Design considerations and our recommendations for data protection

Design considerations and our recommendations for data protection Build • Arnaud de Bermingham • 20/04/21 • 12 min read

When you build your infrastructure with Scaleway, it’s important to take a few simple rules into account, to limit the risk of data loss , whatever the cause. Data is a shared responsibility - between provider and customer.

The causes of data loss can, for example, be due to a hardware failure, a network failure, hacking, malicious acts or the destruction of physical infrastructure.

Certain precautions need to be taken depending on the product type, namely for bare metal, Infrastructure as a Service or Platform as a Service.

In the interest of transparency, we would like to clarify and elaborate on the means used by Scaleway - our design recommendations and the responsibility of each person with regard to the data we store and process.

The concept of regions and AZs

Regarding the location of data, it is important to distinguish between three key concepts of the public cloud: the region, the availability zone and the data center.

A region includes several availability zones (AZ), ideally three within a geographical area of about 200 km. A region is also a unique network that is dissociated from (not interconnected) other regions with the exception of Amsterdam which for historical reasons is also a peering location for the Paris region. At Scaleway, Paris, Amsterdam or Warsaw are regions.

An Availability Zone (AZ) is made up of one or more data centers situated in a geographical area of about 5km with a maximum internal latency of 1.4 ms and situated at least 50km from another availability zone in the same region. At Scaleway, the fr-par-1 availability zone contains our DC2 and DC3 data centers, and the fr-par-2 availability zone contains our DC5 data center. The fr-par-3 availability zone will soon be made available with our DC4 data center.

A data center (DC) is the physical location of an availability zone.

Customers can choose the region and availability zone when ordering infrastructure products (IaaS). The physical fault domain is the availability zone and the network failure area is the region.

As a customer, you are responsible for the redundancy and the management of the services that run on top of your infrastructure products. The highest level of redundancy is obtained by developing your application across several distinct regions.

Customers can choose only the region when ordering platform products (PaaS). In this case, fault domain corresponds to the region and is therefore essentially linked to the network. Redundancy and service management are the responsibility of Scaleway. In other words, the cloud provider operating PaaS services in several AZs in the same region, is responsible for them.

This is why an ideal public cloud design is usually based on three availability zones in the same region. At Scaleway, we fully subscribe to this logic. Indeed, with three availability zones, the distribution of a PaaS product across different AZs allows for a high level of redundancy and availability.

In the interests of transparency - we can't claim perfect implementation of this ideal logic for the public cloud.

To date, not all of our regions are made up of three availability zones. This has no impact on IaaS products. For PaaS products, the level of availability and disaster resilience is not as optimal as with a three-zone design. We have long been aware of this issue, but we have always categorically refused to compromise by having multiple availability zones, clusters or virtual data centers in the same physical data center.

To avoid misleading our customers, we systematically recommend that they build their infrastructure across multiple regions. This is the most elegant way to ensure a redundant, high availability service.

In 2021, we will add three new availability zones to our three current regions. This project has already been validated and investments secured. Our PaaS software stack is designed with this in mind, and will be redeployed accordingly by the end of the year.

Bare metal products

When you use bare metal products, we do not, and cannot, have control of your infrastructure and data.

Nevertheless, here are our recommendations to minimize the risks:

"RAID" storage is NOT a backup or a guarantee of data durability. Scaleway does not guarantee any backup of your data and cannot even physically do it for you.

You must, at the very least, set up a remote backup system, in accordance with basic IT security rules and standards. Moreover, we strongly recommend our customers distribute their sensitive data across several servers located in different data centers, or even different providers and with a DRP (Disaster Recovery Plan) or BCP (Business Continuity Plan) rationale.

Backup solutions:

Solution 1: we offer an FTP Dedibackup replicated backup space for all Dedibox server customers. There are two versions available: 100GB free of charge, and 750GB for 4.99 € excl. tax/month. At Scaleway, this data is stored in our Object Storage, with a high level of redundancy and durability (see Object Storage chapter). However, Dedibackup has very limited functionality and security, and should be considered as technologically outdated in 2021.

Solution 2: we strongly recommend the use of Object Storage combined with long term regional archiving on C14 Cold Storage . For example, if your server is located in DC3 (in the Paris region), we recommend storing your backup datasets on Object Storage in the Amsterdam or Warsaw region. This solution is inexpensive, easy to implement and offers extremely high durability.

Solution 3: the perfect solution in a multi-cloud approach is to store your backup datasets with a different provider, in a geographical location that is sufficiently far away from your primary server.

Important design considerations:

Dedibackup is based on Scaleway Object Storage . Although Object Storage is a regional product, due to the lack of three availability zones in the Paris region, data is currently mainly stored in the fr-par-2 availability zone (DC5). If your Bare Metal server is located in DC5, we recommend that you use solution 2 from this list. Also, for DC5 Bare Metal customers, we will soon allow you to choose the storage region of your Dedibackup .

To view the physical location of your server in our data centers, simply log in to the account management section of the console or contact our…