5 Ways Your VMware and Hyper-V Backups May Fail You

Greg ShieldsMicrosoft MVP and VMware vExpert

2

5 Ways Your VMware and Hyper-V Backups May Fail You

When you think about protecting virtual machines, what’s the first thing that comes to mind?

For many IT professionals, that first thought probably centers around high-availability, or HA, technologies. Each of the major virtual platform vendors has its own representation of HA, and although each vendor’s tactics in accomplishing the task might be very different, the result is effectively the same: VMs are protected should their virtual host fail.

Figure 1: HA Technologies Protect VMs.

HA technologies (see Figure 1) like VMware’s vMotion and Microsoft’s Live Migration have garnered a lot of press in recent years, in part because of the real-world problems they solve. The under-the-covers technologies that facilitate HA activities are also undeniably impressive. The knowledge that almost any virtual host failure can be a trivially recoverable event enables many virtual administrators to sleep at night, knowing their VMs are safe.

Yet while HA technologies are fantastically useful for protecting VMs in certain situations, their activities can’t protect VMs in every situation. HA can protect against a host failure, and with a little extra effort HA can also protect against some kinds of application failures. But at the end of the day, HA…

• Does nothing for data loss.• Does nothing for data corruption.• Does nothing for disaster recovery.

3

5 Ways Your VMware and Hyper-V Backups May Fail You

Many Paths to VM FailureIn fact, the scenarios that HA technologies can protect against are quite small in comparison to all the different ways a VM can fail. Spend a minute thinking about that much larger list of ways, and your restful nights could begin getting a bit more restless again. A VM can fail because of…

• Lost or deleted data.• Lost or deleted application objects.• A lost, deleted, or corrupted OS.• An accidentally obliterated VM object.• Corruption as a result of miscommunication between layers.• Stupid users.• Stupid admins.• Water-based datacenter fire containment systems. (Hint: These are bad.)• And any number of other manmade or natural disasters.

Some of these ways a VM might fail might seem a tad humorous. But they’re intended to help you recognize that dangers to a VM’s operations exist from many different sources—both external and internal.There’s another factor in the above list of possible failures that merits special attention in the case of VMs. For these, care must be taken to protect not only the contents of the VM—its OS, applications, and files—but also the defining characteristics of the VM itself. You can consider this the VM’s object within the virtual platform, and it includes registry entries or VM attributes and the MoRef ID (also known as the instanceUUID).Whether within VMware vSphere or Microsoft Hyper-V, the successful operation of a VM requires both a functioning OS and a functioning VM object in the virtual platform. Lose either, and the VM will fail. This might seem like an obvious statement; however, many backup tools have not been designed with virtualization in mind. These more traditional tools focus their attentions on protecting the files that make up a VM, but pay no attention to the VM’s metadata inside the virtual platform.

Desperately Seeking Failsafe VMs, with Insufficient BackupsYou might be experiencing this and other issues if you’re still backing up VMs with the same old tools you’ve been using for years. While those tools might have worked sufficiently for physical computers, their limited visibility into the virtual platform can create an entirely new set of problems.

4

5 Ways Your VMware and Hyper-V Backups May Fail You

In fact, while that long list of ways to kill a VM might keep you up at night, that insomnia’s a piece of cake when you start thinking about the ways an insufficient backup solution can fail you. Five immediately come to mind:• Failure in capturing data across datacenter layers. The files that make

up a VM are only part of the picture. These files are just one layer within many of the virtualized datacenter stack, which includes server hardware, storage, operating systems, and administrative tools. A VM’s hard disk in one layer is represented as a virtual disk in another, which itself might be addressed differently by hypervisor or storage device. A virtualization-aware backup tool must be cognizant of each layer’s impact to ensure that data is captured successfully.

• Failure in verifying backup integrity. If you can’t get a verifiably good backup, you don’t have a backup. Yet while many backup tools suggest they offer backup integrity verification, recognize that that verification must occur for the backup’s data set as well as the operating system and applications inside the backup.

• Failure in quiescence or VSS. A backup solution that’s designed with virtualization in mind must include the extra monitoring that keeps an eye on quiescence across each virtual environment layer. This includes ensuring virtual platform tools—VMware Tools or Hyper-V Integration Components—as well as the complex operations of the Windows Volume Shadow Copy Service (VSS) framework are properly leveraged.

