About protecting data in Amazon for long-term retention
The following Amazon cloud storage options are available for long-term retention of data:
Consider the following table when deciding between GLACIER and GLACIER_VAULT storage classes:
GLACIER storage class | GLACIER_VAULT storage class |
|---|---|
GLACIER storage class corresponds to uploading data through S3 end point and transitioning the data to Glacier storage using Amazon's zero day lifecycle policy that NetBackup creates. | GLACIER_VAULT storage class corresponds to uploading data using Amazon Glacier services to vault. |
For GLACIER storage class, the metadata is stored in STANDARD storage class. | For GLACIER_VAULT storage class, the metadata is stored in STANDARD and GLACIER_VAULT storage classes. |
Cost of operation for GLACIER is approximately 2% higher than GLACIER_VAULT. | Cost of operation for GLACIER and GLACIER_VAULT storage class is approximately the same with GLACIER being approximately 2% higher than GLACIER_VAULT. |
Use GLACIER_VAULT storage class if you plan to use the immutable vault lock policy for compliance or to protect your data from ransomware attack. As of now Amazon does not provide immutable lock capability for the objects that are transitioned to Glacier using the Amazon lifecycle policy. | Use GLACIER storage class if you do not plan to use immutable vault lock capability. Amazon Glacier gives you low cost storage, better speed, flexibility, and visibility. |
GLACIER storage class has a configurable retrieval retention period. Thus, it is useful for restores that may take more time due to size and speed. | The retrieval retention period for GLACIER_VAULT storage class is fixed, that is 24 hours. See Restoring from Amazon Glacier vault spans more than 24 hours for single fragment . |
As objects get uploaded, Amazon provides visibility for all objects and their storage class property through the Amazon S3 service console. Hence, NetBackup images created using GLACIER storage class have better visibility through the Amazon S3 service console. | Amazon takes 24 hours to refresh archive inventory. Hence, archives uploaded during backup done using GLACIER_VAULT storage class will be reflected in the Amazon Glacier service console only after 24 hours. However, you can get some visibility of backups using the Amazon S3 service console through the metadata generated during the backup. Amazon Glacier service console does not provide any visibility for individual archives. |
There are architectural differences between GLACIER_VAULT storage class (using Amazon Glacier services) and GLACIER storage class (using Amazon S3 services). This results in difference in speed that must be considered when selecting between the two. | There are architectural differences between GLACIER_VAULT storage class (using Amazon Glacier services) and GLACIER storage class (using Amazon S3 services). This results in difference in speed that must be considered when selecting between the two. |
Storage cleanup handling on failure is better for GLACIER storage class. | Storage cleanup handling on failure is better for GLACIER storage class as compared to GLACIER_VAULT storage class. |