Earlier this week, I wrote an introduction to System Center Data Protection Manager (SCDPM). In that post, I mentioned that SCDPM 2007 SP1 supports Virtual Server 2005 R2 and Hyper-V virtualisation platforms but I’d like to elaborate on that and highlight the need to consider where best to deploy the SCDPM agents.
With SCDPM 2007 SP1, we can back up Windows and non-Windows guest operating systems on either Virtual Server 2005 R2, Windows Server 2008 with the Hyper-V role enabled, or Hyper-V Server 2008. Depending upon the guest operating system, it will either be a VSS capable or a non-VSS capable guest .
Linux, Windows NT, Windows 2000, Oracle and line of business applications will generally be non-VSS capable and in this case SCDPM will:
- Hibernate the virtual machine to secure the memory and CPU contents to a saved state.
- Take a snapshot of the virtual machine using the volume shadow copy service (VSS) – this takes just a few seconds (as the backup is taken from the snapshot, not the offline virtual machine).
- Resume the virtual machine.
- Use block level checksums to send only the changes within the VHDs (since the last backup) to the SCDPM server.
On a VSS capable guest operating system.
- SCDPM contacts the VSS writer on the virtualisation host to request protection from the SCDPM agent, in the form of a referential VSS copy.
- A query is performed via the integration components to instructs the VSS writer in the guest operating system (e.g. SQL Server VSS writer, Exchange Server VSS writer, Windows Server VSS writer) to create a consistent snapshot.
- Only when the guest data is consistent and clean does the virtualisation layer provide SCDPM with a copy to backup from the host.
This referential VSS writer process means that:
- There is no downtime (backups are performed online).
- The use of recursive VSS ensures consistency without hibernation.
- The only guest requirement is the presence of VM additions/integration components.
- Guests are protected from the host.
Virtual Server exposes the backup options for VSS and non-VSS capable as online or offline backup. Hyper-V is more descriptive, with Backup using Child Partition snapshot (the equivalent of an online backup) or Backup Using Saved State if there are no integration components available
So, with no downtime and no agent deployment for each guest operating system, why wouldn’t we always protect virtual machines from the host? Well, when we protect the guest from the host, the whole virtual machine is treated as a logical unit without any data selectability or granularity. Whilst there are some advantages to this approach (it allows bare metal recovery of virtual machines to any other host; the whole virtual machine set can be protected with a single SCDPM agent and a single DPML license; non-Window or legacy Windows operating systems can be backed up), if an agent is deployed within the guest then SCDPM can select the data to protect/recover – e.g. individual SQL databases, Exchange storage groups, file sets, Sharepoint farms, etc.) but with the additional cost of deploying and licensing agents.
We can also use a hybrid of the two models – running an agent inside critical virtual machines but only using host-based backups for non-VSS cpabable operating systems. Indeed, it may even be desirable to protect the entire virtual machine and its data separately (e.g. if using passthrough disks then the guest operating system cab be backed up via the host and the data protected via the guest).
SCDPM 2007 SP1 will back up shares, volumes, system state and any VSS-aware application workloads (subject to licensing options – an Enterprise Data Protection Management License will be required for native backup and recovery of applications). On the licensing front, it’s also worth considering the Server Management Suite Enterprise (SMSE) as it includes management licenses for System Center Data Protection Manager, Operations Manager, Configuration Manager and Virtual Machine Manager with free usage rights up to the number of guests licensed with each host operating system edition (one for Windows Server 2008 Standard Edition, four for Windows Server 2008 Enterprise Edition and unlimited for Windows Server 2008 Datacenter Edition).
The key points for agent placement are application consistency and the granularity of restoration required. By deploying an agent inside a virtual machine, a VSS-aware application will be signalled that a snapshot is about to be taken and consistency can be guaranteed. Alternatively, if application consistency is not an issue, by installing the agent on the host, each virtual machine can be backed up as a single container – in effect the virtual machine will be consistent but the application may not be.