How to Effectively Protect Data in Virtualized Environments February 2012

W
H
I
T
E
P A
P
E
R
How to Effectively Protect Data
in Virtualized Environments
By Hitachi Data Systems
February 2012
2
Table of Contents
Executive Summary
3
Challenges
4
Comprehensive Data Protection Approach from Hitachi Data Systems
4
Service-level Protection
4
Move or Archive Inactive Data to a Content Store with Built-in Protection 6
Application Integration
6
Protect VMware Environments
7
VMware Consolidated Backup (VCB)
7
vStorage API for Data Protection Addresses VCB Shortcomings
8
Change Block Tracking
8
VADP Flow
9
VADP and VAAI Backups
9
vCenter Site Recovery Manager for Replication Products and Solutions from Hitachi Data Systems
10
13
Hitachi Data Protection Suite
13
HDPS Moves Beyond VCB and VADP
14
SnapProtect VSA
14
HDPS Architecture
15
HDPS Deduplication
16
Hitachi Dynamic Replicator
16
Summary
17
3
Executive Summary
Increasingly, more organizations are virtualizing more of their server environments to gain:
■
Improved utilization leading to lower capital and operational costs
■
Data center flexibility
■
Reduced data center floor space consumption
■
Lower power and HVAC (heating, ventilation and air conditioning) costs
Virtualization brings many positive benefits to organizations, but it also brings many challenges.
This paper discusses the challenges and options for protecting data effectively in a virtualized
environment.
4
Challenges
Prior to virtualization, due to the deployment of high-performance CPUs, high-speed systems
buses, networks and high-capacity in-system memory, these resources were available in excess
in traditional servers. Very few applications could exhaust these resources in physical servers on a
sustained basis throughout the day. This resulted in wastage and hence gave birth to the concept of
server virtualization. However, these excess resources were critical for data protection processes.
Traditional data protection revolved around deploying resource-intensive backup agents on physical servers, which copy and move data from production storage to a backend disk or tape target.
These agents consumed extensive physical resources, such as CPU, memory and network bandwidth. Unfortunately, server virtualization nearly eliminates this "wastage," thereby making it virtually
impossible to meet key data protection objectives.
Comprehensive Data Protection Approach
from Hitachi Data Systems
To solve organizations' data protection challenges, including protection of VMware environments,
Hitachi Data Systems has developed a comprehensive, 3-pronged approach, as shown in Figure 1.
Figure 1. Hitachi Data Systems takes a comprehensive, 3-pronged approach to data
protection.
Service-level Protection
Most customers follow a policy of full backups on the weekends and incremental backup on weekdays to protect all data. This one-size-fits-all approach is increasingly becoming inadequate, as all
data is not equal in importance.
5
Hitachi Data Systems recommends a tiered protection approach that is based on service-level
requirements of the data and focused on recovery objectives. Users protect data to recover for 3
broad reasons. Each of these requires different technologies that are optimized for that specific
recovery type.
Operational Recovery. Organizations choose this route to recover from operational issues, such
as inadvertent deletion, localized hardware failure, etc. This is the most common form of recovery in
data protection operations.
Disaster Recovery. This route is selected to recover from catastrophic site disasters, such as
earthquakes and tsunamis. Fortunately, this is fairly infrequent, highly difficult and expensive, and
usually involves moving operations to an alternate data center.
Regulatory Recovery. Organizations may choose this route to recover data after very long periods
of time, such as 20 or more years.
In addition to the 3 recovery types listed above, organizations may choose to focus on operational
resilience. In this way, they can take steps to prevent data loss and improve application availability
from hardware failures, site disasters, network outages, etc.
In addition, for each of these recovery routes, it is recommended that organizations protect the
more valuable data more aggressively than less valuable information. This helps reduce the risk for
the higher value data and reduce the cost of protection for data with lesser value to the organization. Figure 2 lists 3 possible tiers and technologies that could meet the recovery time objective or
recovery point objective (RTO or RPO) requirements for each. This must be customized for each
organization, based on their environment and needs.
Figure 2. Choose from 3 tiers of technologies to answer protection objectives.
