Upload
man2454
View
296
Download
1
Embed Size (px)
Citation preview
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
1/24
White Paper
Abstract
This white paper provides a technical overview of how
EMCAvamardeduplication software and system
backs up and recovers virtual machines within vApps of
VMwares vCloud Director 1.5. This paper includes an in-
depth review of how Avamar leverages the VMware
vStorage APIs for Data Protection (VADP) with ChangeBlock Tracker (CBT) support for VMware images to
protect vCloud components such as vApp-based VM
images.
September 2012
EMC Avamar Backup and Recovery of
Virtual Machines within VMwares
vCloud Director
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
2/24
2Data Protection for virtual machines within vCloud Director
Copyright 2012 EMC Corporation. All Rights Reserved.
EMC believes the information in this publication is
accurate of its publication date. The information issubject to change without notice.
The information in this publication is provided as is.
EMC Corporation makes no representations or
warranties of any kind with respect to the information inthis publication, and specifically disclaims implied
warranties of merchantability or fitness for a particular
purpose.
Use, copying, and distribution of any EMC software
described in this publication requires an applicable
software license.
For the most up-to-date listing of EMC product names,
see EMC Corporation Trademarks on EMC.com.
VMware is a registered trademark of VMware, Inc. Allother trademarks used herein are the property of their
respective owners.
Part Number H11022
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
3/24
3Data Protection for virtual machines within vCloud Director
Table of Contents
Executive summary ............................................................................................. 4Introduction .......................................................................................................... 4
Audience ....................................................................................................................... 5Backup & Recovery Options ....................................................................................... 5
EMC Avamar Guest OS protection ..................................................................... 6EMC Avamar Image-level protection ............................................................... 6Image-level protection: Environment Overview .............................................. 8
VMware vCenter Server .......................................................................................... 8VMware ESX/ESXi ...................................................................................................... 8vCloud Director Cells ............................................................................................... 8vCloud Director Database ...................................................................................... 8
Avamar Universal Image Backup Proxy .................................................................... 9Avamar File-level Recovery ........................................................................................ 9
Diagram of the Application environment ....................................................... 10Confirming VM targets in a vCloud Director vApp view ................................... 11Cross-referencing VM targets in vSphere ............................................................ 12
Setting up Avamar Protection for vCloud Director ......................................... 14AvamarProtect_vCD output ................................................................................. 15Representation of vCloud Director components in Avamar ............................ 16
Recovery Options .............................................................................................. 17Operations management and monitoring ...................................................... 23Conclusion .......................................................................................................... 24
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
4/24
4Data Protection for virtual machines within vCloud Director
Executive summary
vCloud Director has an administrative GUI from which all operations are
managed. The resources managed from vCloud Director are abstracted
from the underlying vSphere environment that they reside in. A vApp is a
virtual system that contains one or more individual virtual machines, along
with parameters such as networking and policy details that define how thevApp operates in the virtual environment.
Avamar provides the backup & restore infrastructure to protect the virtual
machines that reside within vApps built with vCloud Director. Avamar
provides the capability to easily discover a complete vCenter instance
and import any and all virtual machines based on protection
requirements. Avamar enables a vCloud Administrator to leveragepowerful image level VM backup for any number of virtual machines
within a vApp. Avamar also enables the rapid recovery of complete virtual
machines, individual virtual disks, or the granular level recovery of
directories or files residing on a single Microsoft Windows or Linux virtualmachine within a vApp.
Introduction
This white paper presents Avamar as a backup and recovery solution for
virtual machines that are defined within vCloud Director environments. This
paper is not intended for implementation purposes but rather seeks to
provide an understanding of how Avamar fits within this environment and
provide guidance for how to efficiently and easily deploy protection of
these virtual machines that are provisioned by vCloud Director.
