Anda di halaman 1dari 24

White Paper

EMC Avamar Backup and Recovery of Virtual Machines within VMwares vCloud Director

Abstract This white paper provides a technical overview of how EMC Avamar deduplication software and system backs up and recovers virtual machines within vApps of VMwares vCloud Director 1.5. This paper includes an indepth review of how Avamar leverages the VMware vStorage APIs for Data Protection (VADP) with Change Block Tracker (CBT) support for VMware images to protect vCloud components such as vApp-based VM images. September 2012

Copyright 2012 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. VMware is a registered trademark of VMware, Inc. All other trademarks used herein are the property of their respective owners. Part Number H11022 Data Protection for virtual machines within vCloud Director 2

Table of Contents
Executive summary ............................................................................................. 4 Introduction .......................................................................................................... 4 Audience....................................................................................................................... 5 Backup & Recovery Options ....................................................................................... 5 EMC Avamar Guest OS protection..................................................................... 6 EMC Avamar Image-level protection ............................................................... 6 Image-level protection: Environment Overview .............................................. 8 VMware vCenter Server .......................................................................................... 8 VMware ESX/ESXi ...................................................................................................... 8 vCloud Director Cells ............................................................................................... 8 vCloud Director Database ...................................................................................... 8 Avamar Universal Image Backup Proxy .................................................................... 9 Avamar File-level Recovery ........................................................................................ 9 Diagram of the Application environment ....................................................... 10 Confirming VM targets in a vCloud Director vApp view ................................... 11 Cross-referencing VM targets in vSphere ............................................................ 12 Setting up Avamar Protection for vCloud Director ......................................... 14 AvamarProtect_vCD output ................................................................................. 15 Representation of vCloud Director components in Avamar ............................ 16 Recovery Options .............................................................................................. 17 Operations management and monitoring ...................................................... 23 Conclusion .......................................................................................................... 24

Data Protection for virtual machines within vCloud Director

Executive summary
vCloud Director has an administrative GUI from which all operations are managed. The resources managed from vCloud Director are abstracted from the underlying vSphere environment that they reside in. A vApp is a virtual system that contains one or more individual virtual machines, along with parameters such as networking and policy details that define how the vApp operates in the virtual environment. Avamar provides the backup & restore infrastructure to protect the virtual machines that reside within vApps built with vCloud Director. Avamar provides the capability to easily discover a complete vCenter instance and import any and all virtual machines based on protection requirements. Avamar enables a vCloud Administrator to leverage powerful image level VM backup for any number of virtual machines within a vApp. Avamar also enables the rapid recovery of complete virtual machines, individual virtual disks, or the granular level recovery of directories or files residing on a single Microsoft Windows or Linux virtual machine within a vApp.

Introduction
This white paper presents Avamar as a backup and recovery solution for virtual machines that are defined within vCloud Director environments. This paper is not intended for implementation purposes but rather seeks to provide an understanding of how Avamar fits within this environment and provide guidance for how to efficiently and easily deploy protection of these virtual machines that are provisioned by vCloud Director. Below are some key terms that the reader will need to be familiar with in reading this paper: vApp is an encapsulation of one or more virtual machines that are created from a catalog or imported from vSphere. vApps allow for cloning, deployment and monitoring of tiered applications that span multiple VMs vCloud Catalogs contain references to virtual machines and media images. Access to catalogs can be limited to a specific organization or shared publically to all organizations within the vCloud Director Environment. vCloud Cells are instances of the vCloud Director server and media images, but also have a VC listener, a Console Proxy, a Presentation Layer (for https: access) and other components vCloud Organization a grouping of resources for a collection of users

Data Protection for virtual machines within vCloud Director

vCloud Virtual Datacenters (vDC) is an allocation mechanism for resources such as networks, storage, CPU and memory Provider vDCs contain all the resources available from the vCloud service provider. Provider vDCs are created and managed by the vCloud Director Administrators. Organization vDCs provide an environment where virtual systems can be stored, deployed, and operated. Organizational vDCs also provide catalogs which contain media, image, and other objects.

Audience
This white paper assumes the reader has a general understanding of the basic vCloud Director constructs described above. It is intended for systems engineers, technical architects, implementation specialists, technical consultants and individuals interested in leveraging the integration of currently shipping products to emerging technologies.