6
Move or Archive Inactive Data to a Content Store with Built-in
Protection
As depicted in Figure 3, by moving inactive data to a content storage platform, the amount of data
that needs to be protected is reduced. This reduces the protection (backup) window as well as the
protection (backup) infrastructure needed. However, the critical step in this solution is choosing
a content platform that has built-in data protection. Without such a platform, the problem is only
moved (as the archive target needs to be further protected), and not solved.
Figure 3. Moving inactive data to Hitachi Content Platform reduces the amount of data
requiring protection.
Application Integration
Using application-specific protection protocols, such as VMware API for Data Protection (VADP),
has several benefits. These protocols allow users to:
■
Make copies of only the absolutely necessary information, reducing protection window, infrastructure and RPO (due to being able to make copies at higher frequency).
■
Restore only the absolutely essential pieces of information, improving RTO.
■
Restore at a granular level (individual emails for Microsoft Exchange) even when making copies at
a higher level (snapshots of the entire exchange server), improving RTO and window.
■
Capture changes as they occur, which allows users to recover from any point in time with application consistency, thereby minimizing the protection window.
■
Employ automated recovery of applications, minimizing RTO and going above and beyond the
protection offered by replication, conventional backup and clustering products alone.
■
Gain more control for application administrators, allowing those who need more direct control
7
over when and how their applications are protected to use application-integrated protection,
such as RMAN for Oracle.
In the past, VMware offered a first-generation application integration called VMware Consolidated
Backup (VCB) to protect application data. This has since been replaced with the new API in VADP,
which offers substantial advantages over VCB-based protection.
Protect VMware Environments
VMware Consolidated Backup (VCB)
In the evolution of the VMware ESX/ESXi hypervisor, VMware determined early on that backup was
going to be a key priority for server virtualization. The benefits of virtualization also bring increased
risk. As more and more physical systems are converted to virtual machines (VMs), there is more
risk and exposure to failures. Data recovery from a hardware failure causes great disturbance and
impact. In a virtualized environment, it can be crippling.
VMware created an integrated backup solution called VMware Consolidated Backup to handle the
challenges of protecting data in a server virtualization deployment. VCB leverages a centralized
proxy server, to which all backup traffic is directed (see Figure 4). The media agent is also deployed
on the proxy server, allowing data to stream directly from the proxy server to the backup media
device.
Figure 4. VCB leverages a centralized proxy server.
8
VCB offers the following benefits:
■
Provides full backups for VM image and full or incremental file level
■
Does not require a backup client agent on each VM
■
Does not require a shutdown of the VM to perform the backup
■
Provides centralized storage repository for all servers' backup images
■
Utilizes VMware snapshots
vStorage API for Data Protection Addresses VCB Shortcomings
VCB is limited because it requires data to be transferred from the VM's datastore to the proxy server
and then from the proxy server to the backup media target; thus, it does not alleviate the load on
the physical server or the LAN. VCB also creates crash-consistent images, known to be unreliable
images to recover in the case of a server failure. VCB also does not handle incremental backups of
VM disk image (VMDK).
Starting with the vSphere 4. 0 hypervisor release, VMware developed an API-based framework for
its virtualization ecosystem. VMware developed vStorage API for Data Protection (VADP) to manage
resource-efficient backup and restore operations. VADP leverages storage-system-based snapshots, offloading the data transfer from the physical server to the storage system and resulting in
LAN-free backup (see Figure 5). Backup software vendors use a proxy server to mount the snapshot and transfer the image directly to the backup media.
Change Block Tracking
VADP also provides a VMkernel feature called Change Block Tracking (CBT) to enable high-speed
incremental and differential backups at the block level. CBT streamlines backups and addresses
backup constraints.
With VADP you can:
■
Perform full, differential and incremental image backup and restore of VMs.
■
Perform file-level backup of VMs using supported Microsoft Windows and Linux operating
systems.
■
Ensure data consistency by using Microsoft Volume Shadow Copy Services (VSS) for VMs
running supported Microsoft applications.
9
Figure 5. VADP offloads data transfer from the physical server to the storage system.
VADP Flow
A backup software solution must perform the following steps:
■
Communicate with VMware host and gather all configuration information for hosted VMs.
