VCP6-DCV Objective 6.1 – Configure and Administer a vSphere Backups/Restore/Replication Solution

VMware vSphere comes with free vSphere Data protection (VDP) product. There is no more VDP and VDP advanced as the VDP inherited all advanced features of VDP Advanced. So VDP is Advanced by Default. This post will cover VCP6-DCV Objective 6.1 – Configure and Administer a vSphere Backups/Restore/Replication Solution.

It seems that for VCP6 there is more material to study and more topics to master. For whole exam coverage I created a dedicated VCP6-DCV page. Or if you're not preparing to pass a VCP6-DCV, you might just want to look on some how-to, news, videos about vSphere 6 – check out my vSphere 6 page.

VMware vSphere Knowledge:

• Identify snapshot requirements
• Identify VMware Data Protection requirements
• Explain VMware Data Protection sizing Guidelines
• Identify VMware Data Protection version offerings
• Describe vSphere Replication architecture
• Create/Delete/Consolidate virtual machine snapshots
• Install and Configure VMware Data Protection
• Create a backup job with VMware Data Protection
• Install/Configure/Upgrade vSphere Replication
• Configure VMware Certificate Authority (VMCA) integration with vSphere Replication
• Configure Replication for Single/Multiple VMs
• Identify vSphere Replication compression methods
• Recover a VM using vSphere Replication
• Perform a failback operation using vSphere Replication
• Determine appropriate backup solution for a given vSphere implementation

—————————————————————————————————–

Identify snapshot requirements

As you know vSphere FT VMs can now be protected (backed up) via backup solutions using snapshots. No manual snapshots for those VMs however as the snapshots are managed through an API calls only.

VDP utilizes the Changed Block Tracking (CBT) greatly reducing the backup time of a VMs and so you can process much more VMs during your backup window than without using CBT. Note that CBT is also leveraged during restores where the if restored to the original location, VDP can determine the missing blocks in the destination and only restore those. Not all the blocks.

VDP leverages deduplication technology based on Avamar's code. Full VM recovery, File level recovery – both supported in VDP. vSphere data protection (VDP) and vSphere replication (VR) both uses snapshots on regular basis to protect VMs (or to replicate them). In the case of VR the RPO is as low as 15 min.

Identify VMware Data Protection requirements

Image level backups – vSphere Data Protection creates image‐level backups, which are integrated with the vStorage API for Data Protection, a feature set within vSphere to offload the backup processing overhead from the virtual machine to the VDP Appliance. The VDP Appliance communicates with the vCenter Server to make a snapshot of a virtual machine’s .vmdk files. Deduplication takes place within the appliance by using a patented variable‐length deduplication technology.

Guest-level backup – VDP supports guest‐level backups for Microsoft SQL Servers, Exchange Servers, and Share Point Servers. With
guest‐level backups, client agents (VMware VDP for SQL Server Client, VMware VDP for Exchange Server
Client, or VMware VDP for SharePoint Server Client) are installed on the SQL Server, Exchange Server, or
SharePoint Server in the same manner that backup agents are typically installed on physical servers

VDP can not only protect VMs but also physical systems!  – Microsoft Exchange, SQL Server, SharePoint when backed up by VDP, the agents which needs to get installed on those servers in order to protect them efficiently, are leveraged for granular restores. It does not have to be VMs to allow application level recovery.

Explain VMware Data Protection sizing Guidelines

vSphere web client is necessary for deployment and administration of the VDP, which can be deployed on practically any storage (VMFS, NFS or VSAN). vSphere Data Protection 6.0 Administration Guide p.20

Capacity Requirements:

• Up to 20 VDP appliances per vCenter server
• Each appliance can protect up to 400 VMs
• 8TB of deduplicated backups

Sizing depends on following factors:

• Types of data being backed up (files, DB, OS files)
• Data change rate
• Size of protected VMs and their numbers
• Retention period (daily, weekly, monthly or yearly)
• Deployment availability of VDP as 0.5TB, 1Tb, 2Tb, 4Tb, 6Tb, 8Tb (if deployed small size, can be increased later).

vSphere data protection 6.0 administration guide p. 21

Software Requirements:

• Minium requirements is vCenter 5.1 to install VDP 6, but 5.5 or higher is recommended.
• VDP 6 supports vCSA and Windows based vCenters
• vSphere Web client where browsers needs Flash player 11.3 or above version installed.
• NOTE: VDP do not support of backup of vCenter server appliance (VCSA) itself.
• VMs to be protected must be on virtual hardware version 7 or higher (CBT) and VMware tools installed.
• VDP repository usually fills rapidly for the first few weeks. This is because nearly every client that is backed up contains unique data. But then VDP deduplication
  allows to save space when other similar clients have been backed up, or the same clients have been backed up at least once.