Backup & Recovery Options


There are many options that a backup administrator has available when protecting their virtual environment. This administrator should understand the following protection strategies: Guest OS Backup Requires the installation of an agent to the virtual machines operating system. This approach is the same on virtual machines as it is for protecting physical machines. Image-level Backup Allows the backup admin to protect a virtual machine by capturing the full system image at a point in time. This is most comparable to a bare metal recovery of a physical machine, but has several virtualization-specific calls that conform to the vendors specifications. Avamars image-level backup feature fully leverages the VMware API for Data Protection (VADP). A backup administrator must also decide on the level of protection that the virtual environment requires. More importantly, the choice of application awareness backup type often dictates the recovery granularity for virtual machines. The Recovery Service Level Agreement (SLA) dictates the backup method. Use of a guest agent within the virtual machine (Guest OS) types is not mutually exclusive; in fact, it is common to use both methods for virtual machines that may require application aware backup and recovery requirements. The use of in guest level agents has been dominant in virtual environments where familiarity is valued. Since in-guest emulates long-

Data Protection for virtual machines within vCloud Director

standing best practices already in use for physical machines, it has been the more widely used backup type. However, it does not leverage virtualizations encapsulation benefits and may not be the most efficient implementation for VM backup. For this use case, imagelevel protection takes advantage of multiple technology advances both in the API and the kernel. These include SCSI Hot-Add and Changed Block Tracking (CBT), respectively. On the other hand, image-level backup at present does not offer the guarantee of application-level consistency that Guest backup with its applicationspecific agents/API calls provides today.

EMC Avamar Guest OS protection


Backup Administrators who are transitioning a physical environment to a virtual one typically opt for the virtual machine guest OS backup and recovery approach. This approach allows for a simpler platform transition and will allow administrators to use their existing processes and methodologies. Utilizing the guest OS protection method allows one to protect the virtual machines in the same manner as a physical server. The protection of many different applications and operating systems is possible with Avamar as the product includes a wide array of deployable backup agents. Avamar agents can be deployed at no additional cost. One of the many benefits of protection obtained at this level of backup is application consistency. Furthermore, dedicated agents are also able to automatically perform maintenance tasks such as log truncation/manipulation. Higher levels of deduplication are achievable in most cases by this approach. Another benefit of installing an agent within the guest is that true application recovery is possible. This incorporates the ability to roll forward databases, and start services and other key components that make the recovery simpler when designing a run book for recovery. This is specifically useful for options such as granular Exchange mailbox recovery. In addition, Avamar and its no-charge collection of agents enables application consistent backup of the vCloud Director database.

EMC Avamar Image-level protection


Image-level protection takes advantage of multiple technological advances to meet enterprise scalability requirements by leveraging core VMware vStorage APIs for Data Protection, and by using the tight integration that Avamar provides for ease of management, administration and disaster recovery of vCloud Director vApp VMs.

Data Protection for virtual machines within vCloud Director

The first component that enables efficient vCloud VM image backup is the SCSI hot-add capabilities provided by VMware vSphere. This allows access to a virtual machines VMDK file from another machine in a read-only mode for enhanced protection. SCSI hot-add replaced the legacy and cumbersome copy function that VMware Consolidated Backup provided starting with vSphere 4.0. The release of vSphere 5 has significantly enhanced the speed of operations. vCloud VM backups can leverage existing Avamar features such as changed block tracking (CBT), a feature of the vStorage API that allows the tracking of blocks modified within a VMDK file, alleviating the need to scan and protect all blocks of data. Use of the changed block tracking feature results in less CPU and IO load on your proxy hosts resulting in faster backups and a shorter backup window of individual and groups of vCloud VMs. Leveraging Change Blocked Tracking (CBT) is an industry unique feature for Avamar. When recovering VMs using CBT, results are improved recovery times and reduced CPU and IO load on your server, network, and storage infrastructure.

Data Protection for virtual machines within vCloud Director

The actual nature of this process and the means by which it is employed also brings advantages as the backup processes are offloaded from the production virtual machines. Offloading allows the backup/recovery processing and all the scanning to occur on a separate proxy virtual machine. This process adds only the read requests that are shared by the production VM. With Avamar leveraging this approach one is able to maintain the benefits of source-side deduplication and only process the changes via incremental backups, with the ability for a full recovery option without any additional staging areas or post processing.

