Our backup strategy is :
- Every deployment database is snapshot using the mechanism provided by the cloud provider the client is deployed to. Theses snapshots allows Cloud-IAM to do fast recovering on demand or in case of unrecoverable misconfiguration.
- Every deployment database is backed up using complete dump for cold storage. These backups are encrypted and stored in other locations using highly available storage in European Union (99.999999999% of durability).
- These backups are used for deployment migration and disaster recovery.
Each database is backed up at least daily, and frequency can be discussed on demand to go up to hourly.
The backup retention are :
- 7 days for snapshots
- 1 month for cold backups
Cloud-IAM deployment are by default deployed in a chosen cloud provider region in every of its availability zones in order to provide the most Highly Available setup possible in case of infrastructure and network failure. However, shit happens 😞. In case of region unavailability because of major outage in the chosen cloud-provider, Cloud-IAM on-call team is able to recreate from scratch any deployment using its cold backup.
- Depending on the gravity of the incident, Cloud-IAM on-call team will recreate the deployment :
- in the same region if possible
- in another region of the same cloud provider
- in another cloud provider only with direct approval of the customer
- The whole process can take up to 2 hours (RTO) and a data loss can be up to the last backup performed, so up to 24 hours (RPO) maximum.
For all the duration of the incident, Cloud-IAM on-call team will communicate every action to the impacted customers through emails.