Navigation

Blog|Engineering

How PlanetScale keeps your data safe

By Sam Lambert |

Keeping data safe and durable should be a top priority for any business that depends on databases to store and manage critical information. At PlanetScale we take data safety extremely seriously. In this post, we will walk you through our multi-layered approach to ensure your data is safe.

Vitess and MySQL

Whenever you create a database on PlanetScale you are actually creating a complete Vitess cluster. Vitess is an open-source database clustering system that enhances the scalability and manageability of MySQL.

Vitess is very widely adopted among the hyperscalers and is the primary datastore at companies like Slack, Hubspot, and Etsy. In the time it takes you to read this blog post, Vitess clusters will have served 10s of millions of users and 100s of millions of queries across 100s of petabytes of data.

MySQL is well-known for its support of ACID (Atomicity, Consistency, Isolation, Durability) compliance, which ensures that data is reliably stored and retrieved in a consistent manner. The transactional nature of MySQL’s database engine ensures that transactions are serializable and predictable. This means that even if the database is interrupted by a system failure or network issue, transactions are either executed in full or not at all. ACID compliance ensures that the integrity of the data is maintained at all times, guaranteeing the reliability and durability of MySQL databases.

MySQL’s semi-synchronous replication further enhances data durability by ensuring that transactions are replicated to multiple servers. Semi-synchronous replication is a mode of replication in which the master waits until at least one replica acknowledges receipt of the transaction before moving on to the next one. This feature ensures that in case of a primary node failure, the replica that has received the transaction is up-to-date and can be promoted as the new primary node without data loss.

Finally, we mount the MySQL data volume on cloud block storage, such as Amazon Web Services (AWS) Elastic Block Store (EBS) and Google Cloud Persistent Disk (GCPD), which are designed to be highly durable and reliable. Both EBS and GCPD use data replication to ensure that data is stored redundantly across multiple drives, which helps to reduce the risk of data loss due to hardware failures or other issues.

In addition, both EBS and GCPD are designed to be self-healing, meaning they can detect and repair data inconsistencies automatically without user intervention. This makes it easier to ensure that data is always available and up-to-date, even in the face of hardware failures or other issues.

Safe migrations and Revert

PlanetScale allows you to enable safe migrations, which protects against potentially destructive actions such as accidentally dropping a column or table. Safe migrations forces all schema changes to go through a deploy request, which is auditable, rate limited, and, most importantly, revertable.

If you drop the wrong column or table, Revert allows you to instantly undeploy a schema change without any data loss. This turns multi-hour outages into a couple of seconds.

Backups and validation

All PlanetScale databases have a mandatory backup schedule included with every database plan at no additional cost. Backups are essential safeguards against application bugs that delete data and can go undetected for a long time.

To ensure our backups are valid, each new mandatory backup restores from a previous backup to validate that it was taken properly and ensure that there is always at least one healthy backup before your database’s binary logs are rotated out.

You can configure additional backup and retention policies to suit your needs.

PlanetScale security

A strong security posture is one of the most important requirements of a database platform. All PlanetScale databases are encrypted at rest and in transit. It is impossible to connect to a PlanetScale database without an SSL certificate and we ensure all credentials are generated by PlanetScale to guarantee they meet the strictest complexity requirements.

If you accidentally push a PlanetScale database credential into a public GitHub repository, it will be automatically invalidated within seconds to prevent unwanted data access.

Maturity

Finally, one of the most important reasons startups and enterprises choose PlanetScale is maturity. MySQL has been serving mission-critical applications at web scale for 28 years. Layering on Vitess, which has served some of the largest sites on the planet for over a decade, you know that every code path has been battle hardened.

Database storage engines take a long time to get right. If you are trusting a storage engine that has been around for less than a decade, you are taking extreme risk with your most important asset: your data.