Checklist for Safe Cloud Platform Operations

Let's dive right in! We'll start off by listing some of the key benefits a cloud platform brings to the table:

• Instantly available: All services are ready for immediate use.
• Scalability: You have continuous access to the resources you need.
• Enhanced predictability: Automated testing and provisioning ensure that services consistently perform as expected in terms of function and capacity.
• Financial flexibility: You only pay for the resources you use, without lengthy commitments or upfront investments.
• No lock-In: You're free to end services when they're no longer needed.
• Cost-efficiency: Get robust infrastructure at an affordable cost.
• Focus on core business: Using standard services allows you to invest more time and effort into your primary business activities.

Your responsibility

Imagine a cloud platform as a well-stocked workshop filled with an array of top-notch tools and materials, all designed to help you bring your projects to life. As the customer, it's your responsibility to wield these resources effectively, ensuring that your end product aligns precisely with the needs of your clientele.

The beauty of a cloud platform lies in its adaptability. It can be configured in countless ways, free from the constraints of a one-size-fits-all model. Consequently, customers often grapple with the challenge of determining the optimal structure for their data and applications to meet their unique requirements.

Availability zones

Every cloud platform operates within specific regions, defined as the physical areas where their services are hosted. The number of Availability Zones (AZ) and their separation methods can significantly vary between different providers. Many local providers offer only one AZ per region, but Elastx stands out by offering three AZs per region, a standard matching major hyperscalers like AWS and Azure.

It's important to understand that even when multiple AZs are available, they can be either geographically close or physically separated. Elastx, AWS, and Azure maintain distinct data centers in separate locations, ensuring physical separation. In contrast, Google Cloud Platform (GCP) follows varying practices, which can make it difficult to find clear information about them..

Notably, Elastx currently stands as the sole European cloud platform that provides three availability zones, housed within physically distinct data centers, strategically positioned at a disaster-safe distance of 20 kilometers.

When constructing clusters with persistent data, another critical consideration is ensuring an odd number of nodes (more than one). This approach mitigates the "split brain" problem, which can be notoriously challenging to recover from. Consequently, three becomes the magic number in terms of the quantity of availability zones.

For those with high demands for both high availability and disaster recovery, seeking a provider that offers three geographically separated Availability Zones (AZ) is crucial.

Data storage

Data storage is a realm characterized by its multitude of variations, making it a critical area where careful considerations are key for ensuring robust data protection.

Within a cloud platform, you'll typically come across a variety of storage types, each offering different levels of built-in redundancy and data protection. Let's break them down into four primary categories:

• Ephemeral Storage: This is block storage directly linked to an instance, often without redundancy.
• Block Storage: Block storage is accessible through volumes and comes in various redundancy levels, including disk, enclosure, Availability Zone (AZ), and Region.
• File Storage: This category handles network-shared file systems and offers redundancy options such as disk, enclosure, AZ, and Region.
• Object Storage: Objects, typically static files, are stored through an API, with redundancy options such as disk, enclosure, AZ, and Region.

To add a twist, these diverse storage types can all be powered by a single underlying storage system. The hitch here is presuming robust data protection solely because you've backed up your primary data stored on block storage by replicating it to object storage. If issues crop up within that underlying storage system, both the primary and backup data could be at risk.

Secure your backups

Even with redundancy in place, like the safety net of Availability Zones (AZ), you won’t be protected from logical errors. These include unintentional data deletions, unwanted changes brought about by bugs, human errors, or malicious tampering.

To ensure effective data recovery, you must establish your Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics determine how quickly data needs to be recoverable and how much data you can afford to lose. With this info in hand, you can make informed choices about the right storage setup, including redundancy levels, and build a solid data protection strategy.

Traditionally, creating backup copies involves duplicating all data to a secondary storage location that can serve as a recovery resource when needed. However, this process may become time-consuming when dealing with substantial data volumes. In such cases, using replication alongside snapshots or similar tools can significantly speed up the restoration of large datasets.

We recommend that you only back up data that requires it. For certain components, like boot disks, it might be more efficient to recreate them automatically using infrastructure as code. Moreover, aligning data protection as closely as possible with the application tends to be beneficial. This can involve making use of built-in functions for replication and backup within your database system, ensuring a more streamlined and efficient approach to data security.

Key considerations:

• Configuration responsibility: While data protection tools exist within a cloud platform, it is up to you to properly configure and consistently monitor them.
• Redundancy assessment: Assess the level of redundancy in your chosen storage solution.
• Snapshot limitations: Note that snapshots are typically stored on the same system, safeguarding against logical errors but not physical ones, such as an availability zone or region outage.
• Geographical backup: Ensure your backups are stored in a geographically separated location from your primary data to enhance data security.
• Recovery testing: Always test the recovery process to confirm its functionality and understand the time it takes.
• Encryption verification: Check if the storage is encrypted, and if not, enable this protective feature.

Storage options at Elastx

At Elastx, we offer the following storage options:

• Ephemeral Storage: This consists of local SSD NVMe storage, delivering speed and cost-efficiency, although it lacks redundancy. The storage size is associated with your chosen instance type, and there's a backup feature available for storing data in object storage.

• Block Storage: Our SSD-based block storage is fully redundant within each Availability Zone (AZ). Volumes can be easily scaled to meet your requirements and offer flexible performance. Snapshot functions provide protection against logical errors, while backup options store data in object storage.

• Object Storage: Our object storage stands out for its exceptional scalability and robustness. It preserves all objects in triplicate, with one copy in each Availability Zone.

All storage at Elastx is encrypted by default; no special steps are required to activate this protection.

Availability

In systems that have multiple availability zones, it's your responsibility to make the most of this valuable opportunity. When opting for managed services, like databases, you'll encounter various levels of redundancy, spanning from single nodes to multiple nodes dispersed across availability zones within a cluster. If you operate your own services within instances, you have the option to distribute them across several availability zones, integrating redundancy and disaster protection seamlessly.

Building your services with infrastructure as code is a good idea, simplifying the monitoring of running processes, tracking changes, and enabling swift rebuilds when necessary.

Keep in mind that the resilience of your system hinges on its weakest element. This underscores the significance of choosing the right tier for compute, storage, and other critical services that align with your requirements.

At Elastx, we offer the choice of running fully redundant operations across our three availability zones, whether you're utilizing our IaaS, our DBaaS, or our CaaS.

Security

The majority of security breaches occur through known vulnerabilities or leaked login credentials. As a user, the responsibility lies with you to safeguard your configuration, services, and the data you handle, including the operating system of the instances you employ. This requires setting up a strong process that regularly updates systems and adds the right protections to guard against known weaknesses. It is equally important that you also monitor your environment so that any anomalies can be detected in time.

Support

If you need further guidance or personal support for the right level of availability and data protection, don't hesitate to reach out to our 24/7 support – always included in our services. We look forward to hearing from you!