By Afzaal Ahmad Zeeshan, Alibaba Cloud Community Blog author.
Data is just as important as it is vulnerable to being lost. It can be a target for malicious activities in the form of theft and manipulation, as well as subject to unforeseen incidents, such as hardware failure or natural disasters. It naturally follows that efficient and secure methods should be present for safely storing and retrieving this data. However, no matter the effort put in prevention of such mishaps, there will always be exceptions that might leave your data exposed to these problems of data lost. This is where disaster recovery comes in and so does the database backup. Usually the planning for backups happens before the database structure has been drafted by the database administrators because it requires that you take the cost of backups and other hardware constraints into account.
However, on the cloud that can change. Alibaba Cloud offers backup services as a pay as you go option in which you can quickly create the backup plan and utilize it as much as your infrastructure requires. In this post, we will explore and discuss the options that Alibaba Cloud provides us with that can support us in this area.
Several parameters participate when deciding on the most suitable method for backing up data. Consider the size of data, where a few gigabytes can be stored in USB sticks or external hard drives, but large volumes of data require special handling. Most enterprises' and their databases are beyond terabytes if not petabytes of storage and maintaining the backups regularly-in the intervals of days if not hours-is as critical as running the business and maintaining a name in the market.
Another important consideration is the nature of data. Financial transactions are a far more critical type of data than inventory tables of a small mart and should be treated as such when being backed up. Clients who provide services to stock markets or any domain that deals directly with money must always consider backups, not for maintaining a history but to provide a highly available solution.
The best method for database backup is always contingent upon several factors, foremost being the size of the data. People have been backing up their data in several ways.
On-premises Hardware: Relatively cheap and suitable for an average sized dataset, but prone to hardware failure. No matter how much replication you perform, you will always require upgrading the hardware or sometimes even replace it. This adds up to the overall enterprise capital expense.
Network Attached Storage: NAS functions best when multiple nodes on the network need to be backed up to a central backup machine. The proximity of the backup machine to the working nodes may represent a vulnerability to natural disasters.
Cloud Storage: While relatively expensive compared with other methods, cloud storage offers distributed storage and high security that makes it worthwhile. Many cloud providers offer plans for small business to large enterprises, according to their stations. Most of the times, Cloud Storage is the NAS storage, but provided with some extra SLAs by the vendors.
It is irrefutable that cloud storage is the best medium available for storing the data backups and Alibaba Cloud Database Backup Service (DBS) is one of the top service providers in this field. Being highly secure and cost-effective, and available as a part of other services inside the Alibaba Cloud ecosystem, it is a comprehensive solution that incorporates within itself,
The database backup service supports a wide range of data services, such as backing up your own on-premises database too.
Before proceeding with the following concepts, please make sure that you are having an instance of the Alibaba Cloud Database Backup service. One the purchase page you will find out the options that you need to configure to quickly purchase a solution that best fits your needs.
As you can see that most widely used databases are provided as options and rest of the settings you can configure based on how your Object Storage Service is setup and configure-or if there is a storage service subscription available.
You can make the selection for the package here and continue.
DBS guarantees data security by allowing the user to quickly store data in the cloud. It has simple and efficient interface that allows the creation of backup plans with just a couple of steps.
DBS utilizes real-time data synchronization techniques to provide incremental backups based on database logs. Consequently, it reduces RPO to several seconds - a consideration holding great significance in disaster recovery planning.
Moreover, backup of different databases can be created easily through simple configuration.
DBS offers high level of data security via encryption, be it during transmission where SSL can be employed, or while storing the data in cloud. Data access is also protected and accessible only with keys to ensure data privacy.
It is the security via encryption feature that makes Alibaba Cloud Database Backup Service massively appealing. We'll delve further into details on encryption service down the line.
DBS supports two kinds of backup: Logical and Physical. Both types offer full and incremental backup capabilities. Full and incremental backups have their own performance and storage requirements, as well as the total time taken to create a backup.
There are more options in this field that you can check out on the official documentation, here.
Backup of this form comprises of logical data such as tables, indexes, and stored procedures. DBS supports the following backups in the logical category:
Physical backups are backups of physical files that play a role in storing and recovering the DB. DBS also supports full and incremental backups for physical backup. While incremental backup follows the same philosophy in this case as for logical backup, process for full backup differs in that files are copied directly from the operating system. Backup speed is also faster in this case.
Although maintaining database backup on cloud is considered most efficient and convenient, it is not without its own weaknesses.
Since cloud storage is often shared, especially in the case of public clouds, anyone with access can access all data. Moreover, data in cloud is susceptible to theft and manipulation. These grave security concerns cannot go unhandled. This also includes the employees of an organization being able to access and manipulate the data.
Data encryption is carried out in two ways by DBS: encryption while transmission of data and encrypted storage to protect the data.
Secure Sockets Layer (SSL) is transport layer protocol used to encrypt network connection so that no data breach occurs while transmission of data. It provides increased security and data integrity, but also contributes towards network connection time.
SSL encryption leads to a significant increase in CPU usage as well, which is often considered an inherent drawback of the protocol; therefore, SSL usage is recommended for internet and not intranet connections, since the latter are relatively secure.
Make note that once SSL encryption is enabled, it cannot be disabled.
DBS makes use of Key Management Service (KMS) APIs for encryption and decryption purposes.
KMS is a fully managed service for handling of encrypted keys. For common key management cases, one can utilize APIs or Alibaba Cloud management console to produce/manage Customer Master Keys (CMKs). You can locally encrypt/decrypt small data set or envelope encryption technology for large volume of data, as required.
Using KMS, we procure encryption key and enable real-time encryption. Similarly, it obtains the decryption key at the time of recovery to restore the corresponding database. In this way, cloud data can only be accessed with keys, which results in protection of data privacy.
We have various options available for encrypting data stored in cloud and limit access to it only to the authorized parties.
OSS provides both client-size as well as server-side encryption. You can find most of the controls right here in the portal,
OSS Client-Side Encryption ensures data is encrypted before sending to the remote server, while maintaining the plaintext of the encryption key in local computer. Main private key is managed by KMS and private key is managed by the user.
OSS Server-Side Encryption stores the uploaded data in encrypted form on the server and decrypts it when user downloads the data.
ECS disc encryption is another way of providing security to data to meet business needs or certification requirements. With it, you can encrypt cloud disks as well as shared block storage. No need for creation and maintenance of your own key management processes. Encryption and decryption have minimal effect on the performance of cloud disk.
Data and the associated keys are encrypted using AES-256 algorithm. The keys are never stored in plaintext in any permanent storage media.
Cherish Wang - September 16, 2019
Alibaba Clouder - January 11, 2019
Alibaba Clouder - July 5, 2019
Alibaba Clouder - August 16, 2019
Alibaba Clouder - June 3, 2020
ApsaraDB - August 6, 2019
A reliable, cost-efficient backup service for continuous data protection.Learn More
Create, delete and manage encryption keys with Alibaba Cloud Key Management ServiceLearn More
An encrypted and secure cloud storage service which stores, processes and accesses massive amounts of data from anywhere in the worldLearn More
More Posts by Alibaba Clouder