Protecting Your Amazon EBS Volumes at Scale with Clumio
By Anthony Fiore, Sr. Partner Solutions Architect at AWS
Many Amazon Web Services (AWS) customers who use Amazon Elastic Block Store (Amazon EBS) to store persistent data need to back up that data, sometimes for long periods of time.
Clumio is an AWS Partner Network (APN) Advanced Technology Partner with the AWS Storage Competency. It launched in August 2019 protecting on-premises VMware VSphere and VMware Cloud on AWS environments, and in December 2019 expanded to include protecting Amazon EBS volumes.
Clumio, which offers a backup service designed for the enterprise, makes protecting data on your Amazon EBS volumes easy. Clumio’s software-as-a-service (SaaS) solution takes less than 15 minutes to set up and protects Amazon EBS volumes from multiple AWS accounts though a single policy via tagging.
Amazon EBS backups by Clumio are securely stored outside of your AWS account in the Clumio service built on AWS. This is protected by end-to-end encryption and stored in an immutable format.
Because the Clumio service stores your Amazon EBS backups differently than an EBS snapshot, Clumio is able provide a number of features such as indexing, file-level search, and restore capabilities.
In this post, I will discuss the benefits of the Clumio service, how it helps solve customer challenges, and demonstrate how to set up and use the Clumio service to recover files from protected Amazon EBS volumes.
Organizations are facing growing challenges in areas such as security, compliance, cost optimization, and operational overhead when it comes to protecting critical data. Let’s take a look at how Clumio provides solutions for each of these challenges.
Clumio stores all of your data in durable Amazon Simple Storage Service (Amazon S3) buckets outside of your AWS account(s). This helps ensure that Clumio continues to keep a copy of your data for the duration specified in your Clumio backup policy.
Clumio encrypts data in transit and at rest, protected by a unique key for each customer, where your data is stored in an immutable format within the Clumio service.
As regulatory and legal compliance requirements continue to grow, it can be a challenge for organizations to ensure they can easily store and retrieve copies of data over long periods of time.
Clumio’s file indexing capabilities enable you to easily search and restore individual files or entire Amazon EBS volumes that were backed up days, months, or even years ago by the Clumio service.
Currently, Clumio’s backup policies allow you to take hourly and daily backups you can retain for up to 90 days, as well as monthly backups you can retain for up to 12 months, and yearly backups you can retain for up to 7 years.
Clumio stores your data in a compressed, de-duplicated format in Amazon S3, which helps to drive down the cost of long-term retention of your Amazon EBS data with a more predictable cost model compared to simply retaining EBS snapshots.
A lower cost of Amazon EBS data retention allows you to create retention strategies based on business and regulatory requirements, rather than cost.
Ease of Administration
Clumio allows you to administer Amazon EBS backups across all of your AWS accounts from one console. Because Clumio protects Amazon EBS volumes based on tags, you simply need to ensure the EBS volumes you wish to protect have the correct tag key/value that’s listed in your Clumio policies.
If for some reason a volume is unprotected, either by mistake or by design, you’ll be able to quickly see which of your volumes are not yet protected through the Clumio dashboard, or through the Clumio daily email report.
All restored Amazon EBS volumes from the Clumio service are fully “warmed” and are ready for use, ensuring consistent performance of the EBS volume from the moment the restore has been completed.
Let’s take a deeper look into how Clumio protects your Amazon EBS volumes by walking through the setup process.
- During the initial setup, you will deploy an AWS CloudFormation stack in each AWS account you want to protect using the Clumio service. This stack creates a separate Clumio Virtual Private Cloud (VPC), VPC endpoints, and other resources that are necessary for operation of the Clumio service.
- Once the stack is deployed, you can either use an existing policy (even if it’s used for protecting your VMware resources), or create a new policy to define backup frequencies, backup windows, retention periods, and when you want newly created Amazon EBS volumes to be seeded.
- Here’s an example of a newly created policy:
- The Clumio policy will honor the AWS tags (key/value pairs) on your Amazon EBS volumes. Simply assign a tag to your EBS volumes and associate that tag to your Clumio policy to protect all of your EBS volumes with that tag.