Below are some key terms that the reader will need to be familiar with in
reading this paper:
vApp is an encapsulation of one or more virtual machines that are created
from a catalog or imported from vSphere. vApps allow for cloning,
deployment and monitoring of tiered applications that span multiple VMs
vCloud Catalogs contain references to virtual machines and media
images. Access to catalogs can be limited to a specific organization or
shared publically to all organizations within the vCloud Director
Environment.
vCloud Cells are instances of the vCloud Director server and media
images, but also have a VC listener, a Console Proxy, a Presentation Layer
(for https: access) and other components
vCloud Organization a grouping of resources for a collection of users
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
5/24
5Data Protection for virtual machines within vCloud Director
vCloud Virtual Datacenters (vDC) is an allocation mechanism for resources
such as networks, storage, CPU and memory
Provider vDCs contain all the resources available from the vCloud service
provider. Provider vDCs are created and managed by the vCloud Director
Administrators.
Organization vDCs provide an environment where virtual systems can bestored, deployed, and operated. Organizational vDCs also provide
catalogs which contain media, image, and other objects.
Audience
This white paper assumes the reader has a general understanding of the
basic vCloud Director constructs described above. It is intended for
systems engineers, technical architects, implementation specialists,technical consultants and individuals interested in leveraging the
integration of currently shipping products to emerging technologies.
Backup & Recovery Options
There are many options that a backup administrator has available when
protecting their virtual environment. This administrator should understand
the following protection strategies:
Guest OS Backup Requires the installation of an agent to the virtualmachines operating system. This approach is the same on virtual
machines as it is for protecting physical machines.
Image-level Backup Allows the backup admin to protect a virtualmachine by capturing the full system image at a point in time. This is
most comparable to a bare metal recovery of a physical machine, buthas several virtualization-specific calls that conform to the vendors
specifications. Avamars image-level backup feature fully leverages
the VMware API for Data Protection (VADP).
A backup administrator must also decide on the level of protection thatthe virtual environment requires. More importantly, the choice of
application awareness backup type often dictates the recovery
granularity for virtual machines.
The Recovery Service Level Agreement (SLA) dictates the backup
method. Use of a guest agent within the virtual machine (Guest OS)types is not mutually exclusive; in fact, it is common to use both
methods for virtual machines that may require application awarebackup and recovery requirements.
The use of in guest level agents has been dominant in virtual
environments where familiarity is valued. Since in-guest emulates long-
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
6/24
6Data Protection for virtual machines within vCloud Director
standing best practices already in use for physical machines, it has
been the more widely used backup type. However, it does not
leverage virtualizations encapsulation benefits and may not be the
most efficient implementation for VM backup. For this use case, image-
level protection takes advantage of multiple technology advances
both in the API and the kernel. These include SCSI Hot-Add and
Changed Block Tracking (CBT), respectively. On the other hand,image-level backup at present does not offer the guarantee of
application-level consistency that Guest backup with its application-
specific agents/API calls provides today.
EMC Avamar Guest OS protection
Backup Administrators who are transitioning a physical environment to a
virtual one typically opt for the virtual machine guest OS backup and
recovery approach. This approach allows for a simpler platform transition
and will allow administrators to use their existing processes and
methodologies. Utilizing the guest OS protection method allows one toprotect the virtual machines in the same manner as a physical server.
The protection of many different applications and operating systems is
possible with Avamar as the product includes a wide array of deployable
backup agents. Avamar agents can be deployed at no additional cost.
One of the many benefits of protection obtained at this level of backup is
application consistency. Furthermore, dedicated agents are also able to
automatically perform maintenance tasks such as log
truncation/manipulation. Higher levels of deduplication are achievable in
most cases by this approach.
Another benefit of installing an agent within the guest is that true
application recovery is possible. This incorporates the ability to roll forward
databases, and start services and other key components that make the
recovery simpler when designing a run book for recovery. This is
specifically useful for options such as granular Exchange mailbox recovery.
In addition, Avamar and its no-charge collection of agents enables
application consistent backup of the vCloud Director database.
