Vmware and Microsoft Vss

8/3/2019 Vmware and Microsoft Vss

http://slidepdf.com/reader/full/vmware-and-microsoft-vss 1/12white paper / page 1

VMware and Microsoft VSS: What You Need to Know

Greg Shields

VMware and Microsoft VSS:What You Need to Know

Commissioned by

A Concentrated Technology SolutionSpace™ Analysis




IntroductionWhen it comes to Microsoft VSS, there’s more to backing up virtual machines

than meets the eye.You’ve probably heard the somewhat contradictory statement that, “Virtualizationimproves server backups while it at the same time complicates server backups.”This statement rings true in part due to virtualization’s new approaches in howbackups can be captured.

You know the classic stories. Once virtualized, a multitude of options presentthemselves for backing up a virtual server. On one hand, you can continuebacking up servers just like in the physical world. With this method, you mightinstall a backup agent into each virtual machine and back up les one by one todisk or tape.

While this is an obvious tried-and-true method for backing up server data, it gainsnone of the benets one desires out of virtualization. Restoring entire virtualmachines isn’t easy. The resource-heavy backup process itself impacts virtualmachine performance. Backups still take long periods of time to complete.

On the other hand is the host-based backup approach. Using this approach,VMs are backed up with assistance from their virtual host. Entire VM disk les— .VMDK or .VHD—can be captured at once, enabling easy restores of wholevirtual machines in the case of failure. Smart vendors now integrate entire-VMbackups with individual le restore, enabling les and folders to be restored withthe same level of ease. Even smarter vendors go one step further, backing upserver applications and their data with the same granularity and performance asindividual les.

Nearly every datacenter today places as much importance on application dataas le data. Microsoft SQL Server, Exchange Server, Active Directory, Oracle, andothers are all applications labeled with Tier 1 datacenter priority. That prioritizationmeans that that your backup solution must handle application backups as richlyas les, folders, and entire VMs.

You might, however, be surprised to know that not all application-aware backupsare created equal. While every backup solution is obviously different in how itperforms its duties, you might not know that the on-the-server services used togather application data can also be very different as well.

The difference? Microsoft’s onboard Volume Shadow Copy Service, or VSS. Youprobably know that this service is used by Windows to create volume snapshotsfor backup and recovery purposes. But there are more pieces to VSS than mostpeople are aware of. Not understanding those pieces, and how they impact thesuccess of backup and restore, can have a big impact on your data protection.Sound concerning? It is. Read on.




What is VSS?Microsoft’s Volume Shadow Copy Service, or VSS, is Windows’ built-in

infrastructure for application backups. A native Windows service, VSS facilitatescreating a consistent view of application data during the course of a backup. Itrelies on coordination between VSS requestors, writers, and providers to quiesce—or “quiet”—a disk volume so that a backup can be successfully obtainedwithout data corruption.

At least, that’s the technical denition, the one with all the big words. In plainerEnglish, VSS is a Windows service that interacts with installed applications totell them when a backup is taking place. It also reports back to the server whenthe backup is complete, instructing the application and the server to performimportant post-backup tasks such as truncating logs and other cleanup activities.

Why is VSS necessary? One word: Coordination, specically coordination betweenthose applications, their data, and the activities being completed by your backupsolution. This coordination is required to avoid the situation told in the sidebarstory below.

Backing up Exchange without VSS, a Bad Day

Here’s an example of how a backup job could work if VSSwasn’t around to coordinate activities. It’s not a situation youwant to experience.

One day you attempt to backup your Microsoft Exchangeserver named \\exchange01. At 10:00PM, your backup solutionbegins its backup job for this server and all its data. Being anExchange server, \\exchange01 is host to a set of les whichcontain its Exchange database. As the process begins, thebackup server transfers les, including the Exchange databaseles, from \\exchange01 to the backup storage device.

At 10:05PM, just a few minutes after the backup job starts, Bobthe Outlook user checks his mail. In doing so, he sends and receives a set of mail for the day. That process of sending and

receiving mail changes the data inside the Exchange database.