■
For backup, instruct each VM to take a snapshot, then transfer the snapshot data to a media
agent.
■
For restore, instruct host to halt or recreate the target VM, then restore data from the backup
media.
Overall, with VMware VADP, VM backup and restore in vSphere environments is significantly improved. Administrators who are migrating or installing vSphere 4.x hypervisors are deploying VADP
to back up their environment (VCB has been officially phased out by VMware).
VADP and VAAI Backups
VMware vStorage APIs for Array Integration (VAAI) is a vSphere 4.1 API that drives improved resource efficiency by offloading the server resources for VM copy operations. VAAI-enabled storage
systems benefit the backup process by eliminating the volume lock required by the hypervisor to
protect other VMDKs that may be sharing the same storage (see Figure 6).
SCSI block-level locking is required any time the hypervisor needs to modify the VMFS file-system
metadata. The hypervisor granularity is at the datastore volume level, so when it locks, it must lock
the entire datastore. Depending on how often or long the activities take, there could be a big impact
on other VMs with VMDKs that share the common datastore. (Sharing the datastore allows for
higher utilization of storage assets and simplified management).
10
Figure 6. VAAI allows multiple backup operations to run in parallel.
With VAAI, the hypervisor can utilize Logical Block Address (LBA) level addressing for storage
systems that support the SCSI Atomic Test and Set primitive. Utilizing VAAI allows multiple backup
operations to run in parallel without impacting other VMs that may be sharing the common
datastore. This increases the number of backups that can be run in parallel in the environment, and
thus improves the RPO and RTO objectives.
The Hitachi Adaptable Modular Storage 2000 family (microcode 0890/B or later, SNM2 microcode
9.03 or later) and Hitachi Virtual Storage Platform (microcode DKCMAIN 60-08-01-00/00 or later)
both support the full VAAI primitives.
vCenter Site Recovery Manager for Replication
VMware vCenter Site Recovery Manager (SRM) provides advanced capabilities for disaster recovery management, nondisruptive testing, automated failover and failback, and planned migration.
Designed for greater business continuity and consolidated recovery infrastructure, Site Recovery
Manager enables the IT administrator to create and deploy automated recovery plans between production data centers and disaster recovery sites. SRM carries out failover between 2 sites running
active workloads or for multiple sites being recovered into a single shared recovery location.
The value of using vCenter SRM integration for protecting virtual environments is the ability to automatically failover and recover VMs using data replication features supplied by participating storage
vendors. Because the solution leverages functionality already built into vSphere and the supporting
storage systems, IT organizations can eliminate the number of manual, error-prone tasks related to
VM recovery, and achieve cost-effective disaster recovery capabilities across the enterprise. Starting
with vSphere 5, failback is automated whenever the site has not undergone extensive change or
whenever the recovery plan needs to be executed in the reverse direction. This is also known as reprotect or personality swap. Automated failback is only available with storage-based replication.
11
SRM can leverage vSphere replication or storage-based replication for simple, automated and
cost-efficient recovery and site migration for virtualized applications. Smaller replication efforts can
be managed directly through the vCenter Server using the vSphere Replication for granular, flexible replication at a VM level. Storage-based replication is better suited for larger business-critical
environments and for automated failback requirements. VMware provides a list of certified storage
systems that coordinate recovery and data sync operations and ensure tight integration with SRM
to leverage iSCSI, Fibre Channel and NFS-based storage replication solutions. To begin the process
for either vSphere replication or storage-based replication, the IT administrator selects the resources
residing on VMs at the primary location to be replicated. These resources are then mapped to resources on copies of the VMs, known as shadow VMs, residing at the secondary site. Next, the administrator uses pre-specified boot sequences for those machines to bring back critical applications
first. Once the initial site is back online, automatic failback provides a smooth return of everything to
the original site.
While VMware manages the protection of the VMs, the data on VMs is copied through storage
replication between same-family storage systems. In the case of certified 3rd-party storage vendors,
such as Hitachi Data Systems, storage replication adapters (SRA) are the method for performing
such tight integration. The adapter is the connection between SRM and the copy software. Using
replication software, data is then mapped and copied between the storage device at the protected
or primary site to the storage device at the recovery or secondary site. Once the data is replicated,
it is then automatically integrated back into the VMware stack. (See Figure 7 for communication flow
through the stack.)
