Acquia Cloud Enterprise is designed for high availability, with guaranteed 99.95% uptime. This page describes how Acquia delivers Acquia Cloud Enterprise's high availability.
High availability architecture
Acquia Cloud is built on Amazon Web Services (AWS) infrastructure, which is physically remote from the Acquia offices. The AWS environment consists of major regions and Availability Zones. Acquia Cloud customers may choose the geographic region for their application's location. Acquia Cloud currently supports the US (East and West), EU (Frankfurt and Ireland), Asia Pacific (Tokyo, Singapore, and Sydney), and South America (São Paulo) regions.
Each region contains multiple Availability Zones. AWS Availability Zones are separate yet interconnected data centers within the major regions. Acquia Cloud Enterprise offers high availability by using multiple AWS Availability Zones in one AWS region with redundant servers serving each layer of the technology stack. The following are the three main components of a Drupal application hosted by Acquia Cloud Enterprise:
- Reverse proxy caching and load balancing servers (Nginx and Varnish)
- Web servers (Apache with PHP and Drupal code)
- Database servers (Percona (MySQL))
At the Internet-facing tier, a software-based load balancer is deployed with a hot standby in a different availability zone in the same region. The load balancer distributes load across multiple web servers, which are also distributed across multiple availability zones. Acquia's expert operations team adds additional web servers to the resource pool as needed. The load balancer continuously monitors the web servers, and if a server becomes unavailable, it removes it from the pool of hosts serving the application. Web servers use a shared network file system (GlusterFS) so that all files are kept in sync and redundant to each other.
At the database layer, a scalable database cluster serves the application with active and passive database servers in multiple availability zones. The active master database server continuously updates the passive master database using MySQL replication. In the event of a failure of the master database, the passive database becomes primary through a DNS-based failover.
It is Acquia’s policy to restore customer services in the event of a major disaster in the best time frames. If the services in the current zone or region were severely impacted, Acquia would do its best to restore services in an alternate Availability Zone or region.
Disaster Recovery - Multiregion replication
Optionally, for customers with very high availability requirements, Acquia offers Acquia Cloud Enterprise customer environments with hot standby applications in an alternate region, thus providing live failover capabilities for disaster recovery.
Acquia maintains a comprehensive backup solution that includes application code, static files, and databases. Integrated backup facilities use Amazon’s Elastic Block Store (EBS) and Simple Storage Service (S3).
Automatic snapshots for disaster recovery
Acquia Cloud takes hourly snapshots of the passive master database, file system, and code repository. These snapshots are programmatically stored in Amazon S3 buckets (Amazon's highly available cloud storage) and used to restore an application in the case of multiple disk failure or total data center loss. Backup data stored in Amazon S3 is maintained in the same region (for example, US-East, US-West, or EU-East) where the production application is located. Amazon S3 repositories are distributed amongst multiple Availability Zones (data centers) and multiple devices within each Availability Zone for redundancy.
Acquia Cloud retains disaster recovery snapshots on the following schedule:
- The four most recent hourly snapshots
- Daily snapshots that are retained for one week
- Weekly snapshots that are retained for one month
- Monthly snapshots that are retained for three months
Acquia does not provide customer access to these snapshots and will not use these snapshots to restore applications due to either data loss or deletion by customers.
Customer on-demand backups
Customers have full server access to implement their own on-demand backups of code, files, and database content. To assist, Acquia provides the previous three days' database backups (dumps of the MySQL database) to Acquia Cloud customers using the Acquia Cloud interface or Cloud API. Additionally, customers may make on-demand backups of any database at any time on the Workflow tab of the Acquia Cloud user interface, or through SSH/SCP. Acquia Cloud keeps your on-demand backups until you delete them. Your backup copies count against the storage space of your account. Customers may download database backups and restore a previous backup on the Backups tab of the Acquia Cloud user interface.
At the Drupal code layer, customers can manage and deploy their customer-developed code using Acquia’s code repository service (Git or SVN). These services allow for rollback and redeployment of Drupal code, effectively backing up the application's code.
To ensure your organization's ability to access your application's code, settings, database, and files during a major service interruption or a disaster, Acquia recommends that you use the Acquia Cloud-provided interfaces to copy this data to a local or cloud storage location independent of Acquia on a regular basis, or after you have deployed changes to the Acquia Cloud platform. You should also periodically check to make sure that backups are being successfully completed and test your ability to restore applications from a backup copy.