66 lines
5.0 KiB
Markdown
66 lines
5.0 KiB
Markdown
---
|
||
title: "CTP Topic 72 Implementing an Enterprise DR Strategy Using AWS Backup"
|
||
type: source
|
||
tags:
|
||
- AWS
|
||
- DR
|
||
- Backup
|
||
- Enterprise
|
||
- CTP
|
||
- RTO
|
||
- RPO
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Source File
|
||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md]]
|
||
|
||
## Summary(用中文描述)
|
||
- 核心主题:使用 AWS Backup 构建企业级灾备(DR)策略
|
||
- 问题域:如何在 AWS 云环境中实现数据保护、灾难恢复,并区分高可用性与灾备的关系
|
||
- 方法/机制:Sabith(AWS)系统讲解 RTO/RPO 定义与架构模式(从多活到备份恢复),介绍 AWS Backup 的备份计划(Backup Plans)、备份保管库(Backup Vaults)、跨账户复制(Cross-Account Copy)、Vault Lock 不可变性等核心功能
|
||
- 结论/价值:AWS Backup 作为全托管策略驱动型备份服务,结合 Organizations 跨账户管理和 Audit Manager 合规报告,可构建完整的企业级灾备体系
|
||
|
||
## Key Claims(用中文描述)
|
||
- 高可用性(HA)关注系统运行时间和可用性,用 MTBF 衡量;灾难恢复(DR)关注数据丢失防护和恢复能力
|
||
- RPO(Recovery Point Objective)定义可接受的数据丢失量,RTO(Recovery Time Objective)定义可接受的停机时间
|
||
- AWS Backup 是全托管、策略驱动的备份服务,通过备份计划定义何时备份什么、存储到哪个保管库
|
||
- AWS Backup 支持通过 Organizations 进行跨账户备份复制(Cross-Account Backup Copy),实现备份隔离
|
||
- Vault Lock 合规模式可防止任何人(包括 AWS 根用户)在生命周期结束前删除恢复点,有效防御勒索软件
|
||
- 增量备份(Incremental Backup)仅捕获自上次备份以来的变更,节省存储成本
|
||
- 建议使用独立的 Bunker/Vault 账户存储备份副本,使用 Forensic 账户定期测试恢复点
|
||
|
||
## Key Quotes
|
||
> "We should always be prepared for a situation that everything falls all the time." — 灾备意识的核心理念:时刻为最坏情况做准备
|
||
> "The shared responsibility model defines AWS's and the customer's roles in ensuring a resilient cloud environment." — AWS 与客户在云弹性环境中的责任划分
|
||
> "High availability ensures a system performs its functions, measured by mean time between failures. Disaster recovery focuses on data loss prevention and recovery." — HA 与 DR 的核心区别
|
||
|
||
## Key Concepts
|
||
- [[AWS Backup]]:AWS 原生全托管策略驱动型备份服务,支持 80+ 资源类型,可跨账户跨区域复制恢复点
|
||
- [[RTO]](Recovery Time Objective):可接受的系统停机时间,是 DR 策略的核心指标
|
||
- [[RPO]](Recovery Point Objective):可接受的数据丢失量,决定备份频率
|
||
- [[High Availability]](高可用性):关注系统运行时间和可用性,用 MTBF(平均故障间隔时间)衡量
|
||
- [[Vault Lock]]:备份保管库合规锁定模式,防止恢复点被提前删除,防御勒索软件
|
||
- [[增量备份]]:仅备份自上次备份以来的变更,相比全量备份节省存储成本
|
||
- [[跨账户备份]]:通过 AWS Organizations 将备份复制到独立账户,实现备份隔离
|
||
|
||
## Key Entities
|
||
- [[AWS]]:云服务提供商,AWS Backup 和所有相关灾备功能的服务提供者
|
||
- [[Cloud Transformation Programme]](CTP):企业级云转型计划,本视频为其 Topic 72,专注 DR 策略理论
|
||
- Sabith(AWS):本视频讲师,AWS 技术专家,主讲企业 DR 策略
|
||
- SRE Teams:Site Reliability Engineering 团队,负责灾备策略设计和实施
|
||
|
||
## Connections
|
||
- [[ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup]] ← extends ← [[ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program]](Topic 72 提供 DR 理论基础,Topic 73 聚焦 CTP 实施落地)
|
||
- [[ctp-topic-44-aws-backup-in-micro-focus]] ← relates_to ← [[ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup]](均讨论 AWS Backup,Topic 44 聚焦 Micro Focus 内部评估,Topic 72 提供 AWS 官方视角)
|
||
- [[High Availability]] ← relates_to ← [[ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup]](HA 与 DR 为灾备体系的两大支柱,DR 关注数据恢复,HA 关注系统可用性)
|
||
- [[RTO]] ← key_metric ← [[ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup]](RTO 是本视频的核心 DR 指标之一)
|
||
- [[RPO]] ← key_metric ← [[ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup]](RPO 是本视频的核心 DR 指标之一)
|
||
|
||
## Contradictions
|
||
- 与 [[ctp-topic-44-aws-backup-in-micro-focus]] 存在视角差异:
|
||
- 冲突点:Micro Focus 内部评估指出 AWS Backup 存在局限性(无法选择性排除 EC2 附加卷、崩溃一致而非热备份)
|
||
- 当前观点:Topic 72 强调 AWS Backup 的优势和全托管特性
|
||
- 对方观点:Topic 44 建议同时评估快照管理工具作为补充
|
||
- 综合结论:两者互补,AWS Backup 适用于标准化策略驱动的备份,快照工具适用于细粒度定制场景
|