• Failure in notifying you when something happens. Almost any backup tool can notify you when problems occur, but are your notifications actually being received? If not, then you’ll never know that the data you’re collecting isn’t good data.

• Failure in accounting for organic VM growth. Lastly, and most importantly for virtual environments, is that extra functionality that exposes a backup tool to your virtual platform’s management solution. Only with awareness of the virtualization platform can you ensure you’re capturing the right VMs as they’re being organically created and decommissioned.

Five Failsafe VM Protection TipsAdmittedly, these can be big problems in a part of IT that has historically been a set-it-and-forget-it activity. The instinctive reaction is that you should “get yourself a new solution.” That’s not necessarily the case.While a backup solution built for virtualization is indeed a good suggestion, these five tips take the story one step further. Based on a collection of recommendations from multiple experts with years of experience, they provide solid advice for how best to avoid mistakes in actually using that solution. Ignore these five tips at your peril. They address some of the most common omissions that lead to data protection failures in today’s virtual environments.

5

5 Ways Your VMware and Hyper-V Backups May Fail You

Tip #1: Mind Your Layers.Your datacenter layers, that is. As discussed earlier, virtualization adds many layers of separation between a VM and its backup storage. In fact, the more separation, the better. A VM interacts with the hypervisor, which interfaces with a host server, which is connected to a storage resource for the VM. The interactions between these layers are what enable virtualization to accomplish the datacenter-optimizing activities it is most known for, but they also add complexity that sometimes becomes the source of failure-creating designs. One such design inadvertently aggregates production data—such as VM disk files—with backup data on the same physical storage. This often happens as the result of a shift from a tape-based backup medium to disk-based backups. A clear best practice is to store backup data on separate physical storage than the storage used by production VMs. That separation ensures that a production storage failure does not also mean losing your backups.FAILSAFE: Ensure backups and primary VM storage stay separate.

Tip #2: Don’t Test Your Backups.Hire someone else to test them for you. More specifically, leverage an automated tool to test them on your behalf. Considering the everyday requirement for backup testing, automation is cheaper. It’s also more reliable than people for an important activity anyway.When considering a backup solution, it is also important to consider the kinds of automated testing that solution can support. While most disk-based backup tools today can perform rudimentary data integrity verifications on backed-up virtual disk files, far more important are the added checks that ensure a backed-up VM’s applications, operating system, and virtualization objects (such as attributes) have been correctly captured. Making the move to disk-based backups improves the ability to test backups in many ways. Unlike tape, disk-based backups are more accessible: Disk systems are always online and address random I/O better. While backup storage might not always perform at the same level as production storage, disk-based backups can be readily accessed to perform VM-level, OS-level and application-level verifications. These are checks like verifying that Active Directory, an Exchange datastore, the Windows OS, and SQL databases are intact.FAILSAFE: Ensure backups include comprehensive integrity verifications that automatically occur with each backup.

Tip #3: Proactively Monitor Quiescence.While Proactively Monitor Quiescence might sound like a great name for a band, it actually speaks to one of the most important facets of VM backups. This article has already talked about the added complexities virtualization introduces into backup activity. As a result, the process of quiescence during the backup process becomes extremely important towards ensuring data gets captured correctly.

6

5 Ways Your VMware and Hyper-V Backups May Fail You

Figure 2: VSS’ Role in Windows Backups

In Windows environments, most data protection tools leverage the tool’s own components in combination with Windows Volume Shadow Copy Service. This service, as Figure 2 shows, requires a careful coordination of three distinct elements: A VSS Writer, a VSS Requestor, and a VSS Provider.In this orchestration, the activities of the VSS Requestor are typically handled by the backup tool, which manages the activities of the backup, coordinating with the VSS Provider to interact with storage and the VSS Writer to work with installed applications.On a physical computer, these three activities work in concert to complete the backup. A failure in any of the three could prevent a backup from completing, or worse, cause the backup to gather non-restorable data. As the software and/or hardware components must work together to leverage the VSS framework to do a backup, ensuring that VSS continues to work correctly is critical.VSS’ coordination between vendors only gets more challenging when physical computers are replaced by virtual machines. Figure 3 shows how the three-part VSS orchestration grows radically more complex when it participates in a vSphere (on the left) or Hyper-V (on the right) environment. VSS in vSphere adds coordination between VSS and the VM’s installed VMware Tools. VSS in Hyper-V adds additional layers of coordination between the virtual host’s Hyper-V VSS Writer and the VSS Writers within each VM. The VSS Requestor also needs to ensure that applications are properly maintained as part of the backup process, including log pruning for VSS-aware applications. This is one critical component of successful VM data protection.While VSS is indeed designed to handle all of these interconnections, ensuring that it continues to do so correctly in virtual environments—and also properly tends to VMs and their applications—becomes an absolute requirement for failsafe protection.FAILSAFE: Take the right approach with VSS: Trust, but verify.

