W H I T E P A P E R How to Effectively Protect Data in Virtualized Environments By Hitachi Data Systems February 2012 2 Table of Contents Executive Summary 3 Challenges 4 Comprehensive Data Protection Approach from Hitachi Data Systems 4 Service-level Protection 4 Move or Archive Inactive Data to a Content Store with Built-in Protection 6 Application Integration 6 Protect VMware Environments 7 VMware Consolidated Backup (VCB) 7 vStorage API for Data Protection Addresses VCB Shortcomings 8 Change Block Tracking 8 VADP Flow 9 VADP and VAAI Backups 9 vCenter Site Recovery Manager for Replication Products and Solutions from Hitachi Data Systems 10 13 Hitachi Data Protection Suite 13 HDPS Moves Beyond VCB and VADP 14 SnapProtect VSA 14 HDPS Architecture 15 HDPS Deduplication 16 Hitachi Dynamic Replicator 16 Summary 17 3 Executive Summary Increasingly, more organizations are virtualizing more of their server environments to gain: ■ Improved utilization leading to lower capital and operational costs ■ Data center flexibility ■ Reduced data center floor space consumption ■ Lower power and HVAC (heating, ventilation and air conditioning) costs Virtualization brings many positive benefits to organizations, but it also brings many challenges. This paper discusses the challenges and options for protecting data effectively in a virtualized environment. 4 Challenges Prior to virtualization, due to the deployment of high-performance CPUs, high-speed systems buses, networks and high-capacity in-system memory, these resources were available in excess in traditional servers. Very few applications could exhaust these resources in physical servers on a sustained basis throughout the day. This resulted in wastage and hence gave birth to the concept of server virtualization. However, these excess resources were critical for data protection processes. Traditional data protection revolved around deploying resource-intensive backup agents on physical servers, which copy and move data from production storage to a backend disk or tape target. These agents consumed extensive physical resources, such as CPU, memory and network bandwidth. Unfortunately, server virtualization nearly eliminates this "wastage," thereby making it virtually impossible to meet key data protection objectives. Comprehensive Data Protection Approach from Hitachi Data Systems To solve organizations' data protection challenges, including protection of VMware environments, Hitachi Data Systems has developed a comprehensive, 3-pronged approach, as shown in Figure 1. Figure 1. Hitachi Data Systems takes a comprehensive, 3-pronged approach to data protection. Service-level Protection Most customers follow a policy of full backups on the weekends and incremental backup on weekdays to protect all data. This one-size-fits-all approach is increasingly becoming inadequate, as all data is not equal in importance. 5 Hitachi Data Systems recommends a tiered protection approach that is based on service-level requirements of the data and focused on recovery objectives. Users protect data to recover for 3 broad reasons. Each of these requires different technologies that are optimized for that specific recovery type. Operational Recovery. Organizations choose this route to recover from operational issues, such as inadvertent deletion, localized hardware failure, etc. This is the most common form of recovery in data protection operations. Disaster Recovery. This route is selected to recover from catastrophic site disasters, such as earthquakes and tsunamis. Fortunately, this is fairly infrequent, highly difficult and expensive, and usually involves moving operations to an alternate data center. Regulatory Recovery. Organizations may choose this route to recover data after very long periods of time, such as 20 or more years. In addition to the 3 recovery types listed above, organizations may choose to focus on operational resilience. In this way, they can take steps to prevent data loss and improve application availability from hardware failures, site disasters, network outages, etc. In addition, for each of these recovery routes, it is recommended that organizations protect the more valuable data more aggressively than less valuable information. This helps reduce the risk for the higher value data and reduce the cost of protection for data with lesser value to the organization. Figure 2 lists 3 possible tiers and technologies that could meet the recovery time objective or recovery point objective (RTO or RPO) requirements for each. This must be customized for each organization, based on their environment and needs. Figure 2. Choose from 3 tiers of technologies to answer protection objectives. 