Amazon primes S3 as backup facility

By Liam Tung on Jan 27, 2012 8:30 AM
Filed under Cloud

Cloud-attached storage backup.

Amazon Web Services has launched a new offsite backup service that replicates in-house application data to the Simple Storage Service (S3) cloud. 

The AWS Storage Gateway, currently in beta, involves installing a virtual appliance -- initially VMware ESXi 4.1 with wider support planned later -- between business applications and in-house storage.

The gateway takes snapshots and replicates it to S3. Data is transferred to S3 over a Secure Sockets Layer connection and from there it is encrypted using Advanced Encryption Standard 256 bit keys, according to Amazon. 

After installing the gateway, administrators would create "gateway storage volumes" which are attached to on-premise application servers as iSCSI devices.

There's also an option to mirror data, either as a disaster recovery strategy or to offload capacity to Amazon's Elastic Cloud 2 (EC2), achieved by uploading applications to S3 in the form of Amazon Elastic Block Storage (EBS) snapshots, then attaching the blocks to a compute instance through the management console or EC2 APIs.

Pricing for the service in Singapore's S3 starts at $US125 a gateway a month.

While Amazon's infrastructure may be more robust than many in-house systems, last year's extended outage in Western Europe highlighted it is far from impervious to the same types of issues that enterprises face, such as human error and power failures.

In Amazon's case, engineers spent days moving massive amounts of data to S3 before attempting to rebuild storage blocks that were mistakenly deleted during a botched de-duplication run.  

One criticism of the security set-up is that Amazon holds the encryption keys, offering "checkbox compliance", commented Dan Griffin, former Microsoft security executive and founder of JW Secure

"Commendably, during replication, the data traverses an encrypted tunnel (SSL). As well, when the data is received by Amazon’s storage gateway proxy in the cloud, it’s encrypted before it’s written to permanent storage.

"However, since Amazon has access to the encryption keys, that protection buys you checkbox compliance, but not much more. After all, whoever has access to the keys can decrypt the data, and that includes rogue system administrators, or even Amazon itself if under duress (subpoena, national security, etc.)."

Amazon's new backup service comes a week after its launch of another enterprise service, the NoSQL-based 'big data' offering for the enterprise, DynamoDB. 

Follow us on Facebook and Twitter

Copyright © . All rights reserved.

Amazon primes S3 as backup facility
Top Stories
How a devastating cyber attack turned Melbourne victim into evangelist
Back from despair after Distribute IT lost 4,800 websites.
Aldi to sell $279 dual SIM smartphone
Supermarket ups mobile ante with new plans and phone.
EMC takes custody of VCE as Cisco marriage falters
What will it mean for future of Vblock?
Sign up to receive CRN email bulletins
Is Microsoft right to limit the reseller channel for Surface?

Latest Comments
CRN Magazine

Issue: 331 | September 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.