Figure 7. Communications flow through the VMware stack.
Hitachi Data Systems is a long-standing certified VMware vSphere storage partner (see Figure 8),
from version 3.5 to the latest release version 5.0. Hitachi replication software products are fully
12
integrated with vCenter SRM and fully supported. Hitachi TrueCopy® Synchronous provides shortdistance replication between the primary and secondary sites, while Hitachi Universal Replicator and
Hitachi TrueCopy Extended Distance offer any-distance asynchronous replication without disruption
to applications or production. Once the data is replicated to the secondary site, Hitachi In-System
Replication makes a LUN-to-LUN copy, using Hitachi ShadowImage® Replication for full copies and
Hitachi Copy-on-Write Snapshot for space-efficient snapshots.
Figure 8. Hitachi Data Systems is a long-standing certified VMware vSphere storage
partner.
13
Products and Solutions from Hitachi Data
Systems
Figure 9. Technologies from Hitachi Data Systems support 3 levels of protection for
VMware environments.
Hitachi Data Protection Suite
To back up VMware environments, Hitachi Data Systems offers the Hitachi Data Protection Suite,
powered by CommVault®. HDPS is an enterprise-class, heterogeneous solution for data protection.
HDPS saves money by efficient use of disk, tape, networks and processors. And it saves administration time by simplifying and automating otherwise complex operations.
HDPS can protect a VMware virtual server environment. It can manage the backup of thousands of
VMs and dramatically reduce the overall backup time and bandwidth. HDPS delivers robust, reliable
virtual server data protection.
Another benefit of using HDPS is that you have the ability to eliminate up to 90% of redundant data
at the source and produce 50% faster backups, via data deduplication.
HDPS was designed from the ground up with a common infrastructure and methodology for adding
various capabilities. By incorporating the various protection capabilities for VMware environments,
HDPS enables multiple methodologies for VMware protection based on the service levels, as well
14
as customer business, technical and budget requirements. In addition, HDPS helps organizations
protect both virtual and physical environments. Finally, with the application and crash consistency
capabilities of HDPS administrators gain the confidence of knowing they would be able to return to
normal business operations in the event of a disaster with little or no data loss.
HDPS Moves Beyond VCB and VADP
The standard practice in VMware environments today is to utilize VCB or VADP. Although these 2
processes have greatly simplified the backup and restore operations, by offloading the data movement from the VM to a proxy VM, they still require the data to be copied from the datastore to
the target backup media. This impacts the environment because VMware datastores are typically
shared between many VMs and the streaming of data puts extra load on the datastore. VAAI has
improved the access by providing more granular locking, but you are still required to read the data
from the datastore, which impacts all the VMs that share the datastore. Your RPO and RTO are improved from the traditional host-agent based backup, but there is room for improvement. HDPS has
developed SnapProtect VSA to create clean and frequent point-in-time images that further improve
RPO and RTO granularity.
SnapProtect VSA
HDPS offers a unique feature, SnapProtect for Virtual Server Agent (VSA). VSA integrates with
Hitachi storage-system-based snapshot engines within each storage system, creating rapid copies
of datastore VMDKs (see Figure 10). These snapshots are a fast VM recovery image, with no impact
to the ESX server resources.
Figure 10. SnapProtect VSA creates rapid copies of datastore VMDKs.
15
A SnapProtect job follows the same sequence as a regular backup job; however, instead of copying
data blocks, it executes a rapid snapshot. The sequence is as follows:
■
Discover VMs based on pre-defined criteria.
■
Quiesce VMs to ensure a consistent image files.
■
Determine datastores associated with VMs.
■
Execute a storage-system-based snapshot using the storage system's APIs.
■
Release VMs to normal operation.
■
Index the snapshots and the VMs within them.
The snapshot process is very fast, requiring a very short quiesce period for the VMs. This minimal
impact on server operation allows for more frequent backups to occur during the day. Companies
can leverage this technology to radically improve their RPO and RTO as you can create more frequent point-in-time images (multiples per day).