EMC Avamar Image-level protection
Image-level protection takes advantage of multiple technologicaladvances to meet enterprise scalability requirements by leveraging core
VMware vStorage APIs for Data Protection, and by using the tight
integration that Avamar provides for ease of management, administration
and disaster recovery of vCloud Director vApp VMs.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
7/24
7Data Protection for virtual machines within vCloud Director
The first component that enables efficient vCloud VM image backup is the
SCSI hot-add capabilities provided by VMware vSphere. This allows access
to a virtual machines VMDK file from another machine in a read-only
mode for enhanced protection. SCSI hot-add replaced the legacy and
cumbersome copy function that VMware Consolidated Backup provided
starting with vSphere 4.0.
The release of vSphere 5 has significantly enhanced the speed of
operations. vCloud VM backups can leverage existing Avamar features
such as changed block tracking (CBT), a feature of the vStorage API that
allows the tracking of blocks modified within a VMDK file, alleviating the
need to scan and protect all blocks of data. Use of the changed block
tracking feature results in less CPU and IO load on your proxy hosts resulting
in faster backups and a shorter backup window of individual and groups
of vCloud VMs. Leveraging Change Blocked Tracking (CBT) is an industryunique feature for Avamar. When recovering VMs using CBT, results are
improved recovery times and reduced CPU and IO load on your server,
network, and storage infrastructure.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
8/24
8Data Protection for virtual machines within vCloud Director
The actual nature of this process and the means by which it is employed
also brings advantages as the backup processes are offloaded from the
production virtual machines. Offloading allows the backup/recovery
processing and all the scanning to occur on a separate proxy virtual
machine. This process adds only the read requests that are shared by the
production VM.
With Avamar leveraging this approach one is able to maintain the benefits
of source-side deduplication and only process the changes via
incremental backups, with the ability for a full recovery option without any
additional staging areas or post processing.
Image-level protection: Environment Overview
This section discusses the role of each component required within theenvironment to enable an image-level data protection solution.
VMware vCenter Server
vCenter provides a scalable and extensible platform providing thefoundation for virtualization management.
Avamars discovery and continuous image-level backup and recovery of
VMs that form the basis of one or many vApps uses vCenter calls.
Although a vApp may span multiple VCs, it is at the VC level where
Avamar uses its VADP calls to backup/recover the target VM.
VMware ESX/ESXi
VMware ESX is an enterprise-level virtualization product. ESX is a
component of VMware's larger offering, VMware Infrastructure, which
adds management and reliability services to the core server product. Thebasic server requires some form of persistent storagetypically, an array of
hard disk drives for storing the virtualization kernel and support files. The ESX
server is used in this solution to host the virtual machines within the virtual
environment.
vCloud Director Cells
VM resources (shared from an ESX host) are instances of the vCloud Director
server
vCloud Director Database
vCloud Director cells use this database to store the shared information foryour vCloud. vCloud Director 1.5 supports the use of an Oracle or a
Microsoft SQL Server database to store its data. The applications
installation and configuration guide contains version specific configuration
and requirements. For the configuration described in this paper a vCloud
Director appliance was used.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
9/24
9Data Protection for virtual machines within vCloud Director
EMC Avamar
EMC Avamar backup and recovery software provides integrated
source/global data deduplication. An Avamar agent on the client system
(production VMware guide, or Proxy VM for image level backups)
deduplicates the data, and then backs it up to an Avamar server (for
example, an Avamar Data Store). Unlike traditional backup software,
Avamar deduplicates backup data before it is transferred across the
network and stored to disk. Additionally, Avamar deduplicates data
globally by storing just a single instance of each sub-file, variable length,
data segment that it identifies as unique, across all of its protected sites
and servers. As a result, Avamar enables rapid, daily full backups even
across congested or slow WAN/LAN links and virtual infrastructures.
