Data protection options
This document compares the options available on Compute Engine to
back up and replicate the following Compute Engine resources:
- Persistent Disk and Google Cloud Hyperdisk volumes
- Virtual machine (VM) and bare metal instances
- Workloads running in Compute Engine and on-premises
To safeguard important data, Google recommends using one of the backup options
discussed in this document. You can't recover a compute instance, disk, image,
or snapshot if you delete it, even if the deletion was accidental.
Options
| Feature |
Summary |
Use case |
Optimized for |
|
Backup and DR Service |
Managed backup and disaster recovery (DR) service providing secure
storage and centralized backup management at scale for compute instances and
other workloads running in Trusted Cloud by S3NS. |
- Improve cyber resilience with immutable and indelible backups to backup
vaults.
- Configure the frequency, storage locations, and retention periods of
the backed up resources.
- Empower app developers to protect instances while retaining governance and
oversight.
- Comprehensive monitoring, auditing & reporting for compliance.
- Defend against ransomware and other risks through insights into security
threat events.
|
Centralized backup management of instances and databases across projects. |
| Standard snapshots |
- Captures the state of your disk at a particular point in time.
- Stored as differential copies for better performance and space
efficiency.
|
Long term data backup. |
Long retention backup and geo-redundancy. |
| Archive snapshots |
- Offers all the same benefits as standard snapshots, but at a lower-cost.
- Suited for use cases related to compliance,
audit, and long-term cold storage.
|
Long term data backup that is rarely accessed but must be retained for
several months or years. |
Long retention backup and geo-redundancy. |
| Instant snapshots |
- Captures the state of your disk at a particular point in time.
- Each instant snapshot is stored as a differential copy of the disk
for more efficient storage and better performance.
|
Quick local disk backup that enables rapid
data restoration in case of application failure or user error. |
- Rapid data restoration after application corruption, user error, or
failed upgrades.
- Low
RTO and RPO.
|
| Machine images |
Stores all the configuration, metadata, permissions, and data from one or
more disks required to create an instance. |
- Long term instance backup and restore.
- Instance cloning and replication.
|
Instance consistency at the I/0 operation level or crash level. |
| Regional persistent disk |
Replicates data synchronously across two zones in the same region. |
- High availability.
- Not designed for data backup.
|
RTO: less than 1 minute
RPO: 0 |
| Disk clones |
Creates a live duplicate of the source disk that can be instantly attached to an
instance. |
- Quickly bringing up staging environments from production.
- Replication for backup verification or export offloading.
- Not designed for disaster recovery.
|
Copy data management. |
| Images |
Contains the set of programs and files required to boot an operating system
on an instance. |
- Instance import and fast disk creation.
- Quickly creating many instances.
|
Rapid disk creation. |
Best practices for backups
Observe the following best practices when creating backups for your disks.
Avoid temporary standard snapshots
To immediately create a copy of a disk in the same zone for verification or
export, use disk clones or instant snapshots instead of standard snapshots.
Compared to disk clones and instant snapshots, standard snapshots
have longer copy times for upload and download.
Schedule hourly standard snapshots for backup and disaster recovery
Schedule hourly standard snapshots.
If you require daily snapshots, consider scheduling snapshots every 6 hours.
Use images for fast and frequent disk creation across regions
To create many disks from a single data source,
use images
instead of snapshots. Because Compute Engine performs local caching in
target zones, disk creation from images is faster than disk creation from
snapshots.
Use machine images to create backups of all disks attached to an instance
To create backups of all disks that are attached to an instance,
use machine images.
A machine image can be used to backup multiple disks at a time to help ensure
that the data captured in the machine image is consistent across all disks. A
persistent disk snapshot can only backup a single disk at a time. For more
information, see When to use machine images.
Use Trusted Cloud by S3NS Backup and DR Service to manage instance backups at scale
With Backup and DR Service, you manage backups of your instances across projects and
environments by using advanced policies, centralized monitoring and backup
reporting in the following way:
You can also integrate
Security Command Center
with Backup and DR Service to additionally:
- Track audit logs for backup access.
- Monitor for malicious activity on your backups.
