Application Consistent Backup for AWS EC2 Instances

Application Consistent Backup for AWS EC2 Instances

Why is Application Consistent Backup needed?

In general, backup for a Virtual Machine(VM) or Instance is achieved with the help of snapshots.

A snapshot is the state of the entire machine (VM/Instance) at a particular point in time. Backup via snapshot captures the state of the entire VM/Instance and all its data instantly at the same time which is termed crash-consistent backup. However, this type of backup is not reliable as it cannot guarantee the consistency of the applications running inside the machine.

When creating a snapshot there may be cases where the application might be performing some I/O operations on its data files by keeping them open, which means the application is not in a consistent state. So, there may be chances of data loss while taking backup if we don’t consider this situation. This is where application-consistent backup comes into play.

Application-consistent backup creates a transactionally consistent backup of the application by capturing the application’s current state along with the data in memory and pending transactions. In this case, you will not experience any pause in your operations if you are using the application during backup. This also makes the application data reliable and consistent for recovery when needed.

Application Consistent Backup Process:

Microsoft’s VSS is used to capture the application’s current state in consistent mode. VSS ensures that an application running inside a particular VM/Instance is aware that a backup is going to take place and helps in achieving a consistent application state by executing the pending database transactions which are flushed onto the disks. This way, applications reach a consistent state before the backup process and then the snapshot is taken.

Understanding Volume Shadow Copy Service (VSS)

To take application consistent backups, the backup software communicates with Microsoft Windows VSS running inside the machines. Volume Shadow Copy Service (VSS) coordinates all the actions that are required to take a point-in-time consistent snapshot.

The major components of VSS are:

VSS Requestor – The backup application starts a backup or restore process through the Requester mechanism.

VSS Writer – Before the backup starts, the writer enables the appropriate application or component to become aware of the backup process and to change into a backup-ready state.

VSS Provider – This creates and maintains the shadow copies (a type of snapshot that is taken just before a VSS-aware backup) that are used internally by the backup process.

Read this blog to know more about the Microsoft VSS process:

Application-aware Backup for EC2 Instance

For On-premise workloads, backup software performs application-consistent backup with the help of the custom agent running inside the virtual machine, where the communication happens via the IP Address. However, in AWS, not all instances can be assigned with Public IP Address/Elastic IP Address considering security reasons. To handle this, BDRSuite took a different approach to this problem.

Let’s first discuss BDRSuite and then look into how application-aware backup is handled for EC2 instances by BDRSuite.

BDRSuite for AWS:

BDRSuite for AWS supports cloud-native agentless backup for EC2 Instances with Automatic Scheduling, Application-aware backups along with Instance and Volume-level recovery.

How Application-aware backups are performed for AWS EC2 Instances in BDRSuite?

BDRSuite uses the AWS Systems Manager Agent (SSM) approach for achieving application-aware backups for AWS EC2 Instances.

AWS Systems Manager is a service running in the AWS Infrastructure, which aims at communicating to the instances without the need for the IP Address. SSM agent is a service that runs inside the instance, which acts as an intermediate and helps in communication.The SSM agent will be available to the instances created via all the latest versions of the AMI. If needed it can be updated via the AWS Systems Manager. AWS Security Token Service (AWS STS) is used to acquire temporary access credentials for trusted users and groups. BDRSuite sends SSM API requests to the instances to initiate VSS snapshots and perform application-aware backups.

Application-aware backup for EC2 Instance – Prerequisites

  • The instance should be running
  • The instance should have Microsoft Volume Shadow Copy Service (VSS) and should be running

Make sure all the above-mentioned prerequisites are met to perform application-aware backup for the EC2 Instance.

Application-aware Backup using BDRSuite – Detailed Process

  • BDRSuite automatically installs BDRSuite Guest Tool through SSM in every instance for which application-aware is enabled. BDRSuite Guest Tool is a custom agent that runs inside the EC2 Instance which helps to perform application-aware process
  • The following services are used to achieve to perform this process:
    • S3 Service – BDRSuite Guest Tool file is uploaded to S3 bucket and then the file is created as a package to install in EC2 Instances using this service
    • STS – This service is used for accessing the instance
    • SSM Service – The created BDRSuite Guest tool package is installed to the instances using this service
  • BDRSuite Guest Tool is uploaded to the S3 bucket in the AWS region. Then, the guest tool is converted into an SSM package. The created package is installed to the instance automatically using AWS SSM APIs. Using the BDRSuite Guest Tool and AWS SSM, application-aware backup is performed for EC2 Instances

Below is a pictorial representation of the application-aware backup process in BDRSuite:


For detailed information on AWS Backup and Recovery Configuration, Refer to BDRSuite User Guide

Interested in checking out BDRSuite? Try our 30-day free trial now or Request a demo

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

The post Application Consistent Backup for AWS EC2 Instances appeared first on

This content was originally published here.