Microsoft System Center 2012 Data Protection Manager (DPM) is the most unused component of System Center. But for most organizations, this component can provide huge benefits. This is true for organizations that use Microsoft services such as Exchange, SharePoint, and SQL Server—and especially for those that use Hyper-V as their virtualization technology (an ever-growing percentage of organizations since the release of). In this article, I'll cover DPM's capabilities as they relate to Hyper-V. I'll also discuss considerations that relate to using Server Message Block (SMB) for virtual machine (VM) storage and clusters, using cluster shared volumes (CSVs), and live-migrating VMs while also using the best design to protect your workloads.
DPM Hyper-V Protection 101
Before I discuss DPM and Hyper-V, I want to review Hyper-V's native backup capability. Windows uses Volume Shadow Copy Service (VSS) to ensure that backups are in an application-consistent state. Therefore, protected data will be usable when a data restore is needed. Without VSS, a backup process that has just backed up a running data file (e.g., a SQL Server database) would first need to back up a locked file. But then there would be no way of knowing that the data that was written to disk was in a consistent state. SQL Server might have been halfway through writing data, so the file might be corrupt and unusable in a restore process. VSS solves this issue by actively involving the application during a backup process.
Nearly all enterprise applications provide a VSS writer. This VSS writer allows application developers to define the actions that are required to ready an application's disk-based data for backup, make sure that all data in memory is flushed out to disk, and then pause any future writes to disk until the data snapshot is complete. All VSS writers that have been registered with an OS are called during a VSS backup to ensure that all data on disk is in an application-consistent state.
Why does this matter with regard to Hyper-V? Consider this: If a VM is backed up from the Hyper-V host, the virtual hard disk (VHD, or newer VHDX) files are backed up. If a snapshot of the current state of a VHD or VHDX was simply taken and backed up, then the current state of that VHD or VHDX is unlikely to be in a consistent state. The OS that is running inside the VM has no way of knowing that a backup is being performed. The only way to ensure a good backup is to perform an offline backup of the VM. Fortunately, Hyper-V addresses this situation.
In an enlightened VM, the OS that's running in the VM knows that it's virtualized and can communicate with the virtualization host. This communication occurs primarily through the Hyper-V integration services, of which there are several. One is the Backup (Volume Snapshot) integration service, which is the key to application-integral backups of Hyper-V VMs.
When a backup of a Hyper-V VM is taken, the VSS request is passed, via the Backup integration service, to the OS that's running within the VM. The passing of the VSS request calls all VSS writers that are registered within the VM's OS. The data of the VM on the VHD or VHDX is readied for backup, so when that VHD or VHDX is backed up at the host level via the Hyper-V writer, the content is in an application-consistent state.
DPM fully utilizes this VSS pass-through Hyper-V capability for its online protection of Hyper-V VMs. However, there are requirements for an online backup of VMs:
- The Backup integration service must be enabled, which means that the OS running in the VM must support Hyper-V integration services.
- The Windows guest OS must support VSS (Windows 2003 or later).
- Dynamic disks must not be present within the VM.
- All volumes must be NTFS—even when Microsoft Application Virtualization (App-V), which might create a non-NTFS volume, is used.
- The VM must be running.
- VSS storage assignment for the volumes must not be modified.
- If the VM is part of a cluster configuration, then the cluster resource group must be online.
If any of these requirements are not met, such as with a Linux VM or Windows 2000 system, then an offline backup is performed. This backup places the VM in a saved state while the snapshot is taken, then resumes the VM. This causes a period of unavailability for the VM during the backup. However, this period should be only about 30 seconds in most environments.
When creating a new DPM protection group or adding a VM to an existing protection group, the type of backup that will be used is shown, and the basic process is as follows:
- Launch the DPM Administrator console and select the Protection workspace.
- Choose the New action.
- Click Next to open the Introduction wizard.
- Choose Servers as the type of protection group, and then click Next.
- Choose the Hyper-V server that you want to protect and then expand the HyperV navigation node to see all the VMs that can be protected, as Figure 1 shows. Note that there are two options for the backup:
- Backup Using Child Partition Snapshot—an online backup (for VMs that meet the previously listed requirements)
- Backup Using Saved State—an offline backup
- Choose the VMs that you want to back up, and then click Next.
- Choose a name for the protection group. For System Center 2012 Service Pack 1 (SP1) DPM, you can also save VM backup data to online storage, such as Windows Azure storage.
- Complete the remaining steps to configure retention time, times to create recovery points, how to create the initial replica (i.e., over the network or via removable media), and storage allocation.
When Hyper-V protection is in place, you can restore either the entire VM or specific files from the VM. This feature is useful because mounting VHDs is native to Windows Server 2008 R2 and later. Use the Recovery workspace, choose the VM, choose a date and time, and double-click the VM VHD in the details area. Continue to drill down into the volumes, folders, and files from the VM and restore the items that you need.