Avamar is used in this solution to not only store the backup data, but also
to communicate with vCenter to help manage, monitor, and configure
the backup of the virtual infrastructure.
Avamar Universal Image Backup Proxy
Avamar Universal Image Proxies are a key element of image level
protection. They are delivered as vSphere-deployable OVA templates. An
OVA template contains a packaged image proxy virtual machine that
includes both VMware and Avamar code for the purpose of image-level
backups and recoveries. This machine is configured with two CPUs and
requires 2 GB of memory. Avamar Image Proxy machines use the vSphere
APIs to mount the virtual machine files that require protection. Theadministrator has the flexibility to deploy multiple proxies based on ones
operating system environment requirements. Multiple proxy deployments
allow simultaneous backups and recoveries. The universal image proxy
provides the capability to protect either Windows or Linux machines.
Avamar customers can deploy Univeral Image Backup Proxies at no
additional cost for the software.
Avamar File-level Recovery
The Avamar Universal Image proxy supports file level recovery for bothWindows or Linux virtual machines. It leverages the Avamar Virtual File
System (AvFS) to create a browsable view within a virtual machines VMDK
file for easy, granular recovery.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
10/24
1Data Protection for virtual machines within vCloud Director
Diagram of the Application environment
Avamar 6.1
vSphere 5.0
VMware Cloud Director 1.5
Figure 1. vCloud Director Application Overview
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
11/24
1Data Protection for virtual machines within vCloud Director
Confirming VM targets in a vCloud Director vApp view
vCloud Director organizes VMs into a vApp. A vApp contains one or many
VMs that may require protection. Once a vApp is defined, the user can
add virtual machines and utilize the infrastructure made available
(network, and catalog) to that organization to accomplish the tasksassigned to that VM.
When a VM is created in vCloud Director, the machine is also presented
and made available to the corresponding resouce pool element in
vSphere. It this relationship that enables Avamar to provide image
protection to that vApps VMs.
Figure 2. below shows the vApp view from perspective of vCloud Director.
The vApp named Skynet Web Services houses 2 Virtual Machines.
Figure 2. vCloud Director vApp view
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
12/24
1Data Protection for virtual machines within vCloud Director
Cross-referencing VM targets in vSphere
Figure 3. below shows an expanded view of the Virtual Center tree
displaying the various vApps VMs. VMs named in vCloud Director will be
presented with a GUID in parentheses in vCenter.
Figure 3. vCloud Resources as displayed in vCenter
Figure 4. vCloud Director Organization View
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
13/24
1Data Protection for virtual machines within vCloud Director
Figure 4. above shows the organizations in vCloud Director in relation to
how it is presented above in vCenter.
Figure 5. Machine Name in vCD and vSphere
Figure 5. Above shows the properties view of a virtual machine in a vApp in
vCloud Director, and the machine name as it appears in vSphere. Avamar
will read in the name from vSphere when this vm is imported.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
14/24
1Data Protection for virtual machines within vCloud Director
Setting up Avamar Protection for vCloud Director
To protect the virtual machines defined in vCloud Director within Avamar,
perform the following steps:
1. Import the vSphere Virtual Center.2. To protect all of the VMs within a vCloud Directors organizations->
virtual data centers (vDC)->vApps obtain theAvamarProtect_vCD_ps.zip file. Note: These scripts are unofficialand not supported by EMC support. Theyre provided on a as-is use
at your own risk basis. Theyve been qualified to work with Avamar
6.1, vCloud Director 1.5 and vSphere 5.0.x.