Image-level protection: Environment Overview


This section discusses the role of each component required within the environment to enable an image-level data protection solution. VMware vCenter Server vCenter provides a scalable and extensible platform providing the foundation for virtualization management. Avamars discovery and continuous image-level backup and recovery of VMs that form the basis of one or many vApps uses vCenter calls. Although a vApp may span multiple VCs, it is at the VC level where Avamar uses its VADP calls to backup/recover the target VM. VMware ESX/ESXi VMware ESX is an enterprise-level virtualization product. ESX is a component of VMware's larger offering, VMware Infrastructure, which adds management and reliability services to the core server product. The basic server requires some form of persistent storagetypically, an array of hard disk drives for storing the virtualization kernel and support files. The ESX server is used in this solution to host the virtual machines within the virtual environment. vCloud Director Cells VM resources (shared from an ESX host) are instances of the vCloud Director server vCloud Director Database vCloud Director cells use this database to store the shared information for your vCloud. vCloud Director 1.5 supports the use of an Oracle or a Microsoft SQL Server database to store its data. The applications installation and configuration guide contains version specific configuration and requirements. For the configuration described in this paper a vCloud Director appliance was used.

Data Protection for virtual machines within vCloud Director

EMC Avamar EMC Avamar backup and recovery software provides integrated source/global data deduplication. An Avamar agent on the client system (production VMware guide, or Proxy VM for image level backups) deduplicates the data, and then backs it up to an Avamar server (for example, an Avamar Data Store). Unlike traditional backup software, Avamar deduplicates backup data before it is transferred across the network and stored to disk. Additionally, Avamar deduplicates data globally by storing just a single instance of each sub-file, variable length, data segment that it identifies as unique, across all of its protected sites and servers. As a result, Avamar enables rapid, daily full backups even across congested or slow WAN/LAN links and virtual infrastructures. Avamar is used in this solution to not only store the backup data, but also to communicate with vCenter to help manage, monitor, and configure the backup of the virtual infrastructure.

Avamar Universal Image Backup Proxy


Avamar Universal Image Proxies are a key element of image level protection. They are delivered as vSphere-deployable OVA templates. An OVA template contains a packaged image proxy virtual machine that includes both VMware and Avamar code for the purpose of image-level backups and recoveries. This machine is configured with two CPUs and requires 2 GB of memory. Avamar Image Proxy machines use the vSphere APIs to mount the virtual machine files that require protection. The administrator has the flexibility to deploy multiple proxies based on ones operating system environment requirements. Multiple proxy deployments allow simultaneous backups and recoveries. The universal image proxy provides the capability to protect either Windows or Linux machines. Avamar customers can deploy Univeral Image Backup Proxies at no additional cost for the software.

Avamar File-level Recovery


The Avamar Universal Image proxy supports file level recovery for both Windows or Linux virtual machines. It leverages the Avamar Virtual File System (AvFS) to create a browsable view within a virtual machines VMDK file for easy, granular recovery.

Data Protection for virtual machines within vCloud Director

Diagram of the Application environment


Avamar 6.1 vSphere 5.0 VMware Cloud Director 1.5

Figure 1. vCloud Director Application Overview

Data Protection for virtual machines within vCloud Director

10

Confirming VM targets in a vCloud Director vApp view vCloud Director organizes VMs into a vApp. A vApp contains one or many VMs that may require protection. Once a vApp is defined, the user can add virtual machines and utilize the infrastructure made available (network, and catalog) to that organization to accomplish the tasks assigned to that VM. When a VM is created in vCloud Director, the machine is also presented and made available to the corresponding resouce pool element in vSphere. It this relationship that enables Avamar to provide image protection to that vApps VMs. Figure 2. below shows the vApp view from perspective of vCloud Director. The vApp named Skynet Web Services houses 2 Virtual Machines.

Figure 2. vCloud Director vApp view

Data Protection for virtual machines within vCloud Director

11

Cross-referencing VM targets in vSphere Figure 3. below shows an expanded view of the Virtual Center tree displaying the various vApps VMs. VMs named in vCloud Director will be presented with a GUID in parentheses in vCenter.

Figure 3. vCloud Resources as displayed in vCenter

Figure 4. vCloud Director Organization View

Data Protection for virtual machines within vCloud Director

12

Figure 4. above shows the organizations in vCloud Director in relation to how it is presented above in vCenter.