This presents a problem, because the database has at this point been partially backed up. Its le on disk is only partially transferred to the storage device. The data contained withinthe database les on \\exchange01 is now slightly different than the data that was captured by the backup solution. Thesetwo views of the database are no longer consistent. That’s thestart of a bad day, one that will eventually result in a corrupted database upon restore.




VSS comes into play any time a transactional-based application is installed toa Windows server that requires backups. Those applications can be MicrosoftExchange, SQL Server, Active Directory, Oracle, or any of a number of applicationswhich require open access to les on disk. As you’ll nd out in a minute, virtualmachines themselves are also transactional-based items in a datacenter, requiringtheir own quiescence for proper backup. Finally, and most importantly, VSS alsocomes into play with individual les on disk, ensuring that open les are correctlycaptured during the backup process.

Recall that the primary job of VSS is to “quiet” an application or le system justprior to a backup. This quieting action (called quiescence) creates a point in timefrom which backups are then sourced. You’ll often hear this point in time referredto as a snapshot, although snapshots in this sense are very different than thevirtual machine snapshots used by your favorite hypervisor.

Creating that single point in time eliminates the sidebar’s problem. It ensuresthat a common starting point for backups is shared by the server and the backupapplication, guaranteeing that each maintains that consistent view of the data .

VSS relies on the coordination of three different components to maintain thisconsistent view. You can see those three components in Figure 1. At its upper-leftare a set of VSS Writers. Each VSS-aware application installed onto a server alsoinstalls its own VSS Writer. The VSS Writer’s job is to coordinate backup activitieswith the application, instructing the application to quiesce at the appropriate time.

VSS Requestors can be, among other things, the application you use for backups.The VSS Requestor’s job is to coordinate VSS’ activities with those of the backupapplication. The VSS Requestor is also the component which actually requeststhat a volume shadow copy be taken. Once requested, the VSS Writer will instructthe application to perform whatever actions are required to create that volumeshadow copy.

The third component is the VSS Provider. Its job is to create and manage theshadow copies themselves. The VSS Provider can be either the operating systemin combination with its le system, or it can be a hardware provider on an externalstorage array.

Note You can use the command vssadmin list writers to list the VSS Writers which

have been installed to a Windows computer.

Figure 1: VSS components.




The Role of VSS with Virtualization

While VSS has long been used for backing up running applications, it has become

even more critical when paired with virtual environments. This added criticalityarrives through the desire to back up entire VMs at once. Backing up an entireVM at once requires backing up that VM’s disk le, again either a .VMDK le forvSphere or a .VHD le for Hyper-V. By backing up that VM’s disk le as a point-in-time backup, it becomes possible to trivially and quickly restore that VM tothat previous point in time.

Getting there, as you can imagine, requires the same sorts of quiescence thatapplications require. Since a VM’s le system is as interactive and always changingas an application’s database, some mechanism to “quiet” the VM’s le system isneeded if a host- or externally-based backup solution is to gather the disk leand maintain a consistent view.

What you might not know is that that mechanism isn’t always the same,depending on your backup solution and your selected hypervisor. That said, somearchitectures don’t provide some functions that are needed for true restores. Let’scompare the approaches of three different solution sets. The differences here willgive you some idea about how very different the “simple” task of backups can be.

Solution Set #1: Native Hyper-V Data Protection

A fully-native Hyper-V environment automatically enjoys all the benets of VSS’components. This is the case because a Hyper-V environment runs completely

atop Microsoft Windows. Virtual machines in a Hyper-V environment areWindows (ignoring here Hyper-V’s Linux capabilities), with Windows Server alsobeing the operating system at the virtual host. Native Hyper-V uses the onboardWindows Server Backup as its backup application.

Figure 2: VSS in a Native Hyper-V Environment.

Volume Shadow

Copy Service

VSS Requestor VSS Writer

VSS Provider

Disk Volume

Windows Server

BackupHyper-V Writer

Operating System

Storage Array

VSS Writer

Virtual Machine

Microsoft Exchange

Etc...