6 Move or Archive Inactive Data to a Content Store with Built-in Protection As depicted in Figure 3, by moving inactive data to a content storage platform, the amount of data that needs to be protected is reduced. This reduces the protection (backup) window as well as the protection (backup) infrastructure needed. However, the critical step in this solution is choosing a content platform that has built-in data protection. Without such a platform, the problem is only moved (as the archive target needs to be further protected), and not solved. Figure 3. Moving inactive data to Hitachi Content Platform reduces the amount of data requiring protection. Application Integration Using application-specific protection protocols, such as VMware API for Data Protection (VADP), has several benefits. These protocols allow users to: ■ Make copies of only the absolutely necessary information, reducing protection window, infrastructure and RPO (due to being able to make copies at higher frequency). ■ Restore only the absolutely essential pieces of information, improving RTO. ■ Restore at a granular level (individual emails for Microsoft Exchange) even when making copies at a higher level (snapshots of the entire exchange server), improving RTO and window. ■ Capture changes as they occur, which allows users to recover from any point in time with application consistency, thereby minimizing the protection window. ■ Employ automated recovery of applications, minimizing RTO and going above and beyond the protection offered by replication, conventional backup and clustering products alone. ■ Gain more control for application administrators, allowing those who need more direct control 7 over when and how their applications are protected to use application-integrated protection, such as RMAN for Oracle. In the past, VMware offered a first-generation application integration called VMware Consolidated Backup (VCB) to protect application data. This has since been replaced with the new API in VADP, which offers substantial advantages over VCB-based protection. Protect VMware Environments VMware Consolidated Backup (VCB) In the evolution of the VMware ESX/ESXi hypervisor, VMware determined early on that backup was going to be a key priority for server virtualization. The benefits of virtualization also bring increased risk. As more and more physical systems are converted to virtual machines (VMs), there is more risk and exposure to failures. Data recovery from a hardware failure causes great disturbance and impact. In a virtualized environment, it can be crippling. VMware created an integrated backup solution called VMware Consolidated Backup to handle the challenges of protecting data in a server virtualization deployment. VCB leverages a centralized proxy server, to which all backup traffic is directed (see Figure 4). The media agent is also deployed on the proxy server, allowing data to stream directly from the proxy server to the backup media device. Figure 4. VCB leverages a centralized proxy server. 8 VCB offers the following benefits: ■ Provides full backups for VM image and full or incremental file level ■ Does not require a backup client agent on each VM ■ Does not require a shutdown of the VM to perform the backup ■ Provides centralized storage repository for all servers' backup images ■ Utilizes VMware snapshots vStorage API for Data Protection Addresses VCB Shortcomings VCB is limited because it requires data to be transferred from the VM's datastore to the proxy server and then from the proxy server to the backup media target; thus, it does not alleviate the load on the physical server or the LAN. VCB also creates crash-consistent images, known to be unreliable images to recover in the case of a server failure. VCB also does not handle incremental backups of VM disk image (VMDK). Starting with the vSphere 4. 0 hypervisor release, VMware developed an API-based framework for its virtualization ecosystem. VMware developed vStorage API for Data Protection (VADP) to manage resource-efficient backup and restore operations. VADP leverages storage-system-based snapshots, offloading the data transfer from the physical server to the storage system and resulting in LAN-free backup (see Figure 5). Backup software vendors use a proxy server to mount the snapshot and transfer the image directly to the backup media. Change Block Tracking VADP also provides a VMkernel feature called Change Block Tracking (CBT) to enable high-speed incremental and differential backups at the block level. CBT streamlines backups and addresses backup constraints. With VADP you can: ■ Perform full, differential and incremental image backup and restore of VMs. ■ Perform file-level backup of VMs using supported Microsoft Windows and Linux operating systems. ■ Ensure data consistency by using Microsoft Volume Shadow Copy Services (VSS) for VMs running supported Microsoft applications. 