Backup Policies for Servers migrated to AWS
Backup Policy for Windows Servers on AWS
Policy ID: IT-BACKUP-001
Version: 1.0
Effective Date: [Insert Date]
Owner: IT Operations / Cloud Infrastructure Team
1. Purpose
This policy defines standardized procedures for backing up Windows servers hosted on AWS, ensuring data integrity, availability, and recoverability in the event of hardware failure, application issues, or disaster.
2. Scope
- All Windows Server instances running in AWS (EC2) that host production applications.
- All attached EBS volumes containing system or application data.
- Critical databases and application files hosted on these instances.
3. Policy Statements
3.1 Backup Frequency
- Full backups: Weekly, capturing the entire system volume (EBS snapshot).
- Incremental backups: Daily, capturing changed data on EBS volumes.
- Application-specific backups: Database backups (SQL Server, Exchange) must occur at least daily.
3.2 Backup Methodology
- AWS Backup will be the primary mechanism for automated backups.
- VSS (Volume Shadow Copy Service) must be enabled for application-consistent snapshots.
- File-level backups of configuration files and critical application data should be copied to S3 for redundancy.
3.3 Retention
- Daily backups: Retain for 14 days.
- Weekly backups: Retain for 90 days.
- Monthly backups: Retain for 1 year.
- Offsite / Cross-region backups: Critical systems must have at least one copy in a different AWS region.
3.4 Roles and Responsibilities
- IT Operations / Cloud Infrastructure Team: Configure and monitor AWS Backup and snapshots, ensure SSM agents are installed, validate application-consistent backups.
- Application Owners: Confirm backup schedules meet business RPO/RTO requirements and provide scripts for pre/post backup processes if required.
3.5 Monitoring and Reporting
- Use CloudWatch metrics and alarms to track backup success/failure and disk space usage.
- Generate AWS Backup compliance reports weekly and review with IT management.
- Investigate and remediate any failed or missed backups within 24 hours.
3.6 Testing and Validation
- Quarterly restore tests must be performed to ensure backups are recoverable.
- Document results, including issues, corrective actions, and improvements.
3.7 Security
- All backup data must be encrypted at rest and in transit.
- Limit access to backups using IAM roles and policies.
- Audit access logs periodically for compliance.
4. Exceptions
Any deviation from this policy requires formal approval from IT management and must be documented with reasons, risks, and mitigation measures.
5. References
- AWS Backup Documentation
- AWS Systems Manager Documentation
- Company IT Disaster Recovery Policy
AWS Backup Plan for Windows Servers
The following JSON template can be used in AWS Backup to implement this policy:
{
"BackupPlanName": "Windows-Prod-Backup-Plan",
"Rules": [
{
"RuleName": "Daily-Incremental-Backup",
"TargetBackupVaultName": "Default",
"ScheduleExpression": "cron(0 2 * * ? *)",
"StartWindowMinutes": 60,
"CompletionWindowMinutes": 180,
"Lifecycle": {
"MoveToColdStorageAfterDays": 30,
"DeleteAfterDays": 14
},
"RecoveryPointTags": {
"Environment": "Production",
"Application": "WindowsServer"
}
},
{
"RuleName": "Weekly-Full-Backup",
"TargetBackupVaultName": "Default",
"ScheduleExpression": "cron(0 3 ? * 1 *)",
"StartWindowMinutes": 120,
"CompletionWindowMinutes": 360,
"Lifecycle": {
"MoveToColdStorageAfterDays": 60,
"DeleteAfterDays": 90
},
"RecoveryPointTags": {
"Environment": "Production",
"Application": "WindowsServer"
}
},
{
"RuleName": "Monthly-Archive-Backup",
"TargetBackupVaultName": "Default",
"ScheduleExpression": "cron(0 4 1 * ? *)",
"StartWindowMinutes": 240,
"CompletionWindowMinutes": 720,
"Lifecycle": {
"MoveToColdStorageAfterDays": 90,
"DeleteAfterDays": 365
},
"RecoveryPointTags": {
"Environment": "Production",
"Application": "WindowsServer"
}
}
]
}
Leave a Reply