This document discusses the options available on Compute Engine to back up and replicate the following Compute Engine resources:
- Persistent Disk and Google Cloud Hyperdisk volumes
- Virtual machine (VM) and bare metal instances
- Workloads running in Compute Engine and on-premises
To safeguard important data, Google recommends using one of the backup options discussed in this document. You can't recover a compute instance, disk, image, or snapshot if you delete it, even if the deletion was accidental.
Options
The following table compares the features you can use to back up and replicate disks and instances.
A managed service that provides secure backups for compute instances across projects.
- Defend against ransomware and other risks through insights into security threat events.
- Improve cyber resilience with immutable and indelible backups.
- Protect instances while retaining governance and oversight.
- Implement comprehensive monitoring, auditing, and reporting for compliance.
- Store all the configuration, metadata, permissions, and data from one or more disks required to create an instance.
- Back up and restore instances for long-term retention.
- Clone and replicate instances.
- Back up disks geo-redundantly for disaster recovery.
- Improve performance and space efficiency by storing as differential copies.
- Back up rarely accessed data that must be retained for several months or years.
- Use standard snapshot capabilities at a lower cost for cold storage.
- Retain backups for compliance, audits, and long-term cold storage.
- Capture a disk's contents at a particular point in time and save it in the same zone or region as the disk.
- Restore data rapidly with low recovery time objective (RTO) and recovery point objective (RPO) .
- Optimize storage space and improve performance by using a differential copy of the disk.
- Quickly create staging environments from production.
- Quickly copy a disk for backup verification or export offloading.
- Don't use for disaster recovery.
- Quickly create many instances.
- Import instances and create disks quickly.
- Achieve high availability in the rare event of a zonal outage.
- Don't use for data backup.
- Achieve business continuity for critical applications by minimizing data loss (RPO of about one minute) in the rare event of a regional outage.
- Perform DR testing, failover, and failback for multiple disks using consistency groups .
- Replicate regional disks to protect workloads from both zonal and regional outages.
Best practices for backups
Observe the following best practices when creating backups for your disks.
Avoid temporary standard snapshots
To immediately create a copy of a disk in the same zone for verification or export, use disk clones or instant snapshots instead of standard snapshots. Compared to disk clones and instant snapshots, standard snapshots have longer copy times for upload and download.
Schedule hourly standard snapshots for backup and disaster recovery
Schedule hourly standard snapshots . If you require daily snapshots, consider scheduling snapshots every 6 hours.
Use images for fast and frequent disk creation across regions
To create many disks from a single data source, use images instead of snapshots. Because Compute Engine performs local caching in target zones, disk creation from images is faster than disk creation from snapshots.
Use machine images to create backups of all disks attached to an instance
To create backups of all disks that are attached to an instance, use machine images . A machine image can be used to back up multiple disks at a time to help ensure that the data captured in the machine image is consistent across all disks. A persistent disk snapshot can only back up a single disk at a time. For more information, see When to use machine images .
Use Google Cloud Backup and DR Service to manage instance backups at scale
With Backup and DR Service, you manage backups of your instances across projects and environments by using advanced policies, centralized monitoring, and backup reporting in the following way:
- Create backup vaults that serve as secure storage locations for your backups.
- Create backup plans to configure the schedule and rules for your backup.
- Apply backup plans to existing instances or during instance creation .
- Assign specific permissions for backup access .
- Proactively and reactively monitor backup jobs .
- Create reports for tracking backups across resources spanning multiple projects.
- When needed, restore an instance from a backup vault .
You can also integrate Security Command Center with Backup and DR Service to additionally do the following:
- Track audit logs for backup access.
- Monitor for malicious activity on your backups.