Unsupported VMs disks:

• Independent
• RDM Independent – virtual compatibility mode
• RDM w. physical compatibility mode

Identify VMware Data Protection version offerings

I guess this is a bit erroneous topic as the VDP is by default now a VDP Advanced. However I think it's worth to know that in the past there were two versions: VDP and VDP advanced. VDP allows:

• Disk level Granularity  – allows backup/restore individual VMDK (virtual disks).
• Restore directly with ESXi (if vCenter is not available) – by going to https://<ip_of_vdp>/vdp-configure you can access to Emergency restore tab where you can trigger restores.
• Detachable/remountable data partitions – for DR scenarios of VDP
• Replication to the cloud – off site backups
• Time-of-day scheduling – schedule backup to be triggered exactly when you want
• Removal of the blackout window

VDP has also:

• Application-level replication
• Ability to expand current datastore
• Backup to a Data Domain system
• Ability to restore to a granular level on Microsoft Servers and automatic backup verification.
• VDP also supports guest-level backups and restores of Microsoft SQL Servers, Exchange Servers, and Share Point Servers, providing for application consistent backups of these servers.

A migration tool is included with VDP 5.1.10 and later releases. This tool handles migration of data and restore points. Backup jobs cannot be migrated.

Describe vSphere Replication architecture

vSphere replication is separate product included in vSphere. It allows to configure replication of VMs from source site to target site. It uses snapshots (points-in-time) to transfer delta informations to the other side.

Types of replication:

• Within single site – from one cluster to another
• From multiple source sites – to shared remote site
• From source site to target site

vCenter server (Windows) or VCSA can be used. Possibility to deploy additional VR servers to enhance. VMware VSAN is supported as target (destination) datastore.

Architecture:

The vSphere replication appliance contains the following:

• vCenter Plugin for vSphere web client.
• An embedded database storing replication config and management information.
• vSphere Replication management server – configures vSphere replication server, enables, manages, monitors replication and also authenticate users and check their permissions for VR operations.
• vSphere Replication Server – provide the core of VR infra.

Below example of architecture with single vCenter server and single site (possible also multi-site to shared location or two sites in between).

From the network perspective it's necessary to setup vmkernel adapter per ESXi host which is used as a replication source, for isolation of the replication traffic.

Create/Delete/Consolidate virtual machine snapshots

To create a VM snapshot. Two ways possible (vSphere client or vSphere web client).  Select VM > take snapshot of this virtual machine.

Delete snapshot – via snapshot manager > delete

Consolidate VM snapshots –  if any VM that shows that needs to consolidate, just select and right click that particular VM and choose Consolidate.

Right click > Shapshot > Consolidate

Install and Configure VMware Data Protection

VDP is VSA based (Linux). The deployment as an OVF is fast and convenient.

Requirements:

• NTP – All vSphere hosts and the vCenter Server must have NTP configured properly. The VDP Appliance gets the correct time through vSphere and must not
  be configured with NTP.
• DNS – create DNS forward and reverse record and check that you have vCenter server responding via nslookup.

Deploy the OVF file via vSphere Web client to a VMFS5 datastore (to avoid block size limitations).

After the deployment and start up of the VM go to the IP address precised on the console.

https://ip_of_vdp:8543/vdp-configure

Login: root
pass: changeme

Follow the assistant, you should have the info pre-filled when you click the next button…

continue with the wizard. Test your connection to vCenter to avoid issues…

Create storage. Here you can (but don't have to) check the box “store with appliance” in case you have enough space on the shared storage datastore you have chosen.

Continue with the assistant until the end. After the setup finished the appliance will reboot…

It takes up to 15 min to fully setup after the reboot… -:) You'll have to log off and log in back again through vSphere web client to see this new plugin to appear..

Create a backup job with VMware Data Protection

To create a first backup job, just click through the new icon on the dashboard in vSphere web client.

Then start an assistant…

continue..

Choose a VM(s)…

Backup schedule…

Specify retention policy…. Note that this can be changed later. (Think of sizing).

Give the job some meaningful name…

And off you go.

Just created first backup job. If you go and click the Configuration TAB, then down there you can configure the Backup window configuration… If not the default backup starts at 8PM…

Install/Configure/Upgrade vSphere Replication

vSphere Replication is distributed as ISO. Mount the ISO to access the OVF file to be deployed.

