S3, EBS Volumes, and Snapshots
After you have launched, deployed, and configured Q-Cloud Protect, you can begin replicating data to it. Q-Cloud Protect secures all replicated data by using the following components of AWS.
Simple Storage Service (S3) is Amazon's cloud storage service. Q-Cloud Protect uses S3 to store the data being replicated to Q-Cloud Protect. It places this data into S3 buckets, which are identified by the serial number assigned to your Q-Cloud Protect appliance.
In addition, snapshots of EBS volumes are also stored in S3, further protecting your data from corruption.
For more information about S3, see https://aws.amazon.com/documentation/s3/.
Access S3 Buckets
When you first deploy Q-Cloud Protect, it automatically creates an S3 bucket in which to store replicated data. Q-Cloud Protect names the S3 bucket with the Q-Cloud Protect appliance's serial number, such as qcp-xxxxxxxxxxxxxx.
- From the Q-Cloud Protect web console, navigate to the System Overview page.
- Locate your cloud appliance's serial number as shown in the following image.
- From the S3 Console, locate the bucket with the corresponding serial number.
Because the data stored in S3 buckets is used to configure a recovered instance or to failback data to a source appliance, you should not delete S3 buckets associated with your Q-Cloud Protect appliance unless you are completely certain that you no longer need the stored data.
AWS Identity and Access Management (IAM) provides access control for your AWS resources. Q-Cloud Protect uses IAM as follows:
- IAM roles to grant the EC2 instance permission to manage S3 objects and EBS snapshots
- For AWS Marketplace and GovCloud only: IAM users/groups to grant non-administrator users/groups permission to launch a Q-Cloud Protect EC2 instance
For more information about IAM, see http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
For information about creating IAM roles and policies, see IAM Roles and Users.
Elastic Block Storage (EBS) volumes are persistent block-level storage attached to instances. These volumes remain without an instance so that stored data is not lost.
The Q-Cloud Protect instance uses two main types of EBS volumes:
- Root volumes store OS and initial configuration data for the Q-Cloud Protect instance.
- Data volumes store metadata about the data replicated to Q-Cloud Protect.
By using both types of EBS volumes along with S3, all data associated with the Q-Cloud Protect instance and appliance is being protected. To further protect data stored in these volumes, Q-Cloud Protect takes snapshots of each volume, which are also stored in S3.
For more information about EBS volumes, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html.
Working with EBS Volumes
The Q-Cloud Protect AMI is pre-configured with the appropriate EBS volumes. When you first launch your Q-Cloud Protect instance, you can access its volumes from the EBS Volumes dashboard.
From this dashboard, you can tag the volumes with unique names for easy identification. In addition, you can delete old or corrupted volumes after recovering the volumes from their associated snapshots. For information on performing these tasks, see Tagging EBS Volumes and Recovering When EBS Volumes Fail
If you determine that you need additional storage for your Q-Cloud Protect appliance, you can expand the EBS volume attached to its instance. For more information, see Expanding EBS Volumes.
EBS snapshots are images of the metadata stored on EBS volumes. Snapshots are safeguarded in S3, increasing the durability of the stored metadata.
Q-Cloud Protect takes advantage of this durability by capturing routine EBS snapshots of your instance's EBS volumes. If you need to restore data on an EBS volume or entire instance — in cases where the data on the volume is corrupted or fails — you can use the EBS snapshots along with the data stored in S3.
For more information about snapshots, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html.
Understanding Snapshot Generations
Q-Cloud Protect automatically takes daily routine snapshots of the root and data volumes attached to your instances. These snapshots are grouped into a single generation — consisting of both the root and data volume at a single point in time — as follows:
- The first snapshot generation captures and stores full images of the EBS root and data volumes.
- Each subsequent snapshot captures only data that is new or changed from the preceding snapshot generation.
- The new data is added to the data in the previous generation to create a new snapshot generation.
This incremental snapshot process captures a complete image of the volumes attached to an instance, without using unnecessary storage space.
- View snapshot generations on the EBS Snapshots dashboard, which are identified in the Description column as shown in the following image.
- If an EBS volume becomes corrupt or fails, use a snapshot generation to recover the instance to which the failed volume is attached. See Recovering When EBS Volumes Fail.