9 Figure 5. VADP offloads data transfer from the physical server to the storage system. VADP Flow A backup software solution must perform the following steps: ■ Communicate with VMware host and gather all configuration information for hosted VMs. ■ For backup, instruct each VM to take a snapshot, then transfer the snapshot data to a media agent. ■ For restore, instruct host to halt or recreate the target VM, then restore data from the backup media. Overall, with VMware VADP, VM backup and restore in vSphere environments is significantly improved. Administrators who are migrating or installing vSphere 4.x hypervisors are deploying VADP to back up their environment (VCB has been officially phased out by VMware). VADP and VAAI Backups VMware vStorage APIs for Array Integration (VAAI) is a vSphere 4.1 API that drives improved resource efficiency by offloading the server resources for VM copy operations. VAAI-enabled storage systems benefit the backup process by eliminating the volume lock required by the hypervisor to protect other VMDKs that may be sharing the same storage (see Figure 6). SCSI block-level locking is required any time the hypervisor needs to modify the VMFS file-system metadata. The hypervisor granularity is at the datastore volume level, so when it locks, it must lock the entire datastore. Depending on how often or long the activities take, there could be a big impact on other VMs with VMDKs that share the common datastore. (Sharing the datastore allows for higher utilization of storage assets and simplified management). 10 Figure 6. VAAI allows multiple backup operations to run in parallel. With VAAI, the hypervisor can utilize Logical Block Address (LBA) level addressing for storage systems that support the SCSI Atomic Test and Set primitive. Utilizing VAAI allows multiple backup operations to run in parallel without impacting other VMs that may be sharing the common datastore. This increases the number of backups that can be run in parallel in the environment, and thus improves the RPO and RTO objectives. The Hitachi Adaptable Modular Storage 2000 family (microcode 0890/B or later, SNM2 microcode 9.03 or later) and Hitachi Virtual Storage Platform (microcode DKCMAIN 60-08-01-00/00 or later) both support the full VAAI primitives. vCenter Site Recovery Manager for Replication VMware vCenter Site Recovery Manager (SRM) provides advanced capabilities for disaster recovery management, nondisruptive testing, automated failover and failback, and planned migration. Designed for greater business continuity and consolidated recovery infrastructure, Site Recovery Manager enables the IT administrator to create and deploy automated recovery plans between production data centers and disaster recovery sites. SRM carries out failover between 2 sites running active workloads or for multiple sites being recovered into a single shared recovery location. The value of using vCenter SRM integration for protecting virtual environments is the ability to automatically failover and recover VMs using data replication features supplied by participating storage vendors. Because the solution leverages functionality already built into vSphere and the supporting storage systems, IT organizations can eliminate the number of manual, error-prone tasks related to VM recovery, and achieve cost-effective disaster recovery capabilities across the enterprise. Starting with vSphere 5, failback is automated whenever the site has not undergone extensive change or whenever the recovery plan needs to be executed in the reverse direction. This is also known as reprotect or personality swap. Automated failback is only available with storage-based replication. 11 SRM can leverage vSphere replication or storage-based replication for simple, automated and cost-efficient recovery and site migration for virtualized applications. Smaller replication efforts can be managed directly through the vCenter Server using the vSphere Replication for granular, flexible replication at a VM level. Storage-based replication is better suited for larger business-critical environments and for automated failback requirements. VMware provides a list of certified storage systems that coordinate recovery and data sync operations and ensure tight integration with SRM to leverage iSCSI, Fibre Channel and NFS-based storage replication solutions. To begin the process for either vSphere replication or storage-based replication, the IT administrator selects the resources residing on VMs at the primary location to be replicated. These resources are then mapped to resources on copies of the VMs, known as shadow VMs, residing at the secondary site. Next, the administrator uses pre-specified boot sequences for those machines to bring back critical applications first. Once the initial site is back online, automatic failback provides a smooth return of everything to the original site. While VMware manages the protection of the VMs, the data on VMs is copied through storage replication between same-family storage systems. In the case of certified 3rd-party storage vendors, such as Hitachi Data Systems, storage replication adapters (SRA) are the method for performing such tight integration. The adapter is the connection between SRM and the copy software. Using replication software, data is then mapped and copied between the storage