As you can see in Figure 2, these elements map directly to the original three VSScomponents described earlier. Windows installs a Hyper-V VSS Writer with theinstallation of Hyper-V. The backup application Windows Server Backup servesas the VSS Requestor, with the operating system and/or storage array handlingthe VSS Provider role.

In this conguration, the instance of Windows Server Backup on the virtual hostrequests the host’s Hyper-V Writer to “quiet” the le systems of any running virtualmachines so they can be backed up with a consistent view. But that isn’t all. Youshould also recognize that each virtual machine has its own VSS componentsas well as the host. Each VM also has its own installed applications that requirequiescence. Quieting those applications requires coordination between thehost’s backup activities and those going on inside the virtual machine.

That’s why Figure 2 also shows a VSS Writer inside the virtual machine. As a

VSS snapshot is requested by Windows Server Backup, the Hyper-V VSS Writeron the virtual host integrates with any registered VSS Writers in the virtualmachines (such as Microsoft Exchange in the case of Figure 2) to ensure that theVM’s applications are properly quieted as well. This integration is accomplishedthrough the use of the Hyper-V Integration Components, which are a separatebut required installation to any Hyper-V virtual machine.

As is obvious, there’s an extra level of coordination involved to maintain thatconsistent view of data across host, VM, and applications.

Solution Set #2: Native vSphere

The situation gets slightly more complicated when virtual machines are run atopdifferent hypervisors, such as VMware’s vSphere. With either ESX or ESXi, there isno Microsoft Windows instance that operates as the virtual host. This means thatthere is no VSS at that layer in the stack to handle quiescence and snapshottingprior to a backup. These activities then must be handled by one of a range of different options, such as VMware Consolidated Backup for older ESX versions orthe newer and more-capable vStorage API.

vSphere added full support for VSS in version 4.1 for all guests includingWindows Server 2008 with earlier Windows operating systems being supportedin previous versions of vSphere. This VSS support was introduced into vSphere-

hosted Windows virtual machines through an update to the VMware Tools. Justlike Hyper-V’s Integration Components, the VMware Tools are a separate butrequired installation into any vSphere-hosted virtual machine.




As you can see in Figure 3, a similar quiescence process occurs on a vSpherevirtual machine as is experienced with Hyper-V. Here, however, the VMware Tools

serve as the VSS requestor, instructing registered VSS Writers to perform pre-and-post backup actions as whatever backup solution on the ESX host begins abackup of the virtual machine.

Not shown in Figure 3, however, is the actual backup solution used by vSphere.Native to the VMware solution set are two products which can be used tobackup vSphere virtual machines. VMware Consolidated Backup, which is anow-deprecated solution that is no longer available in vSphere 4.1, as well as itsreplacement called vSphere Data Recovery. Both are relatively simple solutionsthat provide a basic level of backup and restore support for virtual machines andtheir data.

Solution Set #3: Agent-Assisted Data Protection

While the architecture that makes up Solution Set #2 will indeed work forbacking up and restoring virtual machines, it does come with a set of concerninglimitations. Those limitations have to do with the very applications which you areintending to protect with your backup infrastructure in the rst place. However,the specic limitations have more to do with the recovery process than the actualbackup process.

Two restore use cases should be immediately obvious when looking at thearchitecture outlined in Figure 3. Those use cases deal with the restoration of

Active Directory Domain Controllers and Microsoft Exchange servers. Let’s takea look at both.

Volume ShadowCopy Service


VSS Provider

Disk Volume

VMware ToolsExchange Server

Etc.

Operating System

Storage Array

Virtual Machine

ESX Host

Disk Volume

Figure 3: VSS in a Native vSphere Environment.




