While snapshots will always be the foundation of your team’s disaster recovery plan for AWS resources including EC2, they are far from a complete solution. AWS snapshots provide numerous data protection benefits for your cloud workloads, and Druva has designed a new service to address their traditional data resiliency shortcomings. Druva leverages its award-winning platform to provide comprehensive backup and 100% SaaS data protection for EC2 and EBS instances. As a result, air-gapped, deduplicated, and immutable copies, in tandem with traditional snapshots, deliver operational disaster recovery while keeping backups secure and available.
What is an AWS snapshot?
An AWS snapshot is an image copy of the resource, such as EC2 instances or EBS volumes, that is stored in object storage in an AWS account. A full or baseline snapshot is an identical copy of the protected resource from a single point in time. Once the first snapshot is created, any subsequent incremental snapshots will contain any blocks that have changed since the last snapshot was taken.
Since AWS snapshots are a complete copy, they can be used to restore damaged or deleted resources, and are commonly the first thing IT searches for if the primary copy is damaged. For example, if an EC2 instance or EBS volume is damaged, it will not affect the snapshot, and your team will easily be able to recover.
This means that an AWS snapshot is an ideal data source for a backup — it provides an independent copy of the data stored in a different system. They are by far the easiest and quickest way to recover a damaged resource in AWS, and represent a great resource for simple, speedy disaster recovery.
AWS snapshots and the 3-2-1 backup rule
An effective backup and recovery system follows the classic 3-2-1 rule of backup — keep at least three copies of data, stored on at least two different types of media, with one of which stored off-site.
Storing data on two different storage systems is a risk management tactic to ensure the copy is not damaged if the primary system were to go down — this is why you always have a separate backup system and do not use the same storage for both primary and backup. This part of the rule is easy to comply with using AWS snapshots, because the moment you make the snapshot, you’re storing a copy of your data in a different system.
Storing at least one backup copy off-site is the tricky part. While it is possible to copy AWS snapshots to another region, it can be difficult and expensive to automate. Copying data from one region to another creates egress charges, and costly, unnecessary copies. It’s also difficult to consistently apply this concept across all your AWS accounts and keep centralized management and reporting.
Limitations of AWS snapshots
For users with a single AWS account and relatively few resources, automating backup and applying consistent policies is a simple process. However, for those with many AWS accounts in multiple regions, enforcing consistent data protection across all accounts while monitoring backups can be incredibly difficult and expensive. Applications like Kubernetes further complicate the issue, as IT teams will need a more sophisticated data protection mechanism, and relying on snapshots alone might not allow them to meet recovery objectives.
Then there is the issue of ensuring that all backups are copied to a different account in a different region. Migrating thousands of backups across regions is very expensive, and, while lower than the typical egress charge, AWS will charge you for copying data between regions. Finally, while AWS snapshots are storage efficient, they can get quite costly if stored for extended periods of time.
A united, simple, and affordable solution for EC2 snapshot management
The Druva Data Resiliency Cloud removes the need for cross-account and cross-region snapshots and provides secure, air-gapped backups to protect against ransomware with a 50% lower TCO.
Your team can create organization-wide policies, authenticate Druva with multiple AWS accounts, and enforce chosen policies across the entire environment. Druva provides centralized management and reporting console to configure and monitor all AWS backups across the entire environment. In addition, Druva’s cutting-edge source-side global deduplication ensures your system is minimally-affected during the backup process by sending and storing the least amount of data necessary. All data is encrypted end-to-end and the customer always maintains the encryption keys. This zero-trust architecture means no Druva employee ever has access to your data and all copies are kept air-gapped from the original environment, negating the possibility of ransomware infection.
In the event of a restore, users have the option to use the local snapshot copy if available for fast RTO, otherwise, the deduplicated backup copy stored in Druva Cloud will be restored — ideal for ransomware or disaster recovery.