3. Unzip the file and refer to the README.txt file on the setup of thescripts.
4. Once the Avamar_Protect_vCD.ps1 script has been configuredexecute it and it will perform the following:
a. Uses VMware PowerCLI commands to discover allorganizations (orgs) in vCloud Director
b. Establishes a secure shell connection to the Avamar utilitynode.
c. Proceeds to discover all orgs virtual data centers (org-vDCs)for each configured organization
d. Discovers the configured vApps residing in each org-vdc.e. Discovers the VM's in each vApp.f. From this resulting information, for each VM it imports them into the
Avamar Server configuration and adds it to an Avamar Backup Policy
Group which is configured to perform VMware Image Backup using
the VMware vStorage APIs for Data Protection (VADP) using a set
schedule and specific retention.
g. Finally, the script automatically works to assign specific Avamar ProxyVMs configured in the VMware environment to the Avamar Policy
Group.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
15/24
1Data Protection for virtual machines within vCloud Director
AvamarProtect_vCD output
Once you see the message "Press enter to complete...:" feel free to analyze the output.
When you are finished hit the "Enter/Return" key to exit the script.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
16/24
1Data Protection for virtual machines within vCloud Director
Representation of vCloud Director components in Avamar
Figure 6. vCD components in Avamar
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
17/24
1Data Protection for virtual machines within vCloud Director
Recovery Options
EMC Avamar allows image level backup to protect the defined virtual
machines in your vApp on a scheduled or ad hoc basis. There are three
recovery options that can be used to restore data:
1. Use Avamar File Level Recovery leveraging the universal proxy2. Use Avamar disk level recovery.3. Restore the entire VM out of place and import back into vCD.
Once the VMs are protected any individual drive can be restored. This
includes data drives with assigned nomenclature such as X:\, Y:\, Z:\ or a
systems complete set of drives including the operating systems drive with
all content such as C:\. boot drive. With Avamar v6.1, administrators also
have the ability to backup individual virtual disks as opposed to the entireVM.
In the case of a single data drive restore one can use the new Avamar 6.1
virtual disk restore option for a VM. This allows adminstrators to recoverindividual vmdks directly to the a virtual machine, regardless of whether or
not the VM is part of a vApp. Individual file-level recoveries are also
enabled in vCloud Director environments.
However, In the event of a complete loss of a VM or group of VMs from a running
vApp, a redirected restore is required and then the newly restored VMs must be
imported into a catalog. Once the restored machine is present in a catalog, the
VM(s) can be imported into the target vApp and then powered up to resume
operations.
Use Case 1 - Loss of a critical file from a VM inside of a vApp
A user of a virtual machine that was part of a vApp has deleted a single
file or directory from the vm and requires that it be restored.
This case assumes a complete VM image backup of the VM exists in
Avamar.
To recover a critical file or directory that has been deleted off a VM
running inside of the vApp, perform the following steps:
1. Launch Avamar and select the backup and restore icon from thelauncher.
2. Expand the navigation tree and browse to the vApps VM from whichyou want to restore the file from.
3. Select the desired date from the calendar and backup from theavailable backups in the displayed table.
4. In the UI below the calendar there are two small icons. One an icon oftwo small folders when moused over displays the tool tip Browse
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
18/24
1Data Protection for virtual machines within vCloud Director
Granular Restore. Selecting this option will mount a Windows Explorer
like tree view of the drives and their content from the image backup.
5. Expand down to the file or folder to be restored.6. Right click on the file or folder and choose Restore Now from the menu
displayed.
7. Using the default option that will restore everything to its originallocation choose OK.
8. Enter in the username and password of the administrative account onthe VM and choose ok. This will initiate the granular file recovery and
restore the file or folder from the image backup of the VM.
9. Select the activity monitor in the Avamar UI to view the jobs progress.10.Once the job is complete, login to the virtual machine and verify the
file is available.
Figure 7. File Level Restore of VM in a vApp
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
19/24
1Data Protection for virtual machines within vCloud Director
Use Case 2. Loss of a Data Drive from running VM in vApp.
A data drive that was presented to a vApps VM has become corrupt,
unavailable, or in some way inaccessible and needs to be recovered.
1. Within the Avamar Administrator UI navigate to the Backup and Restoreinterface and select the VM in the tree. Select backup and restore
from the UI. Select the virtual machine that is part of the vApp from thediscovered VC in the tree.
