understanding-aws-data-protection-blog-banner.png

Impress your Boss! Understanding AWS Data Protection Methods with Cohesity

By Theresa Miller • March 17, 2020

Data protection responsibility always becomes an interesting conversation when the cloud is part of the enterprise infrastructure equation. It’s important to understand all of your data protection and recovery options before a data disaster occurs.

Data Protection: Who is Responsible?

It can be an unfortunate situation if a data disaster occurs. Ransomware is one of those really tough situations where having a great backup strategy can turn a terrible situation into something that is now only a minor inconvenience.  Forgoing backups can leave your corporate data vulnerable to unrecoverable business data loss. Don’t let that be your enterprise. 

Every cloud provider offering is a little bit different when it comes to data protection. For example, setup may be manual, require multiple consoles, and SLA options may leave you accepting less than your enterprise set Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs).

So, doing your homework and moving forward with a data protection plan will leave you prepared when the unexpected happens to your data.  With this mindset, let’s now take a look at AWS server instance protection options and then take a look at some options offered by Cohesity.

AWS Native Foundational Backup Methods

When deploying AWS EC2 instances, enterprises will quickly notice that the instances are not automatically backed up. An extra step is required to make this happen within the AWS native foundational backup methods. This is the option that you would use if you are not purchasing a solution and only expecting to incur AWS storage costs to protect your data.  What is the breakdown of options?

Server instance backup options

  • Manually-enabled per server instance through snapshots, of which someone has to remember to do so through the AWS provided console
  • Through AWS Lifecycle manager by leveraging tags and not instance names.  This option will also help you schedule long-term retention options for your server instance
  • Automation scripting which can be beneficial, but keep in mind that as people leave companies or get promoted or code changes the stability of the script will become compromised

 Other considerations

  •   Primary recovery option leverage tags instead of server instance names
  •   Long-term retention options for days, weeks, months or years
  •   Backup level options in hours

Review this list closely with your enterprise in mind, as these options may or may not meet your enterprise SLAs and other requirements for recovery from the unexpected.  Next let’s take a closer look at what Cohesity can offer you. 

Cohesity Protection Service (CPS) – DataPlatform 6.0 and later

 CPS is a great option for enterprises that are looking for instance failover and failback. In this case, the data will be stored on the Cohesity cluster which offers all of the extended benefits of Cohesity DataPlatform. This option is primarily effective for file and folder level recovery of server instance data and requires a Cohesity agent on the AWS instance.

Native Snapshot Method – DataPlatform 6.1 and later

The native snapshot method is primarily used by enterprises that are looking for AWS Instance protection from within the cloud. In this case AWS EC2 fleet instances are used by the Native Snapshot protection method for backup/restore.  All of your data is stored on the Cohesity cluster extending all of the benefits of Cohesity DataPlatform. This option is robust by offering AWS instance level backup/recovery, but also file/folder-level granularity. This feature doesn’t require the use of the Cohesity agent. 

Cloud Snapshot Manager (CSM) – DataPlatform 6.3 and later

 This final backup method also offers many great benefits to your AWS data protection strategy.  The CSM Primary use case is AWS instance protection from outside of the cloud. You get the ability to back up EC2 instances by managing EBS snapshots in AWS without storing data on the Cohesity cluster. Cohesity can replicate EBS snapshots across AWS regions as part of the regular protection group (backup job) execution. Normally, replication would require another Cohesity cluster, but not in the case of CSM as we can natively replicate the EBS snapshots we take to another AWS region via APIs.  CSM supports recovery at the EC2 instance level.

CSM not only protects EC2 instances, it will help with protecting Amazon RDS databases including the ability to replicate your data across AWS regions.  Similar to using CSM to protect EC2 instances, when protecting AWS RDS databases the Cohesity cluster is managing RDS snapshots in AWS.  No data is stored on the Cohesity cluster. AWS RDS snapshots can be replicated across different AWS regions via APIs called by Cohesity (replication is native, no additional clusters needed). Using CSM will also help you save money as there are also not any data egress charges that will be incurred and doesn’t require a Cohesity agent.

Next Steps

There isn’t a clear-cut answer to your enterprise’s backup and recovery needs.  Be sure to impress your boss by being informed about what your options are, so you can make a strong recommendation to  ensure that you are ready for recovery from any data disaster that you weren’t expecting.