It has been a challenge to back up virtual machines in the public cloud. Amazon Web Services (AWS), recommends the creation of snapshots to protect Elastic Compute Cloud instances (EC2)
Before I explain how snapshots work, it is important that you understand that snapshots are not full copies of AWS instances. It is not a complete copy of an instance’s volume. A snapshot is simply a copy of storage blocks that have changed since the last snapshot was taken. A snapshot of a volume’s volume will contain a complete copy, just like an incremental backup. The modified storage blocks are only included in subsequent snapshots.
It is easy to create a snapshot. Administrators create an EC2 instance by creating an Elastic Block Store volume (EBS). This volume is used by the instance. To create a snapshot from such a volume, select the AWS console’s volumes container and right-click on it. Then, choose the Create Snapshot option in the shortcut menu.
[Click on the image to see a larger version.] Figure 1: Right-click the EBS volume and select the Create Snapshot command from its shortcut menu. The console will now display a dialog box asking for a name and description for the snapshot. Figure 2: Click Create to create the snapshot after entering all of this information. After you click Create, you will see a message that indicates that the snapshot creation has been started. Figure 3.
Figure 2: Type a name and description to describe the snapshot.
Figure 3: The snapshot creation has been initiated. You can check the status of the snapshot on the console’s Snapshots tab. Figure 4 shows this.
[Click on the image to see a larger version.] Figure 4: The console’s snapshot tab allows you to access the snapshot. While creating a snapshot is easy, there are some things you need to know about snapshots. First, snapshots are a general term. There are many types of snapshots in IT: storage snapshots; differencing disk snapshots; pointer snapshots; et cetera. Some types of snapshots don’t actually create a copy the storage volume being protected.
For example, differencing disk snapshots flag the virtual disk as read-only and then create a differencing disc that has a parent/child relationship to the original virtual disk. This ensures that the snapshot does not alter the original virtual disk. All write operations are directed to the different disk. It is easy to roll back such a snapshot by removing the differencing drive and making the original virtual disk read/write.
This snapshot preserves the contents of the virtual disk by making it read-only. However, it does NOT create a backup copy. AWS documentation calls snapshots “incremental backups” in contrast. Although AWS documentation doesn’t specify the type of snapshot mechanism used, it appears that AWS may be using storage snapshots.
It is important to understand how snapshotting handles encryption. You will see that the dialog box has an encryption option if you look at Figure 2. This option is not available from the dialog box. The dialog box does not mention encryption, but it is there for informational purposes.
The snapshot’s encryption mirrors that of the volume when you create it. AWS will automatically encrypt snapshots if the volume is encrypted. If the volume is encrypted, then AWS will automatically encrypt snapshots of the volume.

Oswald