2. Power off the VM for the disk to be restored.3. Select the restore tab and specify a date that encompasses the
backup that included the drive requiring recovery.
4. Once the icon for image becomes available, select the appropriatedrive and choose restore now.
5.6. Power up the VM and verify the disk has been restored and available to
the host.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
20/24
2Data Protection for virtual machines within vCloud Director
Use Case 3. Complete loss of a mission critical VM from a vApp
This section describes how to recover an entire lost/corrupt virtual machine
that was part of a vApp.
This case assumes a complete VM image backup of the VM exists in
Avamar. From vCloud Director select one of the machines in the vApp
right click and delete it. In the example below, we will use the VM wguest-
01. This will effectively remove it from vCloud as an available machine, andadditionally it will remove all of the resources from vSphere for this
machine.
In the Organizations vApp view verify that the target vm is no longer
present.
1. Launch Avamar to restore the deleted VM. Browse to the Restoretab and select a valid date from the calendar in the UI. Select the
vm image time stamped backup from the tabular view presented,
select All Virtual Disks, Right click and choose Restore Now. From
the drop down, choose Restore to a different machine.
2.3. Give this new machine a name, choose the
Configure Destination button. Enter all the relevant informationto finish the restore request and verify the restore using Activity
monitor. Once the host is created, leave it in a powered off state.
4. Launch vCloud Director and navigate to your Organization. Oneshould be able to see the VMs in your vApp from the VM view in the
tree.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
21/24
2Data Protection for virtual machines within vCloud Director
5. Select the orphaned VM, make a note of its name and delete it6. Login to vCloud Director and navigate to a public catalog and
import the VM from vSphere:
7. Once the VM has been imported back into the catalog select thevApp which used to contain the VM.
8. Now import the VM from the catalog back into the vApp:
9.10.Configure the VM to have the name of the VM that was deleted
and remember to assign it the same IP address.
Select the tab Guest OS Customization and enable guestcustomization. Navigate to the General tab in the properties tab,
and full name, and enter computer name.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
22/24
2Data Protection for virtual machines within vCloud Director
11.Select the Hardware tab. In the Nics area located under Networkselect add network, then "organization network, choose the
network you have configured. Once it is created, you can select the
VM in the vApp and move it to the original location.
12.Power the VM on to verify that it is available and accessible.13.Edit the Avamar group by removing the previous instance of this
new VM from the Avamar group, and then add the new instance toensure that backups that run now include this new VM.
14.Once this new instance of the machine is added to the group run anon demand backup and verify the backup was a success in the
Avamar Activity UI.
* NOTE: Do not delete the VM directly from vSphere. Although this will
remove the VM, it does not do a clean delete. Backups of the machine
that is deleted from vSphere and not vCloud Director will fail after it is
restored due to locking issues.
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
23/24
2Data Protection for virtual machines within vCloud Director
Operations management and monitoring
Figure 12. below shows an overlay of the Avamar Activity monitor over the
vCenter UI where the snapshot creation process and activity of the proxy
can be monitored and observed.
Figure 12. Operation Management and Monitoring
7/27/2019 Avamar vCloud Director Backup and Recovery.pdf
24/24
2Data Protection for virtual machines within vCloud Director
Conclusion
vCloud Director is an ideal product for organizations that require rapid
deployment of virtual environments that are intended for short or long-term
duration usage such as development, test, or demonstration application
environments. Additionally, as the market moves into an infrastructure-provisioned paradigm where chargeback and continuous monitoring are
core offerings, the need for reliable and rapid backup and restore
capabilities are mission critical. Avamars tight integration and use of the
VMware APIs ensure that data protection is current with vCloud Directorsability to deploy on-demand public or private virtual environments. As this
paper has demonstrated Avamar provides flexible image-level and Guest
OS protection to meet individual VM and vCloud Directors infrastructure
(vCloud database) backup and recovery requirements.