A SnapProtect snapshot can also be copied to backup media. This is also improved from the
traditional VADP methodology because you mount the snapshot as a temporary datastore on the
media server. This allows the data to be copied without impacting the production datastore image.
It still creates a load on the storage system, but it no longer directly impacts the performance of the
source datastore.
HDPS Architecture
The HDPS architecture is a backup ecosystem that is managed by a software solution provided by
CommVault called CommCell.
The CommCell Management Group defines the scope of control for the CommServe host. All
components under the licensing and control of the CommServe host are defined as being members
of the CommCell group. The CommCell Console is the management graphical user interface (GUI)
used for managing the CommCell (see Figure 11).
Figure 11. The HDPS architecture is managed by CommVault's CommCell.
16
The media agent (MA) is responsible for the transfer of data from the client computer to the backup
media, whether disk or tape. A large number of UNIX and Windows platforms support the MA.
The HDPS architecture uses iDataAgents (iDA) for communication to execute backups.
■
Windows File System iDA: By default, this iDA is installed on each Windows host detected.
■
VMware iDA: The VMware iDA, also called the Virtual Server Agent (VSA), is installed on a proxy
host. This proxy host is a physical or virtual machine running Microsoft Windows. The Virtual
Server Agent communicates with vCenter or the ESX host to discover VMs and execute backups
using the vStorage API for Data Protection (VADP).
■
Microsoft SQL iDA: This application iDA is installed on the SQL host. It executes backups on
the SQL server system databases and SQL server user databases.
Using the VSA and the MA reduces the impact of backup processes on production servers over
traditional backup methods by offloading processing to a proxy host. Hitachi Data Protection Suite
takes a snapshot of the VM, and then accesses the snapshot through the proxy server.
HDPS can scale up to thousands of VMs and physical servers. Its configuration allows the automatic discovery and protection of newly added VMs to the environment. And, it is compatible with most
servers, storage systems, applications, databases and file systems.
The VSA performs deduplication at the proxy host, reducing the overall load to the production VMs
and reducing backup traffic.
The HDPS environment requires a Windows-based system for the SnapProtect VSA and for the
MA. It is recommended to place these on VMs that reside on an ESX server that is not overprovisioned (has plenty of physical resources available).
HDPS Deduplication
The deduplication capabilities in Hitachi Data Protection Suite can reduce the amount of data being
backed up from the source, shorten the backup window and significantly reduce bandwidth requirements. Also, it can work with key data management operations, like archiving, search, encryption
and direct recovery from deduplicated tape.
Hitachi Dynamic Replicator
Hitachi Dynamic Replicator or HDR offers disk-based business application recovery solutions for
both physical and virtual server environments. This integrated recovery software supports both local
and remote backup and disaster recovery, performing exceptionally well in heterogeneous IT infrastructures with mixed platforms and storage. These comprehensive solutions simplify recovery and
lower costs by replacing multiple existing products across various platform and application environments with a single, centrally managed solution that addresses both data and application recovery.
17
Summary
The server virtualization revolution in the computer industry has brought about some outstanding
benefits to the IT data center. Server virtualization has also introduced many challenges, with data
protection being one of the most important.
Using an array of different products and tools, Hitachi Data Systems can offer a compelling data
protection solution tailored to an organization's exact needs. Each solution offers unique value to
meet specific data management requirements for VMware virtualized environments.
Corporate Headquarters
750 Central Expressway
Santa Clara, California 95050-2627 USA
www.HDS.com
Regional Contact Information
Americas: +1 408 970 1000 or [email protected]
Europe, Middle East and Africa: +44 (0) 1753 618000 or [email protected] Asia Pacific: +852 3189 7900 or [email protected]
Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries. Hitachi Data Systems is a registered trademark and service mark of Hitachi, Ltd., in the United
States and other countries.
All other trademarks, service marks and company names in this document or website are properties of their respective owners.
Notice: This document is for informational purposes only, and does not set forth any warranty, expressed or implied, concerning any equipment or service offered or to be offered by
Hitachi Data Systems Corporation.
© Hitachi Data Systems Corporation 2012. All Rights Reserved. WP-418-A DG February 2012