- Once that step is complete, Clumio will take care of the rest, with initial seeding of your Amazon EBS volumes taking place either immediately or during your next backup window, depending on your policy settings.
- Data is then indexed, deduplicated, compressed, and sent securely (encrypted) by the Clumio service to Amazon S3 with a unique encryption key to ensure data is protected when stored at rest. After the initial backup seeding, backups continue to happen automatically per the schedules defined in the backup policy.
- The following diagram outlines how the flow of data looks once you have connected the Clumio service to your AWS account.
File Restore Walkthrough
Now that we’ve discussed some of the benefits Clumio’s offers, let’s walk through the Clumio console and perform a restore of a file from one of our Amazon EBS backups.
On the home screen, you can see below that I have eight entities covered by a Clumio policy, and three entities that are unprotected. An entity can be an Amazon EBS volume or a VMware virtual machine (VM).
You can also see my backups and restores have a 100 percent success rate over the past seven days, and there are no active alerts requiring attention.
It’s important to note that because Clumio protects resources across multiple AWS accounts, the data on this page represents VMware and Amazon EBS entities across all AWS accounts connected to Clumio.
Now, let’s search for and restore a file from one of our Amazon EBS backups.
We first need to select the data source, which is AWS. We then need to click All Accounts and the AWS account number in which the Amazon EBS volume resides.
On the AWS Accounts summary page, you need to select the Amazon EBS volumes and will be presented with a list of active EBS volumes, as shown below.
Please note you can also view deleted EBS volumes through this page, as well by clicking the down-arrow next to active volumes.
Next, you’re going to search for files on the Amazon EBS volume named MyExampleVolume. Click on the Amazon EBS volume ID, which will show the overview page for the Amazon EBS volume.
Once you’re on the Overview page, click Search for Files to bring up the file search window.
In this example, I am searching for an /etc/hosts file that was changed a few days ago, so I’m going to type in hosts in the search box, select the hosts in the /etc/ file path and then click Next to proceed.
Once you’ve clicked Next, Clumio will search its indexed file catalog to show what versions it has for the file, last modified date, and backup date of all files matching a search.
In this example, I can see the file was changed on January 2. To restore the previous version, just select that version and click Restore.
The Clumio service will now start a task to restore that file. You can view the status of the tasks by selecting the Tasks icon in the upper right corner of the screen.
Once your restore is complete, click on the Amazon EBS volume ID in the Entity column to get back to the Overview page for that Amazon EBS volume.
You can now see the hosts file is available for download under the Restore File section of the Overview page.
Now that the restore is completed, you can download the file from the Clumio service to your local machine. This allows you to run a diff operation on a changed file, transfer the restored file back to the source system, review the file contents, and so forth.
Restored files are only available for download for 13 hours from when the restore operation was initiated. If you need to download the file after that time, simply initiate another file restore operation.
Although we used the Clumio console to orchestrate this restore, Clumio has APIs available that allow you to orchestrate this in a much more programmatic fashion.
The Clumio service allows customers to protect their Amazon EBS volumes, on-premises VMware VSphere, and VMware Cloud on AWS environments through a single console, and customers can use the same backup policies to protect each of these resources.
Because Clumio is delivered as SaaS and is constantly adding new features and functionality to its service, there is no need for customers to manually perform software updates.
I’ve shown how Clumio transfers and stores data securely in durable Amazon S3 storage, how Clumio can help customers save on costs while meeting regulatory and compliance requirements. I’ve also shown how easy it is to setup and use the Clumio service to protect and recover data from your Amazon EBS Volumes.
If you’d like to try Clumio in your environment or learn more, please visit clumio.com.
Clumio – APN Partner Spotlight
Clumio is an AWS Storage Competency Partner that offers a backup service designed for the enterprise. It launched in August 2019 protecting on-premises VMware VSphere and VMware Cloud on AWS environments, and in December 2019 expanded to include protecting Amazon EBS volumes.
*Already worked with Clumio? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.