Freeing Amazon RDS Backups from Database Dependencies
“Someone is sitting in the shade today because someone planted a tree a long time ago” – Warren Buffet
This is an open letter to all Cloud Architects and CloudOps teams serving in those industries where you are required to retain data for several years to meet regulatory compliance.
Snapshots are great for quick recovery, but snapshots are not backups, especially for long-term retention and compliance! Never rely on snapshots to meet your long term compliance needs. Your data must outlive your current platform of choice. In a regulatory environment, it is imperative that you provide access to data throughout its lifecycle (see the data lifecycle diagram below) to meet audit requirements and satisfy data preservation requests such as legal hold and eDiscovery. This is where snapshots can fail you because they are tied to the original platform which typically has a shorter lifespan compared to the data itself.
An example of the pitfalls of leveraging snapshots for long-term retention and compliance was recently exemplified by one of our customers who was glad that they were not relying on snapshots for long term retention.
As is the case with many enterprises, this customer has several AWS accounts and numerous RDS databases. One of their older databases happened to be using RDS PostgreSQL 9.4 that a client had deployed several years ago. The value of RDS is the fully managed experience you get in consuming a database where ‘set it and forget about it’ is a norm rather than an exception! AWS does everything for you in managing the database.
As some of you may already know, PostgreSQL 9.4 hit End-of-life (EOL) on February 13, 2020 and the Amazon RDS team had given customers a heads up on the need to move to newer engine versions. And AWS has been automatically upgrading version 9.4 to version 11 since April 20, 2020.
For this busy customer, the auto-upgrade from AWS happened this week just as the team was getting ready for the extended holiday weekend. Of course with RDS’ fully managed experience, they didn’t have to lift a finger to take any action, the database engine got upgraded behind the scenes and the applications using it continued to run without any disruption. So far, so good!
Now let us come back to using snapshots as backups, the message Rubrik and Cohesity are actively promoting as the strategy for protecting data on RDS. What if this customer was using one of those competitor’s snapshot management products? Life for them would be complicated. All of their backups would be snapshots from an older database engine that had already hit EOL. If they needed to restore from those over the next few months, they would have to work with the AWS support team to instantiate those unsupported engines to complete the restore and upgrade the instance. Counting on the AWS support team to make exceptions for them is not a big deal if they were in need of restores from the last 30-35 days (operational recovery window), but the trouble is going to hit them when it comes to long term retention of their backups. What if this customer is required to produce records from May 2020 for an audit or eDiscovery 5 years from now? Now they are on the hook to revive a decade-old database engine and breathe life into those snapshots! However, they have no control over the database engine because snapshots are tied to a fully managed service that ended its support for the engine five years ago. They would be in jeopardy of losing compliance and data preservation requirements mandated by regulators. For all practical purposes, their historical snapshots managed by those bricks and blocks companies would be useless although the customer had been paying for those snapshots for years on-end!
So please, don’t keep throwing your money away in storing snapshots long term and still jeopardizing compliance. There is a better way.
How Clumio Provides a Different Experience
Clumio Backup as a Service for AWS RDS delivers end-to-end protection for your RDS databases. It can centrally manage your RDS snapshots across all instances and AWS accounts for free! This takes care of your operational recovery window. You can use rolling backups to protect against account compromise and ransomware. And, above all, you can meet your long-term compliance needs where backups are stored in a format that is independent of the database engine that generated the data.
For the customer in the story above, they were using Clumio SaaS for RDS backup. For them, life this week was normal even when they ran into the scenario above. Clumio’s extended retention backups are stored in an engine independent format. You can retrieve records no matter what happened to your original database engine. You can perform granular record retrieval directly from backups and give those portable records to your auditor or paralegal directly- or load it into any new database engines (or versions) of tomorrow.
The moral of the story is to plant the tree now so you can have the shade later… Don’t ever let the retrofitted snapshot managers from bricks and blocks companies fool you into a false sense of security in the cloud. Choose Clumio for RDS and liberate your data from all platform-specific dependencies. See those capabilities for yourself here.