Commvault Announced Acquisition of Clumio

// 15 Jun 2023

Boosting Reliability: Advanced Techniques for Amazon RDS and S3 with Clumio's Air-Gap Backups

Jacob Berry, Field CISO
ShareTwitterfacebookLinkedin

Boosting Reliability: Advanced Techniques for Amazon RDS and S3 with Clumio’s Air-Gap Backups

The Reliability pillar of the AWS Well-Architected Framework emphasizes the importance of building resilient infrastructure that can recover from infrastructure or service disruptions. In this post, we will focus on more advanced techniques practitioners can consider when discussing security and optimization for Amazon RDS data warehouses and S3 data lakes. Additionally, we will explore how air-gap backups with Clumio can provide an added layer of protection to ensure the reliability of your data storage and processing solutions.

Enhancing Reliability with Advanced Security Measures for Amazon RDS and S3

RDS Security

Setting up RDS is pretty straightforward. It’s a transparent managed service that allows teams to focus on building rather than running a database. That being said, there are many configuration options and making sure you select the correct settings is important to securing your data. Here are a few lesser-known tips:

  • Enable AWS PrivateLink to establish secure, private connections between your VPC and RDS instances without traversing the public internet, ensuring stable and reliable connectivity.
  • Use IAM Database Authentication to improve reliability by centralizing user access management and eliminating the need for separate database credentials.
  • Regularly perform automated security assessments using Amazon RDS Performance Insights and AWS Trusted Advisor to identify and resolve potential reliability risks.

S3 Security

In contrast with the structured data storage offered by Amazon RDS, is the simple object storage offered by Amazon S3. At its core, S3 is easy, API driven object storage that scales. But, as many companies have learned, just turning it on and using it often leads to risky business practices like the unintentional exposure of sensitive data. Outside of locking down basic access, here are some additional steps to secure your environments:

  • Implement object-level logging with AWS CloudTrail Data Events to gain granular visibility into object-level activity, allowing for proactive monitoring of potential threats to reliability. (Learn about Clumio’s integration with AWS CloudTrail Lake.)
  • Use S3 Object Lock to prevent object version deletion, protecting your data against accidental or malicious actions that could impact reliability.
  • Set up Amazon Macie for automated sensitive data discovery and classification, which helps comply with data protection standards and requirements.

Performance Tuning for Amazon RDS Data Warehouses

Not only should security be top of mind for RDS, but performance as well. In the same vein, here are some thoughts on actions anyone can take to increase performance. Some of these are notes on technology selection, others are quick features to take advantage of, and some that are projects to help with larger environments.

  • Leverage Amazon Aurora for its high-performance storage engine and seamless integration with AWS services.
  • Utilize RDS Performance Insights to monitor and analyze database performance and identify bottlenecks.
  • Optimize SQL query performance with the help of AWS Schema Conversion Tool and AWS Database Migration Service.
  • Implement database caching using Amazon ElastiCache to reduce latency and improve query response times.

Performance Optimization for Amazon S3 Data Lakes

The simple nature of S3 is both its strength and weakness. Out of the box S3 just stores data, it’s up to the user to build applications on top of that. Fortunately, there is an excellent ecosystem to create performant data lake applications on S3. The following tips are mostly architectural considerations, but when performance is key, it’s worth determining whether to invest in these areas.

  • Employ S3 Select and Amazon Athena to perform SQL-like queries on S3 data without needing to move or transform the data.
  • Use S3 Transfer Acceleration to speed up data transfers by leveraging Amazon CloudFront’s globally-distributed edge locations.
  • Optimize S3 storage classes (e.g., S3 Intelligent-Tiering, S3 One Zone-Infrequent Access) to reduce storage costs while maintaining appropriate data access performance.
  • Integrate with Amazon Kinesis Data Firehose for real-time data streaming and processing.

Air-Gap Backups with Clumio for Enhanced Reliability and Lower Costs

Air-gap backups provide an additional layer of protection by physically isolating backup data from production systems, ensuring that backups are unaffected by infrastructure failures or security breaches. Clumio is a cloud-native data protection platform that offers air-gap backup solution for Amazon RDS and S3.

Clumio for Amazon RDS

  • Clumio provides an air-gap backup solution for RDS databases by creating secure, isolated backups in a separate AWS account.
  • Clumio’s policy-driven backup management simplifies RDS backup configuration, ensuring consistent backup schedules and retention periods for improved reliability.
  • Clumio offers granular recovery options, allowing you to quickly restore individual databases or tables, further enhancing the reliability of your data warehouse.

Clumio for Amazon S3

  • Clumio offers air-gap backups for S3 by creating secure copies of your data in a separate AWS account, ensuring that backup data is not affected by issues in the production environment.
  • By integrating Clumio with S3 Object Lock, you can prevent accidental or malicious deletions and maintain the reliability of your data lake. Watch the clip of AWS’s S3 Principal Product Manager explaining how Clumio fits into an S3 data protection strategy.
  • Clumio’s policy-based management simplifies S3 backup scheduling and retention, ensuring that your data lake remains reliable and compliant with your organization’s requirements.

Lowering Costs

  • RDS backups can be expensive! Fortunately this is a focus area for Clumio. While operational backups are included with the RDS service, any compliance or long term needs have to be managed via AWS backup, and cost 9.5 cents per gb/month. Clumio can be 5-10x less, depending on your specific requirements and configurations.

Conclusion

By strengthening the Reliability pillar of the AWS Well-Architected Framework, technical infrastructure and DevOps professionals can build more resilient AWS RDS data warehouses and S3 data lakes. Implementing advanced security measures, performance tuning techniques, and air-gap backups with Clumio will help you achieve the desired level of reliability, while also optimizing your data storage and processing solutions for enhanced performance and cost efficiency.

 

About the author

Jacob's background is in Cyber Security and Technology, focused on helping customers build secure cloud operating environments. He has extensive experience in offense and defense security, security operations, and working across multiple verticals in both private and public sectors.