Special Hyper-V Protection Considerations
There are some special considerations when using DPM to protect Hyper-V VMs, especially when using Windows Server 2012 Hyper-V. Think about protecting a typical server OS: The agent runs within the OS, and the DPM server can always communicate with that agent to protect data such as files for the SQL Server database. The same is true for a VM running on Hyper-V. The DPM server can communicate with the DPM agent on the Hyper-V host to retrieve data for the protected VM.
What about live migration of a VM within a cluster? The VM can be on Server A one day and on Server B the next, so how can DPM know how to continue protecting the VM? For VMs in a Windows Server 2012 cluster, continued protection—even when VMs are migrated live between nodes—is supported, providing that the following steps are performed prior to protecting the VMs:
- The DPM agent has been installed on all nodes in the cluster.
- The System Center 2012 Virtual Machine Manager (VMM) console has been installed on the DPM server. (Make sure that the VMM console is the same version as the VMM server that is managing the Hyper-V cluster.)
- The following Windows PowerShell command has been run from an elevated DPM PowerShell prompt: runSet-DPMGlobalProperty -DPMServerName <Name of the DPM server> -KnownVMMServers <Name of the VMM server>
- The DPMVMMHelper server has been started.
Speaking of clusters: If CSVs are used in a large cluster (i.e., 8 nodes or more) with many VMs (e.g., 400 VMs), a scan of the environment could take hours to complete when you want to configure protection. However, with Windows Server 2012 and Service Center 2012 SP1 DPM, you no longer need to enable serialization. However, it's still better to use a hardware VSS provider when possible, to avoid a performance impact on protected VMs.
Another new feature of Windows Server 2012 is support for storing VMs on SMB 3.0 file shares. This capability adds additional complexity to DPM protection. Fortunately, as part of making SMB an enterprise-quality protocol, Microsoft provides VSS support for SMB file shares. DPM uses this support when protecting VMs that are stored on SMB 3.0 file shares. To ensure proper protection of such VMs, the DPM agent must be installed on the SMB file server (or servers, if the SMB share is in a cluster) and the File Server VSS Agent Service (a role service of Windows Server 2012) must be enabled.
Windows Server 2012 also supports shared-nothing live migration, which allows VMs to be moved between Hyper-V hosts that aren't part of a cluster (or that are part of different clusters). As long as both the source and target Hyper-V hosts are managed by the same VMM server, DPM protection will continue. (Note the common thread: VMM is crucial for continued protection when VMs move between hosts.) When dealing with shared-nothing live migration, two scenarios can affect what happens to VM protection:
- The VM is stored on an SMB file share, so the only movement is the VM memory and state (not the storage). There is no real change to what DPM is protecting, and the protection continues without interruption.
- The VM is stored on non-common storage, thus requiring a storage migration as part of the shared-nothing live migration. Although DPM can still recognize that the VM has moved, it requires a consistency check (i.e., a block-by-block comparison of the source protected data and the DPM replica, to look for possible inconsistencies) on the storage if protection is to continue. This requirement has some overhead on the system.
Although extra steps are required for some advanced scenarios, you can take comfort in the fact that all scenarios are possible. In any situation, DPM can fully protect your Hyper-V environment.
How to Protect Hyper-V VMs
How can you protect your Hyper-V VMs? You might think that simply choosing the VMs as part of a protection group at the Hyper-V host level would be the simplest method. However, this might not be the best option.
Consider that DPM has application-level protection of workloads such as SQL Server, Exchange, and SharePoint, enabling application-level recoveries of databases, mailboxes, or SharePoint items. Should you protect a SharePoint server that is running inside a Hyper-V VM by protecting the VM at the Hyper-V host level? If you need to restore data, you can restore the entire VM or files from the file system, but none of that restore is in SharePoint terms, and directly restoring SharePoint items isn't possible. But if that same SharePoint server is protected by installing the DPM agent within the VM and protecting SharePoint from within the VM as part of a protection group, then you can restore individual items from SharePoint.
Figures 2 and 3 show the same VM.
Figure 2 shows the restore capability when the VM is protected at the Hyper-V host level; Figure 3 shows the restore capability when SharePoint is protected within the VM. As you can see, there's a big difference between the two options.
Backing up VMs at the Hyper-V host level is not always the best option. The decision regarding how to back up VMs should be based on how you want to perform restoration of data. If you want application-aware restoration, then you need to run the DPM agent within the VM and use that agent to protect the workloads within the VM. Otherwise, backing up at the Hyper-V host level is sufficient.
Not Just for Hyper-V
I strongly urge you to consider DPM—not just for Hyper-V, but also for other Microsoft workloads. Don't take the path of least resistance, which would be to simply protect all VMs at the Hyper-V host level. If possible, use more granular, application-aware protection by installing the DPM agent within your VMs, and use protection at the Hyper-V host as a second choice. For more information, see the accompanying video.