Amazon Web Services has launched a new offsite backup service that replicates in-house application data to the Simple Storage Service (S3) cloud.
The AWS Storage Gateway, currently in beta, involves installing a virtual appliance -- initially VMware ESXi 4.1 with wider support planned later -- between business applications and in-house storage.
The gateway takes snapshots and replicates it to S3. Data is transferred to S3 over a Secure Sockets Layer connection and from there it is encrypted using Advanced Encryption Standard 256 bit keys, according to Amazon.
After installing the gateway, administrators would create "gateway storage volumes" which are attached to on-premise application servers as iSCSI devices.
There's also an option to mirror data, either as a disaster recovery strategy or to offload capacity to Amazon's Elastic Cloud 2 (EC2), achieved by uploading applications to S3 in the form of Amazon Elastic Block Storage (EBS) snapshots, then attaching the blocks to a compute instance through the management console or EC2 APIs.
Pricing for the service in Singapore's S3 starts at $US125 a gateway a month.
While Amazon's infrastructure may be more robust than many in-house systems, last year's extended outage in Western Europe highlighted it is far from impervious to the same types of issues that enterprises face, such as human error and power failures.
In Amazon's case, engineers spent days moving massive amounts of data to S3 before attempting to rebuild storage blocks that were mistakenly deleted during a botched de-duplication run.
One criticism of the security set-up is that Amazon holds the encryption keys, offering "checkbox compliance", commented Dan Griffin, former Microsoft security executive and founder of JW Secure.
"Commendably, during replication, the data traverses an encrypted tunnel (SSL). As well, when the data is received by Amazon’s storage gateway proxy in the cloud, it’s encrypted before it’s written to permanent storage.
"However, since Amazon has access to the encryption keys, that protection buys you checkbox compliance, but not much more. After all, whoever has access to the keys can decrypt the data, and that includes rogue system administrators, or even Amazon itself if under duress (subpoena, national security, etc.)."
Amazon's new backup service comes a week after its launch of another enterprise service, the NoSQL-based 'big data' offering for the enterprise, DynamoDB.