Figure 5. Machine Name in vCD and vSphere Figure 5. Above shows the properties view of a virtual machine in a vApp in vCloud Director, and the machine name as it appears in vSphere. Avamar will read in the name from vSphere when this vm is imported.

Data Protection for virtual machines within vCloud Director

13

Setting up Avamar Protection for vCloud Director


To protect the virtual machines defined in vCloud Director within Avamar, perform the following steps: 1. Import the vSphere Virtual Center. 2. To protect all of the VMs within a vCloud Directors organizations-> virtual data centers (vDC)->vApps obtain the AvamarProtect_vCD_ps.zip file. Note: These scripts are unofficial and not supported by EMC support. Theyre provided on a as-is use at your own risk basis. Theyve been qualified to work with Avamar 6.1, vCloud Director 1.5 and vSphere 5.0.x. 3. Unzip the file and refer to the README.txt file on the setup of the scripts. 4. Once the Avamar_Protect_vCD.ps1 script has been configured execute it and it will perform the following: a. Uses VMware PowerCLI commands to discover all organizations (orgs) in vCloud Director b. Establishes a secure shell connection to the Avamar utility node. c. Proceeds to discover all orgs virtual data centers (org-vDCs) for each configured organization d. Discovers the configured vApps residing in each org-vdc. e. Discovers the VM's in each vApp. f. From this resulting information, for each VM it imports them into the Avamar Server configuration and adds it to an Avamar Backup Policy Group which is configured to perform VMware Image Backup using the VMware vStorage APIs for Data Protection (VADP) using a set schedule and specific retention. g. Finally, the script automatically works to assign specific Avamar Proxy VMs configured in the VMware environment to the Avamar Policy Group.

Data Protection for virtual machines within vCloud Director

14

AvamarProtect_vCD output

Once you see the message "Press enter to complete...:" feel free to analyze the output. When you are finished hit the "Enter/Return" key to exit the script.

Data Protection for virtual machines within vCloud Director

15

Representation of vCloud Director components in Avamar

Figure 6. vCD components in Avamar

Data Protection for virtual machines within vCloud Director

16

Recovery Options
EMC Avamar allows image level backup to protect the defined virtual machines in your vApp on a scheduled or ad hoc basis. There are three recovery options that can be used to restore data: 1. Use Avamar File Level Recovery leveraging the universal proxy 2. Use Avamar disk level recovery. 3. Restore the entire VM out of place and import back into vCD. Once the VMs are protected any individual drive can be restored. This includes data drives with assigned nomenclature such as X:\, Y:\, Z:\ or a systems complete set of drives including the operating systems drive with all content such as C:\. boot drive. With Avamar v6.1, administrators also have the ability to backup individual virtual disks as opposed to the entire VM. In the case of a single data drive restore one can use the new Avamar 6.1 virtual disk restore option for a VM. This allows adminstrators to recover individual vmdks directly to the a virtual machine, regardless of whether or not the VM is part of a vApp. Individual file-level recoveries are also enabled in vCloud Director environments. However, In the event of a complete loss of a VM or group of VMs from a running vApp, a redirected restore is required and then the newly restored VMs must be imported into a catalog. Once the restored machine is present in a catalog, the VM(s) can be imported into the target vApp and then powered up to resume operations. Use Case 1 - Loss of a critical file from a VM inside of a vApp A user of a virtual machine that was part of a vApp has deleted a single file or directory from the vm and requires that it be restored. This case assumes a complete VM image backup of the VM exists in Avamar. To recover a critical file or directory that has been deleted off a VM running inside of the vApp, perform the following steps: 1. Launch Avamar and select the backup and restore icon from the launcher. 2. Expand the navigation tree and browse to the vApps VM from which you want to restore the file from. 3. Select the desired date from the calendar and backup from the available backups in the displayed table. 4. In the UI below the calendar there are two small icons. One an icon of two small folders when moused over displays the tool tip Browse

Data Protection for virtual machines within vCloud Director

17

Granular Restore. Selecting this option will mount a Windows Explorer like tree view of the drives and their content from the image backup. 5. Expand down to the file or folder to be restored. 6. Right click on the file or folder and choose Restore Now from the menu displayed. 7. Using the default option that will restore everything to its original location choose OK. 8. Enter in the username and password of the administrative account on the VM and choose ok. This will initiate the granular file recovery and restore the file or folder from the image backup of the VM. 9. Select the activity monitor in the Avamar UI to view the jobs progress. 10. Once the job is complete, login to the virtual machine and verify the file is available.