7

5 Ways Your VMware and Hyper-V Backups May Fail You

Tip #4: Demand Visibility for Success.While this tip might seem the most obvious, the team of experts providing inputs to this paper suggested that in practice it is the most-often forgotten. Tip #4 is actually quite simple: Your backup tool most likely includes alerting features that provide notification for backup successes and failures. This can be as simple as an email or SNMP alert to keep administrators informed. Enable these alerts.In fact, take a minute to poke through the alerting features of your current tool. Make sure those features are enabled for both successful and failed backups. The positive verification that your data protection continues to function is a primary indicator of success.FAILSAFE: Monitors are better monitors than you are. Use them.

Tip #5: Don’t Add New Backup Jobs for New VMs.If you don’t get the joke here, refer to Tip #2. The backup tool your environment needs is one that’s designed to support a dynamic virtual environment that experiences organic growth.That organic growth refers to the constant creation and decommissioning of VMs that tends to occur in a virtual environment, particularly one managed like a Private Cloud. Simply put, in a virtual and/or Private Cloud environment, you might not be the person creating new VMs. If you aren’t, and you’re responsible for their protection, how can you know that newly created VMs require scheduling for backups?The real answer is that you can’t, not without careful and constant monitoring of VMs, or a backup tool that is aware of your virtual platform. For both vSphere and Hyper-V, a backup tool that is fully aware of these platforms is ready to accommodate organic VM growth. It’s also capable of protecting a VM’s object as well as its contents. That holistic focus on every part of the VM represents the kind of automation a dynamic virtual environment requires, and one that’s absolutely necessary for ensuring failsafe VM protection.FAILSAFE: Ensure your backup tool backs up by virtual platform constructs—datacenters, folders, clusters, and other objects—and not just a list of VMs.

Safe Failing!Indeed, HA isn’t everything, and so protecting your VM workloads requires a range of activities that can also require a range of solutions.Whether you’re considering migrating past your aging legacy backup tool, or if you’ve already made the leap to today’s backup tools built specifically for VM platforms, these five tips will get you started towards a failsafe approach for VMs.

8

5 Ways Your VMware and Hyper-V Backups May Fail You

About the AuthorGreg Shields, Microsoft MVP and VMware vExpert, is an independent author, speaker and IT consultant, as well as a Partner and Principal Technologist with Concentrated Technology. With 15 years in information technology, Greg has developed extensive experience in systems administration, engineering and architecture.

About Veeam Software

Veeam® Software, an Elite VMware Technology Alliance Partner and managed Microsoft Gold Certified Partner, develops innovative software to manage VMware vSphere and Microsoft Hyper-V. Veeam Backup & Replication™ provides advanced Virtualization-Powered Data Protection™ and is the #1 VM Backup solution. Veeam ONE™ provides powerful, easy-to-use and affordable real-time monitoring, documentation and management reporting for virtual environments. Veeam nworks extends enterprise monitoring to VMware and includes the Veeam nworks Management Pack™ for Microsoft System Center and the Veeam nworks Smart Plug-in™ for HP Operations Manager. An active member of the virtualization community, Veeam sponsors Backup Academy, the quarterly V-index, the annual Virtualization Data Protection Report, and participates in numerous industry events. Learn more about Veeam by visiting www.veeam.com.

Veeam Backup & Replication™Extending the lead in VM backup with these new capabilities:

Enterprise scalability: new distributed architecture streamlines deployment and maintenance of remote office/branch office (ROBO) and large installations.

Advanced replication: accelerates replication by 10x, streamlines failover, and provides real failback with delta sync.

Multi-hypervisor support: brings Veeam’s award-winning data protection to Microsoft Hyper-V and lets you protect all your VMs— VMware and Hyper-V— from one console.

and more!

v6NEW!

To learn more, visithttp://www.veeam.com/backup

GOLD

of the

2010ProductsYear