AWS Data Storage, Disaster Recovery and Security

About the CustomerThe U.S. Army Heritage and Education Center “Client” is the premier educational, research, and archival facility focused on U.S. Army history. Easily accessible from major population centers including New York City and Washington, D.C., the Center features free and publicly accessible exhibit galleries, a research library and archives, the Army Heritage Trail, and rentable multi-purpose rooms.  

Customer Challenge: The Client required services for data center that must have appropriate protection against data degradation and a durability of data and technology level of “six nines” (99.9999%). The Client’s initial data storage requirement of 3 Petabytes (base year) with an anticipated growth of 2 petabytes per year (each option year) with a maximum requirement of 11 petabytes within 5 years. All data stored is unclassified. The Client requires that the files being provided be stored in their original data package (i.e. no compressing, etc). The Client currently has approximately 10 terabytes of information on its existing system. Data must be stored in several geographic locations (regions/availability zones) to ensure the archival copy of data being stored by the contractor is not in the same geographic location as the archival system hosting the working copies of the same data. 

Partner SolutionA&T, an AWS services/solutions partner, has developed a turn-key storage solution. This storage solution is suitable for the Client who has vast amounts of unclassified data to store/use for both short- and long-term. Our solution is built to comply with DoD Security Requirements Guide (SRG) and Risk Management Framework (RMF) requirements and rapidly acquire Authority to Operate for cloud. Implementation of SRG and RMF is based on data categorization at the appropriate Impact Level to meet continuous compliance requirements.  

Cost:  

  1. Cost will be based upon storage usage on a monthly basis. A&T Systems will provide an invoice, through CloudCheckr, that details the usage and services utilized in any given month. 
  1. A&T provides managed services to maintain the security of the data. 

A&T’s Storage solution is a one-stop solution to: 

  1. Provides the Client flexibility to utilize the service as required. 
  1. Provides the Client a method to retain current data stored with AWS until other options are available. 
  1. Provides the Client access to A&T’s Managed Services technical personal  
  1. Assess each workload’s requirements for access, security, and retention, and architect the most cost-effective cloud service for each from AWS S3 and AWS Glacier 
  1. Automatically & instantly build Secure Cloud Computing Architecture (SCCA)-compliant cloud services for each workload using AWS- and A&T-developed QuickStart automated reference deployments  
  1. Configure disaster recovery with Inter- and Intra-Regional redundancy 
  1. Deploy S3 buckets for encrypted content, logging, and backup; Glacier for lifecycle policies 
  1. Deploy Continuous Compliance Monitoring Tool 
  1. Migrate data with process that ensures chain-of-custody from DoD NIPRNet storage to AWS storage 
  1. Manage logging, monitoring, and alerts using AWS CloudTrail, CloudWatch, and Config rules (where available); apply data validation methodology before moving to long-term storage; and enforce data loss prevention, scheduled compliance, and reporting 
Amazon Web Service (AWS) Applications   
AWS EBS Snapshots AWS S3 AWS CloudFormation AWS CloudTrail AWS S3 Endpoint  
AWS Trusted Advisor AWS SNS AWS CloudWatch AWS IAM AWS VPC  
Amazon Glacier AWS Config AWS SES    

Results and Benefits: The Client has industry standard data protection and disaster recovery procedures. 

A&T provides backup services for AWS services, systems and data. There are multiple types of backups: 

  1. Firewall and Web Application Firewall Backups  
  • A&T automates the creation and retention of backups files using built-in 3rd Party tool. The tool is used to automate the copy of the backups to Amazon S3.  
  1. Splunk Data 
  • A&T automates the creation of Splunk data archive and copy to Amazon S3. 
  1. CloudTrail: 
  • A&T automates the creation and retention of CloudTrail logs using AWS CloudTrail S3 storage. 

Recovery Point Objective: (RPO): 

The current RPO is to keep data for 90 days an active storage bucket and then move the backups to cold storage for one (1) year. A&T will automate the transfers from active to cold storage, and the deletions of backups past the one-year retention standard. 

Manual or automated batch upload of data from a separate system, using a system account. A file system capable of being accessed by Window’s based desktop systems adaptable to new versions of Windows and which allows full auditing of file access and modifications. 

Established hierarchy of permissions and access levels. Client required at least two administrator’s accounts for our data with capability to establish a limited number of users 

About the Partner:  A&T Systems has been a trusted advisor to the Government for almost four (4) decades and has been an AWS Advanced Consulting Partner for over nine years. A&T is an AWS Solutions Provider and recent AWS’ Partner Transformation Program (PTP) graduate. PTP is a comprehensive assessment, training, and enablement program focused on further building and reinforcing a successful AWS Cloud business practice.  Our clients find that A&T is Flexible, Responsive, Innovative, Stable, and Cost-efficient (FRISC).  

A&T Systems is an AWS Advanced Consulting Partner and an Authorized Government Reseller Partner. As an AWS Authorized Government Partner, their cloud architects, DevOps and technical support staff, billing expertise, and project managers enhanced the security of the GovCloud region.