First, as you already know, a successful Microsoft Exchange backup requires VSSfor proper quiescence. The VSS process, as you already know, ensures that thedatabase view remains consistent throughout its entire process of being backed

up. What you might not know is that a restore of Microsoft Exchange also requiresa VSS-aware restore as well. As part of that restore, a number of very importantsteps are required:

• Step 1: Boot the restored Exchange Server virtual machine with itsmailbox stores dismounted.

• Step 2: Instruct the Exchange VSS Writer to perform a restore from theVSS snapshot.

• Step 3: Mount the mailbox stores.

The most important of these steps occurs with Step 1. A fully-featured Exchange

data protection solution needs to boot a restored Exchange Server with itsmailbox stores dismounted in order to protect them from data corruption. This isalso necessary so that Step 2 can be completed successfully.

This situation is very similar to the second use case, Active Directory DomainControllers (ADDCs), whose restore also requires special handling to assure datais not corrupted in the process. In the case of ADDCs, a restored server must bepowered back on in non-authoritative mode. Non-authoritative mode ensuresthat the data on the ADDC is not inappropriately replicated to other ADDCs inthe domain. Not doing this could create a situation known as Update SequenceNumber (USN) Rollback, where Active Directory data between ADDCs is no longerconsistent. While Windows Server 2003 SP1 and later operating systems include

safeguards such as ADDC isolation that can prevent this scenario, these safeguardsmay not protect against it in every situation. Thus, it is exceptionally importantthat recovered ADDCs are powered back on in Directory Services Restore Mode.

Volume Shadow

Copy Service


VSS Provider

Disk Volume

VMware ToolsExchange Server

Etc.

Operating System

Storage Array

Virtual Machine

ESX Host

Disk Volume

Third-Party Backup Host

On-Demand

Assistive Agent

Figure 4: VSS in an Agent-assisted vSphere Environment.




One solution to prevent these and other problematic situations is through theuse of an on-demand agent installed to virtual machines during the backupprocess (see Figure 4). This agent is considered “on-demand” because it resideson the VM only during backups, and is late removed after the backup is complete.The presence of this agent facilitates the coordination between the vSphere VSSRequestor and the third-party backup host.

Note While not depicted here, the same on-demand assistive agent could be used in

a Hyper-V environment as well, with similar results.

More importantly, recognize that an on-demand agent is one that is automaticallyavailable within the backed up virtual machine. This means that the same agentwill be available after the virtual machine is later restored. Presence of this agentenables an immediate integration between the onboard agent and the third-party backup host and solution.

Being present on the host as it is restored allows the agent to control post-restore actions such as un-mounting Exchange databases and bringing ADDCservers online in non-authoritative mode. These actions ensure that restoredservers and their data have a greater guarantee of successful restoration witha minimum of accidental data destruction or corruption. And that’s importantwhen servers are down, stress levels are high, and the potential for mistakes isheightened.

Agent-Assist and Transaction Log Handling

There’s another important facet to agent assistance that benets data protection.The agent-assisted approach also enables greater support for handling applicationtransaction logs both during and after a backup. Recall that a VSS snapshotcreates that point in time that enables the backup solution and the application tomaintain a consistent view of data throughout the backup. Maintaining this viewas data changes in the “real” database requires logging changes to a transactionlog.

One signicant limitation of some backup solutions is in recognizing when thebackup has completed successfully. Application transaction logs, such as thoseused by Microsoft Exchange among others, are an important source of datareconstruction in the case of a failed backup; thus, it is important that a backupsolution instruct the server to ush those logs only after the backup has been

deemed successful.Some implementations, such as the VMware Tools implementation noted inSolution Set #2 above, are not equipped with the necessary instrumentationto know when a backup has completed successfully. Thus, they may either notprune transaction logs after the backup, or they may do so even if the backuphas not completed successfully.

One benet of using an assistive agent in the virtual machine backup process isthat this agent can be better aware of the success of the backup. That agent canthen retry the backup in the case of a failure, or prune the logs once the backuphas been deemed successful. Both of these situations prevent the situationwhere needed transaction logs are inappropriately discarded—a situation whichcan prevent the server from being restored in the case of a failure.




