Subnet E
Applications
VPC Subnet A
SmartSentinel
VPC Subnet G
FileServers
VPC Subnet C
ActiveDirectory
Proxy Server
Durable data backups
Where to go next
Technology and services organisa@ons
Rich partner ecosystem
h3p://aws.amazon.com/backup-‐storage
h3p://aws.typepad.com
h3p://aws.amazon.com/whitepapers
Summary
The cloud makes backup and recovery easy
You can get started for pennies per month
The cloud will scale to accommodate all of your data
You retain visibility and control of your informaFon
aws.amazon.com get started on the free Fer