How should I automate replication of a production MySQL db onto a read/write dev server for testing while also scrubbing the data first?

I know there are lots of variables here, and they're highly dependent upon the applications in the environment as well as the needs of the org. I read this post first, as the question was similar. [https://serverfault.com/questions/380701/replicate-main-mysql-db-to-a-development-server-to-play-with-real-data][1]

I thought I could add some depth from my perspective to the question and hopefully get some recommendations very specific to our environment.

• We have a standalone server that hosts an online Learning Management System.
• The LMS has thousands of users and its db is being written to quite regularly.
• The desire is to take a "snapshot" of the db, and replicate it onto the development server for testing, new builds, etc.
• The snapshot needs to be relatively close (within a few days atmost) to the live data because of the dynamic nature of the db.
• The dev server needs to be read/write, but never affect the prod server at all.
• The data in the db will have PII and needs to be sanitized before accessed by the dev team.

I'm thinking the general steps should be:

1. Automate a mysqldump on some sort of schedule from prod to dev
2. Run a script on dev to clean/anonymize the data
3. Automate a restore of the clean data, on a schedule, into dev

Based on these requirements, am I overlooking anything obvious that could impact the data in either server or the load/resources on the server?

Developers possibly working with sensitive PII data may complicate things immensely. Ask your compliance person about what risks this introduces, and what controls and training should be in place to get dev to the same level of respect for data as operations staff.

Not doing this full copy for dev and test environments may avoid PII entirely. Have support staff build out example data, sanitized from real life examples. Import configuration and build data only, not data about people. This keep them separate approach is a lot of work to keep maintained and realistic, but keeps dev and test small size without sensitive data.

There remains a need to test full restores, if only to test the backups, per IT's business continuity procedures. Backups should be done in ways with an acceptable impact to production performance, whether export like mysqldump, replication, or block storage snapshots.

Should there be a need to transform a copy of production into a non-prod environment, in my opinion it should be a separate support or stage environment, and developers should not have access to it, only support staff. Minimizes impact of a thing in testing doing things users would notice. The full copy non-prod environment may be down for extended periods of time, because re-writing all the PII takes a long time.