AWS Webcast - Using the AWS Cloud for Disaster recovery_Public Sector
-
Upload
amazon-web-services -
Category
Technology
-
view
379 -
download
1
description
Transcript of AWS Webcast - Using the AWS Cloud for Disaster recovery_Public Sector
Using the AWS Cloud for
Disaster Recovery
Gerard Ngo – Account Manager
AWS Worldwide Public Sector
What is AWS?
Basics of Disaster Recovery
Why AWS for Disaster Recovery?
AWS services that can be employed
Common DR architectures
Agenda
What is AWS?
Application Services
Compute Storage Databases
Networking
AWS Global Infrastructure
Deployment & Administration
AWS Platform
AWS Global Infrastructure
10 Regions
consisting of
26 Availability Zones
and
52 Edge Locations (CDN)
Customer Decides Where Applications and Data Reside
AWS Region View
- Independent/Separate Geographic Areas
- Isolated from other Regions (security boundary)
- Comprised of multiple Availability Zones
- Availability Zone = 1 or more “data center”
- Availability Zones connected through redundant low-latency links
- Customer chooses a Region and Data stays within Region.
- Enables High-Availability Architecture
Availability
Zone A
Availability
Zone B
Availability
Zone C
Sample US Region
AWS Availability Zone (AZ) View
- Multiple Isolated locations within a Region
- Availability Zone = 1 or more “data center”
- Independent Failure Zone
- Physically separated
- On separate Low Risk Flood Plains
- Discrete UPS
- Onsite backup generation facilities
- Fed from different segments of utility provider
- Redundantly connected to multiple tier-1 ISP’s
- No “Disaster Recovery Datacenter”
- Built for Continuous Availability
- Customer decides Availability Zone for Compute
Availability
Zone AAvailability
Zone B
Availability
Zone C
Sample US Region
~ Data Center
Trusted by Enterprises Around the World
Public Sector Customers Worldwide
3800 public sector customers across the globe!
Certifications
SOC 1, 2, and 3
ISO 27001
PCI DSS for EC2, S3, EBS,
VPC, RDS, ELB, IAM
FISMA Moderate Compliant
Controls
HIPAA & ITAR Compliant
Architecture
Physical Security
Datacenters in nondescript
facilities
Physical access strictly
controlled
Must pass two-factor
authentication at least twice
for floor access
Physical access logged and
audited
HW, SW, Network
Systematic change
management
Phased updates
deployment
Safe storage decommission
Automated monitoring and
self-audit
Advanced network
protection
Built to enterprise security standards
http://aws.amazon.com/security
Basics of Disaster
Recovery
DR is part of a wider set of policies and controls…
DR & business continuity
It’s not an all or nothing thing
Choose what needs to failover and what does not
Some things more important than others
Some things will still be working
High availability Backup Disaster recovery
Keep your applications
running 24x7
Make sure your data is protected
and can be recovered if it is lost
Get your applications and
data back after a major
disaster
Each set of IT assets will have different requirements…
DR & business continuity
Recovery Time Objective
(RTO)
How quickly you need this asset to be recovered?
e.g. 1min? 15min? 1hr? 4hrs? 1day?
Recovery Point Objective
(RPO)
How ‘fresh’ the recovery must be for the asset?
e.g. zero data loss, 15mins out of date?
Assets will sit on a spectrum of technical complexity…
DR & business continuity
Rebuild when
required from
offsite backup
Run hot-hot
configuration with
auto-failover
Why AWS for Disaster
Recovery?
