Every service which is part of the application catalog has data protection features. This means that the system takes care of creating regular backups and provides means to restore from a backup.
Scheduled is at least one backup every 24h. Handling of failed scheduled backups are subject to the SLA. The time of backup can be at a random time of day and is not customizable.
Recovery point objective (RPO) is defined as the maximum amount of data – as measured by time – that can be lost after a recovery from a disaster, failure, or comparable event before data loss will exceed what is acceptable to an organization. An RPO determines the maximum age of the data or files in backup storage needed to be able to meet the objective specified by the RPO, should a network or computer system failure occur.
We currently do not provide any guarantees, as it highly depends on the service and the amount of data to be restored.
The recovery time objective (RTO) is the maximum acceptable time that an application, computer, network, or system can be down after an unexpected disaster, failure, or comparable event takes place. RTO captures the maximum allowable time between restoration of normal service levels and resumption of typical operations and the unexpected failure or disaster. RTO defines a turning point, after which time the consequences of interruption from a disaster or failure become unacceptable.
No additional costs occur for this service, it’s integral part of the service offering. Allthough the service consumer can be charged additionally for every compute and storage resource (including temporary) that the backup itself consumes on a pay-per-use basis. This cost may differ from service to service and depends on the infrastructure the service is running on.
The backup snapshots are stored on the same cloud provider and region where the service instance is provisioned on.
Data is encrypted before being sent to the backup location. Transfer of data happens over a TLS encrypted and authenticated connection.
The last 5 most recent snapshots are never deleted.
Keep the last snapshot for each day for the last 7 days.
Keep the last snapshot for each week for the last 2 weeks.
Keep the last snapshot for each month for the last 3 months.
When a service instance is deleted, all backups are deleted as well.
A backup usually does not cause a general service connection interruption. However, there may be performance impacts with nondeterministic duration.
During the duration of the restore process the service will have reduced availability or may be completely unavailable. Depending on the nature of the service, clients of the service will need to reconnect after the restore, which may involve re-resolving the service name via DNS lookup. Depending on the client implementation this may require restarting the client.
Currently no customization of the backup process is possible. The backup process is enabled by default, but can be disabled per service instance. Once disabled, we don’t guarantee any data safety.