FileMaker Server 13 / Amazon EC2: Backups and Security
Over on FileMaker TechNet this morning, I had someone ask a few questions about how I backup and protect our FileMaker Servers that are running on Amazon's EC2 service. I thought I'd share the questions and answers here as well.
"How do you manage backups in this kind of environment?"
I backup locally using what Amazon refers to as EBS (Elastic Block Store) volumes. Think of these as virtual drives that can be connected to EC2 instances. With EBS volumes, the backups happen very quickly. Also, should I ever need to recover using another EC2 instance, I can simply detach an EBS volume from the problematic EC2 instance and attach it to a new instance.
I backup remotely using DropBox. I have DropBox running as a service, and have special FMS backup jobs in place which save to DropBox periodically. In addition, I have signed up for DropBox's Packrat option, so I can recover from very, very old backups should I ever need to. (At this point I can recover from a backup that was created as far back as the spring of 2012.)
Some of my clients want direct access to their backups. For them, I create special backup jobs which save to shared folders in DropBox.
"What sort of firewall protection have you implemented?"
I actually have dual firewalls in place, and both are software-based.
The first one is built into EC2. Amazon supports "security groups" which essentially act as firewalls and control traffic to EC2 instances. Security groups are very easy to setup and maintain, and once you have one configured you can use it to protect multiple EC2 instances.
The second firewall is the one built into Windows Server 2012. I'd like to say that the Windows firewall has improved over the years, but it is still the mess that it has always been. In any case, it does work.
One of the reasons that I have been interested in running FileMaker Server on EC2 is that I provide FileMaker hosting to my development and consulting clients whose databases are mission critical. I am preparing to provide that service on a bigger scale. For details about the service, please visit http://openremote.net.