What's next
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-26 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eCompute Engine offers multiple backup and replication options for Persistent Disk, Hyperdisk volumes, VM instances, and workloads, including on-premises.\u003c/p\u003e\n"],["\u003cp\u003eGoogle recommends using one of the backup solutions discussed, as deleted compute instances, disks, images, or snapshots are unrecoverable, even if accidentally deleted.\u003c/p\u003e\n"],["\u003cp\u003eBackup and DR Service is a managed option for secure storage and centralized backup management across multiple projects, providing features like backup vaults, backup plans, and security threat event insights.\u003c/p\u003e\n"],["\u003cp\u003eStandard, Archive, and Instant snapshots offer varying levels of cost and access speed for long-term data backup, ranging from geo-redundant storage to rapid data restoration.\u003c/p\u003e\n"],["\u003cp\u003eMachine images offer a method to back up and replicate all the disks attached to an instance with consistency across the disks, whereas persistent disk snapshots can only back up a single disk at a time.\u003c/p\u003e\n"]]],[],null,["# Data protection options\n\n*** ** * ** ***\n\nThis document compares the options available on Compute Engine to\nback up and replicate the following Compute Engine resources:\n\n- Persistent Disk and Google Cloud Hyperdisk volumes\n- Virtual machine (VM) and bare metal instances\n- Workloads running in Compute Engine and on-premises\n\nTo safeguard important data, Google recommends using one of the backup options\ndiscussed in this document. You can't recover a compute instance, disk, image,\nor snapshot if you delete it, even if the deletion was accidental.\n\nOptions\n-------\n\nBest practices for backups\n--------------------------\n\nObserve the following best practices when creating backups for your disks.\n\n### Avoid temporary standard snapshots\n\nTo immediately create a copy of a disk in the same zone for verification or\nexport, use disk clones or instant snapshots instead of standard snapshots.\nCompared to disk clones and instant snapshots, standard snapshots\nhave longer copy times for upload and download.\n\n### Schedule hourly standard snapshots for backup and disaster recovery\n\n[Schedule hourly standard snapshots](/compute/docs/disks/scheduled-snapshots).\nIf you require daily snapshots, consider scheduling snapshots every 6 hours.\n\n### Use images for fast and frequent disk creation across regions\n\nTo create many disks from a single data source,\n[use images](/compute/docs/instances/create-start-instance#startinginstancewithimage)\ninstead of snapshots. Because Compute Engine performs local caching in\ntarget zones, disk creation from images is faster than disk creation from\nsnapshots.\n\n### Use machine images to create backups of all disks attached to an instance\n\nTo create backups of all disks that are attached to an instance,\n[use machine images](/compute/docs/machine-images/create-machine-images#create-image-from-instance).\nA machine image can be used to backup multiple disks at a time to help ensure\nthat the data captured in the machine image is consistent across all disks. A\npersistent disk snapshot can only backup a single disk at a time. For more\ninformation, see [When to use machine images](/compute/docs/machine-images#when-to-use).\n\n### Use Google Cloud Backup and DR Service to manage instance backups at scale\n\nWith Backup and DR Service, you manage backups of your instances across projects and\nenvironments by using advanced policies, centralized monitoring and backup\nreporting in the following way:\n\n- [Create backup vaults](/backup-disaster-recovery/docs/cloud-console/backup-vault-create) that serve as secure storage locations for your backups.\n- [Create backup plans](/backup-disaster-recovery/docs/cloud-console/backup-plan-create) to configure the schedule and rules for your backup.\n- Apply backup plans [to existing instances](/backup-disaster-recovery/docs/cloud-console/compute/compute-instance-backup) or [during instance creation](/compute/docs/instances/create-instance-with-gcbdr-backup-plan).\n- Assign specific permissions for [backup access](/backup-disaster-recovery/docs/configuration/workforce-identity-federation).\n- Proactively and reactively [monitor backup jobs](/backup-disaster-recovery/docs/monitor-reports/monitor-jobs-console).\n- Create [reports for tracking backups](/backup-disaster-recovery/docs/monitor-reports/reports-overview) across resources spanning multiple projects.\n- When needed, [restore an instance from a backup vault](/backup-disaster-recovery/docs/cloud-console/compute/compute-instance-restore).\n\nYou can also integrate\n[Security Command Center](/security-command-center/docs/security-command-center-overview)\nwith Backup and DR Service to additionally:\n\n- Track audit logs for backup access.\n- Monitor for malicious activity on your backups.\n\nWhat's next\n-----------\n\n- Read [Best practices for persistent disk snapshots](/compute/docs/disks/snapshot-best-practices)."]]
