AWS Partner Network (APN) Blog
Amazon EBS Direct APIs Enable Infrastructure-Less and Agent-Less Data Protection with Clumio
By Chadd Kenney, VP, Product – Clumio
By AJ Park, Sr. Product Manager – AWS
 |
| Clumio |
 |
With ransomware attacks on the rise, robust data protection strategies are more critical than ever for organizations of all sizes.
Combined with strict compliance requirements around frequency, location, and retention of backup data, organizations are bringing data protection to the forefront of their cloud strategy and looking for solutions that provide simple management, high level of security, and fast recovery when it’s needed most.
Amazon Elastic Compute Cloud (Amazon EC2) instances and the attached block storage volumes are core components of workloads built on Amazon Web Services (AWS). Protecting these resources is a critical part of a data protection strategy, and customers are looking for solutions that are simple to implement, easy to manage, cost effective, secure, and capable of meeting backup performance requirements.
AWS and its backup partners are continuing to innovate to meet these customer needs, and one example is the Amazon EBS direct APIs. Within this post, you’ll learn more about these APIs and how they transformed the Clumio solution.
This post discusses issues the EBS direct APIs were created to solve and how Clumio used them to improve its cloud backup solution. We will show how Clumio and the EBS direct APIs work together to provide a powerful solution to solve customer data protection challenges.
Clumio is an AWS Storage Competency Partner that offers a secure, cloud-native backup-as-a-service solution allowing customers to take advantage of Clumio’s rich feature set to protect their critical assets across AWS services.
Introduction to Clumio for AWS
A key benefit of Clumio is how simple it is to set up and manage. The deployment is completely infrastructure-less, meaning customers only have to deploy AWS Identity and Access Management (IAM) roles to start protecting their AWS resources.
This infrastructure-less solution for backups is unique to Clumio, and only possible through heavy usage of native AWS APIs across the platform. One major AWS API that is key to Clumio’s solution is Amazon EBS direct APIs.
Using Amazon EBS direct APIs, customers can create snapshots of their block storage data, regardless of where it resides, including on-premises data. This enables customers to achieve business continuity in AWS at a lower cost, and to use the existing Fast Snapshot Restore feature to quickly recover data into EBS volumes for use cases like disaster recovery.
Amazon EBS direct APIs also provide the ability to directly read snapshots and get differences between two snapshots without needing to create EBS volumes and EC2 instances. Backup providers can easily track incremental changes on EBS volumes via EBS snapshots and streamline their workflows to reduce backup times by up to 70%. This enables them to provide more granular recovery point objectives (RPOs) to AWS customers at lower costs.
Using Amazon EBS direct APIs, Clumio was able to build its data protection solution based on snapshots of block storage data, providing customers with a 3x increase in backup performance and 75% increase in recovery performance.
In addition, Clumio used EBS direct APIs to build a software-as-a-service (SaaS) backup and recovery solution by backing up customers data directly from the Clumio’s AWS account. This eliminates the need to run any backup or recovery infrastructure in the customer’s account, which reduces management overhead for customers. It also inherently provides a logical air-gap to help protect against ransomware attacks.
Clumio’s Workflow Before EBS Direct APIs
While Clumio is extensively using the Amazon EBS direct APIs for EC2 and EBS backups today, this was not always the case. Originally, Clumio’s customers were required to deploy a full virtual private cloud (VPC) in each region they wanted to perform backups within. This “Clumio VPC” included various networking components and EC2 auto scaling groups.
The purpose of the “Clumio VPC” was to automatically spin up EC2 instances during backup and restore operations. The EBS volumes being backed up would have a snapshot taken of them, and they would be converted to a full volume and mounted to an EC2 instance within the “Clumio VPC.” From there, the data within the volume would be streamed directly into Clumio’s SecureVault to create the point-in-time backup for the source EBS volume.
Figure 1 – Workflow before using EBS Direct APIs.
Additionally, due to the lack of direct access to the EBS volume data and associated metadata, Clumio had to implement data reduction technologies like deduplication to prevent backing up data that had not changed since the previous backup.
Clumio’s Workflow After EBS Direct APIs
Clumio was able to quickly integrate the Amazon EBS direct APIs into the solution, greatly improving its customers’ experience. Through the use of EBS direct APIs, Clumio customers were able to go completely infrastructure-less with their deployment model, removing the requirement for a “Clumio VPC” in customer environments.
This reduced the installation time for the Clumio solution significantly, and also reduced the security burden placed on customers who had to ensure the networking endpoints and EC2 instances within the “Clumio VPC” were adequately protected and met general corporate security guidelines.
Figure 2 – Workflow after using EBS Direct APIs.
Through the use of the EBS direct APIs, customers saw a performance boost for both backups and restores. Before the EBS direct APIs, the backup’s speed was heavily dependent on the EC2 instance type and EBS volume type within the Clumio auto scaling group.
Speeds were typically low and highly dependent on the volume type being backed up. In Clumio’s lab testing, with EBS direct APIs, a 3x increase in backup performance is now seen consistently, regardless of the volume type being backed up.
Restoring critical data rapidly is a key component of any backup software. Before using EBS direct APIs, restores were typically around 200 MB per second. Through the use of EBS direct APIs, Clumio lab testing demonstrated that restores are now around 350 MB per second. That’s roughly 1TB in 45 minutes.
Clumio is now able to do all of its backup and restore operations across EBS volumes with high use of parallelism. That means if you have 16 1TB EBS volumes you need to recover at the same time, they will all finish in 45 minutes.
Conclusion
This post has shown how Clumio uses the Amazon EBS direct APIs to create a powerful data protection solution as a service, which is simple and fast to deploy, cost effective, and provides air-gapped protection for your data.
You can see how secure and performant an infrastructure-less backup solution is by signing up for Clumio through AWS Marketplace. Clumio offers all new customers a free 30-day all-access trial.
All Clumio backups are air-gapped outside of your organization’s security domain into Clumio’s SecureVault, ensuring maximum protection against account comprises, bad actors, and even rogue automation scripts.
Clumio’s SaaS service is built entirely on AWS, which has made the solution highly robust and fast. Additionally, Clumio takes its customers’ security seriously, performing regular penetration tests while holding major industry certifications like SOC 2 Type 2, HIPAA, PCI-DSS, ISO 27001, and ISO 27701.
.
.
Clumio – AWS Partner Spotlight
Clumio is an AWS Storage Competency Partner that offers a secure, cloud-native backup-as-a-service solution allowing customers to take advantage of Clumio’s rich feature set to protect their critical assets across AWS services.