device at the protected or primary site to the storage device at the recovery or secondary site. Once the data is replicated, it is then automatically integrated back into the VMware stack. (See Figure 7 for communication flow through the stack.) Figure 7. Communications flow through the VMware stack. Hitachi Data Systems is a long-standing certified VMware vSphere storage partner (see Figure 8), from version 3.5 to the latest release version 5.0. Hitachi replication software products are fully 12 integrated with vCenter SRM and fully supported. Hitachi TrueCopy® Synchronous provides shortdistance replication between the primary and secondary sites, while Hitachi Universal Replicator and Hitachi TrueCopy Extended Distance offer any-distance asynchronous replication without disruption to applications or production. Once the data is replicated to the secondary site, Hitachi In-System Replication makes a LUN-to-LUN copy, using Hitachi ShadowImage® Replication for full copies and Hitachi Copy-on-Write Snapshot for space-efficient snapshots. Figure 8. Hitachi Data Systems is a long-standing certified VMware vSphere storage partner. 13 Products and Solutions from Hitachi Data Systems Figure 9. Technologies from Hitachi Data Systems support 3 levels of protection for VMware environments. Hitachi Data Protection Suite To back up VMware environments, Hitachi Data Systems offers the Hitachi Data Protection Suite, powered by CommVault®. HDPS is an enterprise-class, heterogeneous solution for data protection. HDPS saves money by efficient use of disk, tape, networks and processors. And it saves administration time by simplifying and automating otherwise complex operations. HDPS can protect a VMware virtual server environment. It can manage the backup of thousands of VMs and dramatically reduce the overall backup time and bandwidth. HDPS delivers robust, reliable virtual server data protection. Another benefit of using HDPS is that you have the ability to eliminate up to 90% of redundant data at the source and produce 50% faster backups, via data deduplication. HDPS was designed from the ground up with a common infrastructure and methodology for adding various capabilities. By incorporating the various protection capabilities for VMware environments, HDPS enables multiple methodologies for VMware protection based on the service levels, as well 14 as customer business, technical and budget requirements. In addition, HDPS helps organizations protect both virtual and physical environments. Finally, with the application and crash consistency capabilities of HDPS administrators gain the confidence of knowing they would be able to return to normal business operations in the event of a disaster with little or no data loss. HDPS Moves Beyond VCB and VADP The standard practice in VMware environments today is to utilize VCB or VADP. Although these 2 processes have greatly simplified the backup and restore operations, by offloading the data movement from the VM to a proxy VM, they still require the data to be copied from the datastore to the target backup media. This impacts the environment because VMware datastores are typically shared between many VMs and the streaming of data puts extra load on the datastore. VAAI has improved the access by providing more granular locking, but you are still required to read the data from the datastore, which impacts all the VMs that share the datastore. Your RPO and RTO are improved from the traditional host-agent based backup, but there is room for improvement. HDPS has developed SnapProtect VSA to create clean and frequent point-in-time images that further improve RPO and RTO granularity. SnapProtect VSA HDPS offers a unique feature, SnapProtect for Virtual Server Agent (VSA). VSA integrates with Hitachi storage-system-based snapshot engines within each storage system, creating rapid copies of datastore VMDKs (see Figure 10). These snapshots are a fast VM recovery image, with no impact to the ESX server resources. Figure 10. SnapProtect VSA creates rapid copies of datastore VMDKs. 15 A SnapProtect job follows the same sequence as a regular backup job; however, instead of copying data blocks, it executes a rapid snapshot. The sequence is as follows: ■ Discover VMs based on pre-defined criteria. ■ Quiesce VMs to ensure a consistent image files. ■ Determine datastores associated with VMs. ■ Execute a storage-system-based snapshot using the storage system's APIs. ■ Release VMs to normal operation. ■ Index the snapshots and the VMs within them. The snapshot process is very fast, requiring a very short quiesce period for the VMs. This minimal impact on server operation allows for more frequent backups to occur during the day. Companies can leverage this technology to radically improve their RPO and RTO as you can create more frequent point-in-time images (multiples per day). A SnapProtect snapshot can also be copied to backup media. This is also improved from the traditional VADP methodology