Snowflake Admin Series: Account Replication and Failover, a great relief …Part 1

In this blog we are going to see another hot topic from the Admin series, Account Replication and failover. This is part 1 of a multipart blog.

Hope you had heard of database replication which is already there for quite some time now, and it's stable. But there was natural request arises from customer and Snowflake also understood that there are lot more objects beyond database which also need out-of-the-box replication support. Managing other objects separately was a nightmare in case you missed anything. These things don't give you pain in normal day-to-day operation but will pop up when you fail over to secondary and found your setup is not working as expected as some of the things were not deployed due to some reasons in secondary account.

There are still some limitations around this feature and still few of objects are not yet eligible for replication or eligible with some limitation. I hope these limitations will go away in due course of time with maturity of the feature.

Currently, this feature is in preview and expected this to be in GA by first quarter of 2023 or earlier. Stay tuned for this.

How much relevant this topic is with respect to certification exam?

Since this is previewing feature it will not come to any certification exam for the moment. But in future it will be one of important topic in Architect/Administration certification.

What is Account replication?

In layman’s terms, if you want to keep a continuous backup of your primary account into a secondary region, that’s Account replication. This secondary backup would then be used in a disaster recovery situation when your primary region is down for some reason.

Let's understand this with a simple example. Let's say your organization has 3 offices across the globe. Each office is set up in different cloud provider due to best service provider in that region, and also your existing ecosystem are developed keeping that in mind. Similarly, you also set up your Snowflake account in respective cloud region/provider as below for disaster recovery

1. Europe West → Eu-West-2.AWS → Primary Account
2. Europe West → West-Europe.Azure → Secondary 1
3. United States East → Us-East4.GCP → Secondary 2

Your application needs to set up in such a way that all write operations (i.e. DML activity) will happen at the head office location, but the other 2 offices in the secondary regions also receive the data for reporting/visualization to meet required latency requirements. You can visualize your Snowflake Organizational setup as below:

Here you can see that my primary Snowflake account is set up in AWS whereas other two account is set up in Azure & GCP respectively and still all works like a charm. You will never feel the lag and account, and its designated objects will get replicated smoothly.

Which region & cloud provider are supported for account replication?

All Snowflake regions across Amazon Web Services, Google Cloud Platform, and Microsoft Azure support account replication.

What is Replication & Failover group?

A replication group can be imagined as a container or bucket which hold a certain list of account objects which can be replicated as read-only to one or multiple secondary account.

Similarly, failover group is very similar to replication group and can replicate the account objects as read-only to one or multiple secondary account. Then you might say what the heck than what is the difference between these two. In addition to what replication group can do, Failover group can also fail over to a secondary account in occasion of any disaster recovery situation. In that case secondary region/account can be made primary/read-write and prior primary account can be made secondary and put on recovery schedule.

What all features are available at what edition?

As per snowflake documentation some features are made available at Standard edition onward and some are meant to be only available at Business critical edition. Below visualization will give you high level understanding.

Does Account Replication mean everything is replicated?

Nope, that not correct, but the majority of objects are replicated as per snowflake documentation. Few of them are planned for future release and few might be WIP and might be available in the future. At the moment below are the list of account objects which are supported.

Snowflake Replicated Objects in Account

For details on each object's replication see more on documentation.

Things to remember:

• User replication also replicate below user authentication properties whichever is applicable.
  ✔ Password
  ✔ Password with MFA (multifactor authentication)
  ✔ Multi-Factor Authentication (MFA)
  ✔ Key pair
  ✔ Federated Authentication & SSO
  ✔ Snowflake OAuth
  ✔ External OAuth
  ✔ SCIM
• In order to replicate grants on objects to roles, roles must be replicated from the source account to the target account.
• When roles are replicated, grants on objects are only replicated to a target account if below are fulfilled else the grant on the object is not replicated.

The privilege was granted by the owner of the object or indirectly by a role that was granted the privilege with the WITH GRANT OPTION parameter by the owner of the object.

Both the grantee and grantor role for a privilege grant are located in the target account.

The object is replicated (i.e. the object type is included in the object_types list).

• If roles are replicated to the target account, future grants that are granted at the database or schema level are replicated to the target account. This also includes future grants on non-replication supported objects.
• If new objects are created in a target account during a refresh from the source account, and roles are not replicated to the target account, the OWNERSHIP privilege for the new objects is granted to the ACCOUNTADMIN role.

Hope this blog helps you to get insight into the Snowflake Admin Series. Feel free to ask a question in the comment section if you have any doubts regarding this. Give a clap if you like the blog. Stay connected to see many more such cool stuff. Thanks for your support.

You Can Find Me:

Subscribe to my YouTube Channel: https://www.youtube.com/c/RajivGuptaEverydayLearning

Follow me on Medium: https://rajivgupta780184.medium.com/

Follow me on Twitter: https://twitter.com/RAJIVGUPTA780

Connect with me in LinkedIn: https://www.linkedin.com/in/rajiv-gupta-618b0228/

#Keep learning #Keep Sharing #Everyday Learning.