Requirements:

• Source and target site must have vSphere web client and the client integration plugin is installed as well
• Select the vCenter Server instance on which you are deploying vSphere Replication, click Manage > Settings > Advanced Settings, and verify that the VirtualCenter.FQDN
  value is set to a fully-qualified domain name or a literal address

• Network ports – For a list of all the ports that must be open for vSphere Replication, see https://kb.vmware.com/kb/2087769
• Bandwidth –  vSphere Replication transfers blocks based on the RPO schedule. If you set an RPO of one hour, vSphere Replication transfers any block that has changed in that hour to meet that RPO. vSphere Replication only transfers the block once in its current state at the moment that vSphere Replication creates the bundle of blocks for transfer. vSphere Replication only registers that the block has changed within the RPO period, not how many times it changed

vSphere Replication deployment

vSphere Replication 6.0 administration guide p. 31

Select cluster and then Actions > deploy OVF template > local file > browse… and so on…

If you don't want to relay on the DHCP you can use fixed IP…. Select a network from the list of available networks, set the IP protocol and IP allocation, and click Next. vSphere Replication supports both DHCP and static IP addresses. You can also change network settings by using the virtual appliance management interface (VAMI) after installation.

And then

Configure VMware Certificate Authority (VMCA) integration with vSphere Replication

You can change the SSL certificate, for example if your company's security policy requires that you use trust by validity and thumbprint or a certificate signed by a certification authority. You change the certificate by using the virtual appliance management interface (VAMI) of the vSphere Replication appliance. For information about the SSL certificates that vSphere Replication uses, see “vSphere Replication Certificate Verification,” on page 45 and “Requirements When Using a Public Key Certificate with vSphere Replication,” on page 46.

Configure Replication for Single/Multiple VMs

Before this, make sure that you have the permissions.

Step 1: Select VM(s) > Right click  > All vSphere Replication Actions > configure Replication

Now if you haven't restarted the vCenter service, you see this (1), because after restart you should see this (2). Also, you'll get some error on the permissions if you don't restart, and so you won't be able to configure the replication for your VMs. That “from the field” experience …

Step 2: Replicate to a vCenter server (or service provider) > select target site > target location…

And enable compression…

Step 3: You can change the RPO settings and enable the Point in time instances on this screen…

Identify vSphere Replication compression methods

vSphere Replication 6.0 administration guide p. 16. The compression settings depends on the version of VR and version of ESXi at the destination. But basically if source or destination has earlier than ESXi 6.0 and VR earlier than 6.0 the compression is not used.

But what's interesting is the fact that if compression is enabled. Quick quote:

However, if the target ESXi host is earlier than 6.0,vSphere Replication prevents vMotion from moving replication source VMs to that host because it does notsupport data compression. This prevents DRS from performing automated vMotion operations to hosts thatdo not support compression. Therefore, if you need to move a replication source VM to an ESXi host earlier than 6.0, before you perform the vMotion operation, you must reconfigure the replication to disable data compression.

Recover a VM using vSphere Replication

vSphere Replication 6.0 administration guide p. 77. With Sphere Replication, you can recover virtual machines that were successfully replicated at the target site. You can recover one virtual machine at a time.

Web client > vSphere replication > Home tab > Monitor > Incoming replication

From there you have two options:

1. Recover with recent changes – Performs a full synchronization of the virtual machine from the source site to the target site before recovering the virtual machine. Selecting this option avoids data loss, but it is only available if the data of the source virtual machine is accessible. You can only select this option if the virtual machine is powered off.
2. Recover with latest available data – Recovers the virtual machine by using the data from the most recent replication on the target site, without performing synchronization. Selecting this option results in the loss of any data that has changed since the most recent replication. Select this option if the source virtual machine is inaccessible or if its disks are corrupted.

You continue and select folder where you want to recover the VM…

Perform a failback operation using vSphere Replication

vSphere Replication 6.0 administration guide p. 79. Failback is manual, it means that after performing a successful recovery on the target vCenter Server site, you can perform failback. You log in to the target site and manually configure a new replication in the reverse direction, from the target site to the source site. The disks on the source site are used as replication seeds, so that vSphere Replication only synchronizes the changes made to the disk files on the target site.

Before you configure a reverse replication, you must unregister the virtual machine from the inventory on the source site.

Determine appropriate backup solution for a given vSphere implementation

Depending on your needs it's necessary to size accordingly your backup solution. You must take into account the daily delta changes within your all environment and see if the product you want to use as a backup solution is suitable. How it scale? What's the limitations?

You must also take into account the possible conflicts with other vSphere products you may be using (vSphere replication, SRM, vCD….). If you're planning to use VDP, than you should certainly check vSphere compatibility matrix.

Tools:

• VMware vSphere® Data Protection™ 6.0
• vSphere Data Protection Administration Guide
• VMware vSphere® Data Protection™ Evaluation Guide
• What’s New in the VMware vSphere® 6.0 Platform
• VMware vSphere Replication Administration
• VDR Data Migration Tool
• VDP Configure Utility
• vSphere Client / vSphere Web Client