because you mount the snapshot as a temporary datastore on the media server. This allows the data to be copied without impacting the production datastore image. It still creates a load on the storage system, but it no longer directly impacts the performance of the source datastore. HDPS Architecture The HDPS architecture is a backup ecosystem that is managed by a software solution provided by CommVault called CommCell. The CommCell Management Group defines the scope of control for the CommServe host. All components under the licensing and control of the CommServe host are defined as being members of the CommCell group. The CommCell Console is the management graphical user interface (GUI) used for managing the CommCell (see Figure 11). Figure 11. The HDPS architecture is managed by CommVault's CommCell. 16 The media agent (MA) is responsible for the transfer of data from the client computer to the backup media, whether disk or tape. A large number of UNIX and Windows platforms support the MA. The HDPS architecture uses iDataAgents (iDA) for communication to execute backups. ■ Windows File System iDA: By default, this iDA is installed on each Windows host detected. ■ VMware iDA: The VMware iDA, also called the Virtual Server Agent (VSA), is installed on a proxy host. This proxy host is a physical or virtual machine running Microsoft Windows. The Virtual Server Agent communicates with vCenter or the ESX host to discover VMs and execute backups using the vStorage API for Data Protection (VADP). ■ Microsoft SQL iDA: This application iDA is installed on the SQL host. It executes backups on the SQL server system databases and SQL server user databases. Using the VSA and the MA reduces the impact of backup processes on production servers over traditional backup methods by offloading processing to a proxy host. Hitachi Data Protection Suite takes a snapshot of the VM, and then accesses the snapshot through the proxy server. HDPS can scale up to thousands of VMs and physical servers. Its configuration allows the automatic discovery and protection of newly added VMs to the environment. And, it is compatible with most servers, storage systems, applications, databases and file systems. The VSA performs deduplication at the proxy host, reducing the overall load to the production VMs and reducing backup traffic. The HDPS environment requires a Windows-based system for the SnapProtect VSA and for the MA. It is recommended to place these on VMs that reside on an ESX server that is not overprovisioned (has plenty of physical resources available). HDPS Deduplication The deduplication capabilities in Hitachi Data Protection Suite can reduce the amount of data being backed up from the source, shorten the backup window and significantly reduce bandwidth requirements. Also, it can work with key data management operations, like archiving, search, encryption and direct recovery from deduplicated tape. Hitachi Dynamic Replicator Hitachi Dynamic Replicator or HDR offers disk-based business application recovery solutions for both physical and virtual server environments. This integrated recovery software supports both local and remote backup and disaster recovery, performing exceptionally well in heterogeneous IT infrastructures with mixed platforms and storage. These comprehensive solutions simplify recovery and lower costs by replacing multiple existing products across various platform and application environments with a single, centrally managed solution that addresses both data and application recovery. 17 Summary The server virtualization revolution in the computer industry has brought about some outstanding benefits to the IT data center. Server virtualization has also introduced many challenges, with data protection being one of the most important. Using an array of different products and tools, Hitachi Data Systems can offer a compelling data protection solution tailored to an organization's exact needs. Each solution offers unique value to meet specific data management requirements for VMware virtualized environments. Corporate Headquarters 750 Central Expressway Santa Clara, California 95050-2627 USA www.HDS.com Regional Contact Information Americas: +1 408 970 1000 or info@hds.com Europe, Middle East and Africa: +44 (0) 1753 618000 or info.emea@hds.com Asia Pacific: +852 3189 7900 or hds.marketing.apac@hds.com Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries. Hitachi Data Systems is a registered trademark and service mark of Hitachi, Ltd., in the United States and other countries. All other trademarks, service marks and company names in this document or website are properties of their respective owners. Notice: This document is for informational purposes only, and does not set forth any warranty, expressed or implied, concerning any equipment or service offered or to be offered by Hitachi Data Systems Corporation. © Hitachi Data Systems Corporation 2012. All Rights Reserved. WP-418-A DG February 2012
© Copyright 2024