Welcome back to our series of articles on the 3-2-1 Rule! In the previous 2 articles we discussed the origins and purpose of this rule, as well as how it applies in a cloud tier context. In this final installment, we will consider the 3-2-1 Rule in a cloud-only context. Let’s get to it!
3 copies, 2 different media, and 1 copy air-gapped. As discussed already, and listed here for a quick review, this methodology helps protect us from:
- Human error.
- Software corruption.
- Loss / theft.
- Environmental disaster.
- Hardware failure.
- Malicious activity (data deletion / ransomware).
Do you copy?
Let us start at the beginning. Are 3 copies (1 production, 2 backup) achievable in a cloud only infrastructure? Absolutely, and this is achieved most easily via storage redundancy. In all cloud storages, redundant copies are possible, if not already enabled by default. The separation of these copies can vary from different racks in a datacenter to different continents. With storage redundancies protection against hardware failures and environmental disasters is well provided.
Ok, we have multiple copies of our data. Can we achieve 2 media types? Well , sort of. Media in the cloud is not something you can touch like disks and tapes. Does Object Storage count as a different media type if it is stored on the same physical infrastructure as VM disks? How is data stored in SaaS applications? Are all tiers of object storage kept on the same physical media? Tough questions to answer. Let us look at this from a different angle in that case: having 2 media types is supposed to help protect against risks like hardware, environmental, and software problems. It also provides the medium for the copy that is air-gapped. These protections can be achieved in cloud environments. Here are a few ways to do that:
- 3rd party backups can secure SaaS, VM, Storage or DB Data to object storage, which can also be in a different region.
- Cloud provider “native” backup tools for VMs, Storages and DBs that operate independently from customer accessible infrastructure.
- Separate cloud providers for production and backup data of any type.
Calling these different media types might be stretching things a bit, but they help illustrate that the desired protections can be achieved. We have different hardware at different providers. Software issues affecting a SaaS database service is not likely to effect object storage. Native options from cloud providers bring SLAs with them to insure availability and durability to a high degree. Finding the appropriate solution is all a matter of understanding the specific requirements.
The above points already touched on the third point a bit: our air-gapped copy. For cloud-to-cloud backups, we are generally talking about logical air-gaps, which were described in our previous article, but it is more abstract when the data is already in the cloud. Again, at the risk of repeating ourselves, the focus should be on the desired protections, which are in this case: primarily environmental disaster, infrastructure failure, and malicious activities. Do the available gap options stack up? Let’s take a look:
A logical air-gap within the same provider can be accomplished in a two ways: separate accounts (Tenants in Azure-speak, or Organization in AWS) or separate sections within an account (Subscriptions in Azure, Accounts in AWS). The separation here can include redundant copies in different regions, different authorizations/access models, or allowing a 3rd party provider to host the data in their tenant/account.
The logical air-gap between providers is much easier to understand. Even if data is being stored in the same region (say, in Frankfurt) the datacenters are separated by location, infrastructure and security. Many 3rd party backup solutions are multi-provider capable.
Going old-school is also an option. If data starts in the cloud, it could be copied back to on-premises. It could even be written to tape, to be stored off-site. This is effectively our second article in reverse, so everything there would apply here. Whereas this option has some use-cases for cloud services, in general it has more disadvantages than advantages. See the list of concerns about on-premises backups in our first article for a rundown of what should be considered.
As we can see, the cloud has options available to address the original goals of the 3-2-1 Rule. Even if the rule itself becomes a bit hard to interpret literally, the focus should be on the protections our data is afforded. With this in mind, how about taking things a step or two further? Two things the cloud excels at are flexibility and scalability, so how about adding some numbers?
- 4 copies of the data (4-2-1)?
- 4 copies of the data, 3 different media (4-3-1)?
- 4 copies, but 2 copies air-gapped to different providers (4-2-2)?
- 6 copies, 3 media, 1 air-gapped to another provider, and one air-gapped on-premises and gapped again on tape (6-3-3)?
These alternate models are not unique to the cloud, but for many, the required infrastructure was simply out of reach. So, whereas they are not new ideas, they are perhaps newly realizable ideas. The best option is dependent on the situation of course, and these ideas above are just that: ideas. A detailed analysis for each is beyond the scope of this series. We just want to highlight that there are options.
Over the past three articles, there have been a lot of ideas and possibilities discussed. The take-away here is that there are no “right answers.” There are a huge number of options and combinations for securing data in the cloud, whether it comes from on-premises or is already there. And with a good design, we can achieve all the protections of the 3-2-1 Rule, if not more, using cloud resources.
The 3-2-1 method itself, which has become such a go-to standard and measuring stick for what is “good” in backup design, is still a relevant concept. It is just not the only concept that works, and a clear understanding of what it is intended to do is important, so we can measure in new contexts such as the cloud.
We hope this series has provided some clarity into the media and storage aspects of designing a good backup solution. This is just one aspect though. A properly designed backup solution also includes considerations for data classification, data lifecycles, regulatory compliance, existing internal cloud strategies and disaster recovery plans, and all these points can affect which storage solution fits best. But those are topics for another article.