Figure 7. File Level Restore of VM in a vApp

Data Protection for virtual machines within vCloud Director

18

Use Case 2. Loss of a Data Drive from running VM in vApp. A data drive that was presented to a vApps VM has become corrupt, unavailable, or in some way inaccessible and needs to be recovered. 1. Within the Avamar Administrator UI navigate to the Backup and Restore interface and select the VM in the tree. Select backup and restore from the UI. Select the virtual machine that is part of the vApp from the discovered VC in the tree. 2. Power off the VM for the disk to be restored. 3. Select the restore tab and specify a date that encompasses the backup that included the drive requiring recovery. 4. Once the icon for image becomes available, select the appropriate drive and choose restore now.

5. 6. Power up the VM and verify the disk has been restored and available to the host.

Data Protection for virtual machines within vCloud Director

19

Use Case 3. Complete loss of a mission critical VM from a vApp This section describes how to recover an entire lost/corrupt virtual machine that was part of a vApp. This case assumes a complete VM image backup of the VM exists in Avamar. From vCloud Director select one of the machines in the vApp right click and delete it. In the example below, we will use the VM wguest01. This will effectively remove it from vCloud as an available machine, and additionally it will remove all of the resources from vSphere for this machine. In the Organizations vApp view verify that the target vm is no longer present. 1. Launch Avamar to restore the deleted VM. Browse to the Restore tab and select a valid date from the calendar in the UI. Select the vm image time stamped backup from the tabular view presented, select All Virtual Disks, Right click and choose Restore Now. From the drop down, choose Restore to a different machine.

2. 3. Give this new machine a name, choose the Configure Destination button. Enter all the relevant information to finish the restore request and verify the restore using Activity monitor. Once the host is created, leave it in a powered off state. 4. Launch vCloud Director and navigate to your Organization. One should be able to see the VMs in your vApp from the VM view in the tree. Data Protection for virtual machines within vCloud Director 20

5. Select the orphaned VM, make a note of its name and delete it 6. Login to vCloud Director and navigate to a public catalog and import the VM from vSphere:

7. Once the VM has been imported back into the catalog select the vApp which used to contain the VM. 8. Now import the VM from the catalog back into the vApp:

9. 10. Configure the VM to have the name of the VM that was deleted and remember to assign it the same IP address. Select the tab Guest OS Customization and enable guest customization. Navigate to the General tab in the properties tab, and full name, and enter computer name. Data Protection for virtual machines within vCloud Director 21

11. Select the Hardware tab. In the Nics area located under Network select add network, then "organization network, choose the network you have configured. Once it is created, you can select the VM in the vApp and move it to the original location. 12. Power the VM on to verify that it is available and accessible. 13. Edit the Avamar group by removing the previous instance of this new VM from the Avamar group, and then add the new instance to ensure that backups that run now include this new VM. 14. Once this new instance of the machine is added to the group run an on demand backup and verify the backup was a success in the Avamar Activity UI. * NOTE: Do not delete the VM directly from vSphere. Although this will remove the VM, it does not do a clean delete. Backups of the machine that is deleted from vSphere and not vCloud Director will fail after it is restored due to locking issues.

Data Protection for virtual machines within vCloud Director

22

Operations management and monitoring


Figure 12. below shows an overlay of the Avamar Activity monitor over the vCenter UI where the snapshot creation process and activity of the proxy can be monitored and observed.

Figure 12. Operation Management and Monitoring

Data Protection for virtual machines within vCloud Director

23

Conclusion
vCloud Director is an ideal product for organizations that require rapid deployment of virtual environments that are intended for short or long-term duration usage such as development, test, or demonstration application environments. Additionally, as the market moves into an infrastructureprovisioned paradigm where chargeback and continuous monitoring are core offerings, the need for reliable and rapid backup and restore capabilities are mission critical. Avamars tight integration and use of the VMware APIs ensure that data protection is current with vCloud Directors ability to deploy on-demand public or private virtual environments. As this paper has demonstrated Avamar provides flexible image-level and Guest OS protection to meet individual VM and vCloud Directors infrastructure (vCloud database) backup and recovery requirements.

Data Protection for virtual machines within vCloud Director

24