The fundamental economic model…
Traditional, second datacenter
Primary SiteRouters
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN fabric
Primary Storage
Backup
Archive
Secondary SiteRouters
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN fabric
Primary Storage
Backup
Archive
The fundamental economic model…
Utility, on-demand datacenter
Primary SiteRouters
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN fabric
Primary Storage
Backup
Archive
AWSRouters
Firewalls
Network
Application Licenses
Operating Systems
Hypervisor
Servers
SAN fabric
Snapshot Storage
Backup
Archive
Secondary
site costs
With utility services you might be able to:
Business & technical drivers
Reduce costs
Slash DR budgets by up to 50%
Reduce on-premise
Eliminate 30%+ of on-premise
physical equipment
Consolidate sites
Eliminate the need to run a
secondary site
Remove aging
technologies
Eliminate tape for backup and
archive
Challenges around Cost
Conventional DR Sites
High Cost
Low ROI
Implemented only for
most critical systems
Usually scaled down to
50% of production
Systems in a remote
region challenging
Cost Effective – On Demand Infrastructure
Disaster Recovery on AWS
Unprecedented
capabilities to implement
DR sites
Easily set up DR sites on
different geographic
regions
Cut down DR site cost by
up to 70%
Substantial savings on
software licenses
AWS services that can be
employed
Amazon
Simple
Storage
Service (S3)
AWS Import/Export
AWS Storage
Gateway Service
AWS Direct
Connect
Amazon Virtual
Private Cloud
(VPC)
Amazon
Route 53
Amazon Elastic
Compute Cloud
(EC2)
Amazon Relational
Database Service (RDS)
Amazon
Elastic Block
Storage (EBS)
Object storage &
transfer services
Networking services Foundation services
S3 and Elastic Block Store
AWS storage is ideal for DR
Simple Storage ServiceHighly scalable object storage
1 byte to 5TB in size
99.999999999% durability
Elastic Block StoreHigh performance block storage device
Volumes of 1GB to 1TB in size
Mount as drives to instances with
snapshot/cloning functionalities
Glacier
DurableDesigned for 99.999999999%
durability of archives
Cost effectiveWrite-once, read-never. Cost effective for long
term storage. Pay for accessing data
3 to 5 hour Retrieval time
Direct ConnectDedicated connection between your IT
infrastructure and the AWS datacenters
Extend your network infrastructure and
VLANs into AWS
VPN ConnectionA Hardware VPN connection connects
amazon environment to your datacenter
Internet Protocol security (IPsec) VPN
connection
Commonly used hardware supported
Virtual Private CloudPrivate, isolated section of the AWS Cloud
Launch resources in a virtual network that you
define
complete control over your virtual networking
environment
Internet
Internet
Connecting to AWS
Common DR architectures
4 main patterns
Common DR architectures
Backup & Restore Pilot light
Warm standby in
AWS
Multi-site solution in
AWS & on-premise
Let’s start with Backup & Restore
Common DR architectures
Backup & Restore Pilot light
Warm standby in
AWS
Multi-site solution in
AWS & on-premise
Advantages to starting a journey with this pattern
Backup & Restore pattern
Simple to get started
Easy starting point for exploring the AWS cloud
Low technical barrier to entry
Focus on incorporating cloud into your DR
strategy, not on complex technical issues
related to hot-hot systems
Cost effective
Very high levels of data durability at low price
Cost of storing snapshots in S3
Archiving possibilities beyond tape using Glacier
The preparation process…
Backup & Restore pattern
Take backups of
current systems
Store backups
in S3
Move to long term
archive in Glacier
The process…
Backup & Restore pattern
Take backups of
current systems
Store backups
in S3
Detail how you will restoring from backup or
recover from archive
Move to long term
archive in Glacier
Push backups to AWS
Recover servers during DR
Let’s look at the Pilot Light pattern…
Common DR architectures
Backup & Restore Pilot light
Warm standby in
AWS
Multi-site solution in
AWS & on-premise
Moving along the DR spectrum…
Pilot light architecture
Build resources
around replicated
dataset
Keep ‘pilot light’ on by replicating core
databases
Build AWS resources around dataset
and leave in stopped state
Scale resources in AWS
in response to a DR
event
Start up pool of resources in AWS when
events dictate
Match current production capacity
through auto-scaling policies
Pilot light
Pilot light
Let’s look at the Warm standby pattern…
Common DR architectures
Backup & Restore Pilot light
Warm standby in
AWS
Multi-site solution in
AWS & on-premise
Moving along the DR spectrum…
Warm standby architecture
Build resources
around replicated
environment
Operate a warm standby by replicating
app servers and core databases
Build AWS resources around dataset
and run in limited capacity
Moving along the DR spectrum…
Warm standby architecture
Build resources
around replicated
environment
Operate a warm standby by replicating
app servers and core databases
Build AWS resources around dataset
and run in limited capacity
Scale resources in AWS
in response to a DR
event
Scale up pool of resources in AWS when
events dictate
Match current production capacity
through auto-scaling policies
Warm standby - prep
Warm standby - recovery
Let’s look at the Multi-site pattern…
Common DR architectures
Backup & Restore Pilot light
Warm standby in
AWS
Multi-site solution in
AWS & on-premise
Moving along the DR spectrum…
Multi-site architecture
Deploy resources
necessary to operate
full production
Operate a full stack by replicating app
servers and core databases
Fail over to AWS in
response to a DR event
Sufficient resources in AWS to handle full
peak load
Multi-site - prep
Multi-site - recovery
Where to learn more
Resources
Disaster Recovery on AWS: aws.amazon.com/disaster-recovery
Architecture Center: aws.amazon.com/architecture
Using AWS for Disaster Recovery
http://media.amazonwebservices.com/AWS_Disaster_Recovery.pdf
Backup and Recovery Approaches Using AWS
http://media.amazonwebservices.com/AWS_Backup_Recovery.pdf