More to VSS than Meets the EyeVirtualization can indeed complicate backups as it improves their usability. Once

virtualized, you can absolutely enjoy the ability to restore whole servers just aseasy as les, folders, or application objects. But you can only get there if youimplement solutions that really work. As you’ve learned here, Microsoft’s VSSis one solution that does work—if it is integrated with a well-designed backupsolution.

Veeam’s Approach to VSSVeeam Backup & Replication leverages VSS functionality to ensure consistentbackups of applications within vSphere virtual machines. Veeam provides a

complete implementation of VSS support, enabling proper restore of VSS-awareapplications (e.g. Active Directory, SQL Server, Exchange) from backups in Veeam.




About the Author

Greg Shields, Microsoft MVP and VMware vExpert, is an

independent author, speaker, and IT consultant, as well as aPartner and Principal Technologist with Concentrated Technology.With 15 years in information technology, Greg has developedextensive experience in systems administration, engineering,and architecture specializing in Microsoft OS, remote application,systems management, and virtualization technologies.

About Veeam Software

Veeam Software, an Elite VMware Technology Alliance Partner, develops innovative

software to manage VMware vSphere®. Veeam vPower™ provides advancedVirtualization-Powered Data Protection™ and is the underlying technology inVeeam Backup & Replication™, the #1 virtualization backup solution. Veeam nworks extends enterprise monitoring to VMware and includes the nworksManagement Pack™ for VMware management in Microsoft System Centerand the nworks Smart Plug-in™ for VMware management in HP Operations Manager. Veeam ONE™ provides a single solution to optimize the performance,conguration and utilization of VMware environments and includes: VeeamMonitor™ for easy-to-deploy VMware monitoring; Veeam Reporter™ forVMware capacity planning, change management, and reporting and chargeback;and Veeam Business View™ for VMware business service management and

categorization. Learn more about Veeam Software by visiting www.veeam.com.

About Concentrated Technology, LLCConcentrated Technology was founded by IT industry experts Don Jones and GregShields to provide concise, accurate education in business technology topics.The company writes to a range of audiences from the C-level to the trenches,with a focus on practical technology solutions for today’s business challenges.For more information, visit www.concentratedtech.com.

http://www.veeam.com/


http://www.veeam.com/vmware-esx-backup.html

http://www.veeam.com/go/vPower

http://www.veeam.com/vmware-microsoft-esx-monitoring.html


http://www.veeam.com/vmware-esx-monitoring-hp-operations.html


http://www.veeam.com/one-vmware-management.html

http://www.veeam.com/vmware-esx-monitoring.html

http://www.veeam.com/vmware-esx-reporter.html

http://www.veeam.com/vmware-business-view.html



http://www.veeam.com/vmware-business-view.html

http://www.veeam.com/vmware-esx-reporter.html

http://www.veeam.com/vmware-esx-monitoring.html

http://www.veeam.com/one-vmware-management.html





http://www.veeam.com/go/vPower

http://www.veeam.com/vmware-esx-backup.html




http://slidepdf.com/reader/full/vmware-and-microsoft-vss 12/12

VMwareBackup

NEW Veeam Backup & Replication™

vPower enables these game-changing capabilities inVeeam Backup & Replication v5:

Instant VM Recovery—restore an entire virtual machine IN MINUTES

by running it directly from a backup file

U-AIR™ (Universal Application-Item Recovery)—recover individual

objects from ANY application, on ANY OS SureBackup™ Recovery Verication—automatically verify the

recoverability of EVERY backup, of EVERY virtual machine, EVERY time

To learn more, visit www.veeam.com/vPower

PatentsPending!5

vPower TM

Virtualization-Powered Data Protection TM

SureBackup TM

100% Reliability

InstantRestore TM

Best RTOs

SmartCDP TM

Best RPOs

PatentsPending!5

VMware vSphere

GOLD

of the

2010

ProductsYear

Vmware and Microsoft Vss

Documents

Transcript of Vmware and Microsoft Vss