This article overviews security objects & practices that everyone should know: all these layers of security, what they are called, and what they are used for to secure your cluster.
In our daily lives, thinking about preparing for disasters such as fires, floods, earthquakes or zombie invasions may not always seem urgent. However, in the digital world, where everything depends on infrastructure, preventing any unexpected incident, even a power or internet outage, becomes even more critical as your applications can hardly afford any downtime.
The responsibility of disaster resilience
When it comes to the public cloud, things become more abstract and distant. It seems like you're putting your life in the hands of the cloud provider. But in reality, as one of our founders Arnaud de Bermingham said, "Data is a shared responsibility - between provider and customer". It is important to choose your provider and understand their product design, to know the level of elasticity and limitations, and to have full transparency to implement best practices. At the same time, it is the responsibility of the cloud provider to provide the best disaster recovery options.
As a customer, you are responsible for the redundancy and management of the services running on top of infrastructure products. You can have programs deployed in different Availability Zones, and the highest level of redundancy can be obtained by developing your application in several different regions. With PaaS offers, on the other hand, customers can only select regions during configuration. In this case, the redundancy and service management inside one region is the responsibility of the cloud provider. In other words, only cloud providers that operate platform services in several AZs in the same region have the option to be responsible for them.
If you’ve been following Scaleway, you might know that one of our main strategies is to be the first European cloud provider to launch a full region with three AZs and we’ve already started. We want to give our customers the true cloud services - high level resiliency, while maintaining sovereignty at infrastructure level without being under the jurisdiction of extraterritorial laws. There shouldn’t be a need to trade off between resilience and sovereignty.
Starting with the Paris region, you can already level up the resiliency of your instances with fr-par-3, giving you the ability to build architecture that will continue providing the same quality of service even in the event of up to two AZ failures. Now, one of our most important PaaS products, Object Storage, is also evolving towards Multi-AZ high redundancy, and unlike Instances, you don't have to configure it yourself, the option has been designed as an out-of-the-box solution.
A deep dive into Object Storage
Object Storage has been designed to store very large amounts of static content. Your static assets (logs, backups, multimedia or text files, HTML pages, etc.) are named “objects” and are stored in containers called “buckets”.
Initially, our Object Storage was designed with the erasure coding 6+3 to secure your data, which means each object is split into six data fragments and adds three parity fragments to be stored in servers to keep your data available in case of a disk failure. Now, we’re expanding this mechanism on a broader scale, which means that the 6+3 fragments will be distributed among three physically independent Availability Zones within one region. This means that when you use Object Storage in the Paris region, it is resilient to any accident that leads to the total loss of one Availability Zone.
In a nutshell, the biggest benefit of Multi AZ is to keep your data storage resilient against the total loss of one AZ due to any accidents or disasters such as fires, floods, earthquakes, outages, network failures, etc.
The most critical part is that our Object Storage is built entirely on a Scaleway-designed technical stack. Your data has full European sovereignty, software ownership and enhanced security in all dimensions.
Thanks to the unique expertise of our R&D, and over 20 years of experience with distributed systems, we are the first and only European player to deliver a fully in-house built, and end-to-end owned technical stack for Object Storage. This results in a scalable, sovereign, resilient and high-performance solution for our clients starting from server and data center level, all the way up to the software stack.
Another option - One Zone - IA (Infrequent Access)
The Multi-AZ deployment comes at a higher cost and adapts more to business critical use cases. At the same time, customers should still have the option for less resilient and more affordable storage to adapt to different use cases.
As Multi AZ becomes the new Standard class in the Paris region, we will provide you with a new storage class - One Zone - IA to suit your different needs. With this class, you still have the option of storing data in a single AZ. It can also be integrated into your lifecycle management rules, together with Standard and Glacier class, and is a good choice for storing secondary backup copies or easily recreatable data.
For now, this new setup only applies to the Paris region, but it is in our roadmap to expand to AMS and WAW next year.
Don't forget that Scaleway offers 75GB free Object Storage each month. It wouldn't hurt to give it a try, what are you waiting for?
When you build your infrastructure with Scaleway, it’s important to take a few simple rules into account, to limit the risk of data loss. Data is a shared responsibility: provider & customer.