I’m amazed at how often the question of backing up virtual machines running within the Amazon Web Services (AWS) infrastructure comes up. The short answer is, “absolutely!” Thinking that your VMs in AWS do not need backups is a surefire way to lose data. Of course the next question is about how you accomplish AWS VM backup. That question takes a little longer to answer.
When I was researching for this blog, I used Google Analytics to see how often the phrase “AWS backup” was searched over the last 10 years or so. Would it surprise you to learn it is searched more often than “AWS?” Take a look at the graph below. The blue graph shows how often people searched on the phrase AWS, and the black line shows how often they searched on AWS backup.
First, I have to say I am encouraged by this graph. I am not the only one in the world who thinks data protection is important! The fact it was searched more often suggests people were interested in migrating to AWS, but only if they were able to protect their data. It also shows a lot of people aren’t quite sure about the topic.
Why you need to backup AWS
There is nothing built-in to Amazon Web Services that protects your VMs or the data within them. While this may seem surprising to some, there is no more or less data protection built into in Amazon VMs than there is in any server that you would purchase from your favorite vendor. The same could be said of your favorite server virtualization vendor. They provide virtual machines and data storage for said machines. The protection of the data on those machines is your responsibility. Yes, some services and offerings bundle, a often rudimentary, backup application, but you have to enable it.
Anyone who disagrees with the above paragraph should immediately Google codespaces.com. This company offered a website where you could store your code. Its service was entirely within Amazon, as were any backups that they had made. Its account was hacked, passwords changed, and because administrators had not previously activated two factor authentication and had not done off-cloud backup, their entire company ceased to exist with a few keystrokes. They, of course, reached out to Amazon for help. Amazon responded with the statement that backups of AWS VMs are the customer’s responsibility.
How to backup AWS
There are a number of ways to backup Amazon VMs now. Unfortunately, there is no ability yet to back up at the hypervisor level like you can with VMware and Hyper-V. All backup solutions will either run an agent in the VM or connect to a service already running in the VM, such as sshd. While each organization will have its own requirements generally you should look for the ability to regularly schedule backups that will only transfer the blocks that changed since the last backup. This is crucial to making Internet-based backups feasible and for reducing your AWS bandwidth bill. But the most crucial feature should be the ability to automatically get your backups off some infrastructure different than the one you’re running on, as suggested in the 3-2-1 rule. Have three backups on at least two types of media, one of which should be off-site. Storing all your backups on the same Amazon account you’re backing up breaks two of those rules.
Some options are available in the Amazon Marketplace, and others sell their services externally. While existence in the Amazon Marketplace does help you to ensure that the solution you are considering is already certified with AWS, lack of presence in the Marketplace should not be equated with lack of quality in a product. The decision to offer a product in the Amazon Marketplace is more a business decision than a technical one.
You need to protect your VMs running in AWS. In addition, make sure you enable two factor authentication on your AWS instance. And if at all possible, the backups of your AWS VMs should also be located on a different infrastructure. Even if you back them up to S3, for example, you should figure out how to replicate S3 to another system like Google cloud. That way a single hack cannot take out your company the way it did codespaces.com.
Sponsored by NAKIVO
NAKIVO Inc. is a US corporation that develops a fast, reliable, and affordable data protection solution for Hyper-V, VMware, and cloud environments. NAKIVO Backup & Replication provides scheduled, image-based, application-aware, and forever-incremental AWS EC2 backup. VM backups can be sent to a repository created in a different cloud or to an on-premises location. Over 10,000 companies are using NAKIVO Backup & Replication to protect and recover their data more efficiently and cost effectively. Visit www.nakivo.com to learn more.