Application Consistent Backups

<< Click to Display Table of Contents >>

Navigation:  Backup and Replication >

Application Consistent Backups

CDSB supports application consistent backups for Windows and Linux instances. While Linux application-consistent backups are implemented through running scripts, Windows application- consistent backups are implemented via VSS snapshots. VSS or Volume Shadow Copy Service provides a consistent snapshot of volumes. VSS is a Windows built-in application that allows the backup of VSS-compatible applications (MS SQL Server, MS Exchange Server, MS SharePoint, etc.)

VSS snapshots are created via the AWS SSM (Systems Manager) built-in agents and the process consists of the following:

The volume is frozen with the write operation suspended.

Writes during the frozen period have been buffered, and any new data will be written after the volume is unfrozen.

The snapshot is generated and stored.

The volume is unfrozen and the write operation is resumed.

SSM is an AWS service that allows for remote management of AWS resources. In this case, it will allow CDSB to send commands to an EC2 instance to perform actions like freezing all I/O operations and creating backups.

To be able to use VSS, you must ensure that:

1.An instance is managed by SSM. For more information, refer to “Managed instances” in within the “Additional info” section of this guide.

2.The backed up instance is hosted in a region that supports AWS Systems Manager. If the instance is hosted in an unsupported region, you must take additional steps on this instance in order for it to back up properly. For more information, see “Unsupported regions” section.

3.The instance has an attached IAM role for app consistent backups. The Role must contain the following policy:

{

   "Version": "2012-10-17",

   "Statement": [

       {

           "Effect": "Allow",

           "Action": [

               "ssm:DescribeAssociation",

               "ssm:GetDocument",

               "ssm:GetManifest",

               "ssm:ListAssociations",

               "ssm:ListInstanceAssociations",

               "ssm:PutConfigurePackageResult",

               "ssm:UpdateAssociationStatus",

               "ssm:UpdateInstanceAssociationStatus",

               "ssm:UpdateInstanceInformation"

           ],

           "Resource": "*"

       },

       {

           "Effect": "Allow",

           "Action": [

               "ec2messages:AcknowledgeMessage",

               "ec2messages:DeleteMessage",

               "ec2messages:FailMessage",

               "ec2messages:GetEndpoint",

               "ec2messages:GetMessages",

               "ec2messages:SendReply"

           ],

           "Resource": "*"

       },

       {

           "Effect": "Allow",

           "Action": [

               "ec2:DescribeInstanceStatus",

               "ec2:DescribeInstances",

               "ec2:CreateTags",

               "ec2:CreateSnapshot"

           ],

           "Resource": "*"

       }

   ]

}