High Availability and Disaster Recovery Considerations for Microsoft Hyper-V

Bob RoudebushDouble-Take SoftwareWSV311

Agenda

Hyper-V Virtualization ScenariosHow VM Availability, Disaster Recovery and Backup/Recovery Relate to Business ContinuityAnatomy of a Hyper-V Virtual MachineBackup/HA/DR for Hyper-V

Backup/Recovery Implications for Hyper-V VMsHigh Availability Implications for Hyper-V VMsDisaster Recovery Implications for Hyper-V VMs

Geo-Clustered Hyper-V VM DemonstrationSummary / Q&A

Hyper-V Virtualization Scenarios

Business Continuity

Dynamic Datacenter

Server Consolidation

Test and Dev

Business ContinuityResumption of full operations combining People, Processes and Platforms

Disaster RecoverySite-level crisis , data and IT operations resumption

Backup and RestorePresumes infrastructure is whole97% is file/small unit related

High AvailabilityPresumes that the rest of the environment is active

Keeping the Business Running

VHD

Shared Storage

Backup/Recovery

Secondary SitePrimary Site

Storage Array

Storage Array

Virtualization reduces BC costs and minimizes business downtime by:

• increasing the availability of infrastructure• extending protection to more applications • simplifying backups, recovery and DR testing

Business Continuity

High Availability

Disaster Recovery

Backup and Recovery

Disaster Recovery

Backup/Recovery Backup/Recovery

Clustering

Quick/Live Migration

Business Continuity w/Virtualization

The Architecture of Hyper-V

Windows Server 2008

VSPWindows Kernel

Applications Applications Applications

Non-Hypervisor Aware OS

Windows Server 2003, 2008

Windows Kernel VSC

VMBus Emulation

“Designed for Windows” Server Hardware

Windows Hypervisor

Xen-Enabled Linux Kernel

Linux VSC

Hypercall Adapter

Parent Partition

Child Partitions

VM Service

WMI Provider

VM Worker Processes

User Mode

Kernel Mode

Ring -1

IHV Drivers

VMBus

VMBus

Applications

The Anatomy of a Hyper-V VM

.VHD – VM data

.AVHD – VM snapshots

*.BIN – Contents of VM RAM for a saved state

*.VSV – Saved state information (i.e., processor register data)

*.XML – VM configuration information in an industry-standard XML file

The Anatomy of a Hyper-V VM

The Anatomy of a Hyper-V VMAll VMs are assigned a unique GUID:

<logical_id type="string">056B19F3…FAD06C76416D</logical_id>

All snapshots are assigned a GUID – used to identify the snapshot and construct relative paths to .AVHDs:

<guid type="string">53E0AC2C…EE46C4F495D4</guid>

Both the virtualized NIC(s) in the VM as well as the virtual switch(es) on the host are assigned a GUID:

<ChannelInstanceGuid type="string">{bc66…}</ChannelInstanceGuid>

<SwitchName type="string">Switch-SM-847f89…</SwitchName>

Permissions related to Hyper-VM are important to consider:<sid type="string">S-1-5-2…</sid>

VM Backup/Recovery Challenges

Expense – Loading Agents in Each Guest OSProtecting Virtualized Applications (Exchange, SQL, etc.)VMs may Increase Backup/Restore ComplexityBacking up “in the guest” Versus “outside the guest” – Image or file –level recoveryRestoring to different hardware if necessary

Some VM Backup Terminology

File-Level Backup – “In the Guest”Image-Level Backup – “On the Host”Application QuiescingO/S Crash ConsistencyApplication Crash Consistency

Types of VM Backups

Three types of BackupsBacking up the host system

May be necessary to maintain host configurationBut often, not completely necessaryThe fastest fix for a broken host is often a complete rebuild

Backing up Virtual Disk FilesFast and can be done from a single host-based backup clientChallenging to do file-level restore

Backing up VM’s from inside the VMSlower and requires backup clients in every VM.Resource intensive on hostCapable of doing file-level restores

Challenges of Transactional DBs

O/S Crash Consistency is fairly easyQuiesce the NTFS file system before beginning the backup

Application Crash Consistency is much harderTx databases like AD, Exchange and SQL don’t quiesce just because NTFS does

Restoration without crash consistency will lose data - DB restores into “inconsistent” state and must perform a soft recovery

Dealing with Consistency

When backing up VMs, may need to consider dual approaches: file level backups and image-level backups

File-level = Restore Individual Files w/Tx IntegrityImage-level = Whole-Server RecoverabilityImage-level backups may not provide application crash consistency!

MSFT and 3rd Party Solutions may integrate with VSS-aware guest OS and applications

Microsoft System Center Data Protection Manager3rd Party Backup Solutions

Integrating Backup w/VSSVSS = Volume Shadow CopyNo need to power down virtual machines to do backupsVSS ensures a consistent state in the virtual machineMust have backup integration component enabled

Data Protection Manager 2007Data Protection Manager 2007

Recovery Point Objective15min versus RT for VSs-aware VMs~1 day versus RT for non VSS-aware VMs

Recovery Time ObjectiveAutomated Monitoring and Failover versus on-demand recovery

Type of Recovery NeededDisaster Recovery – focus on getting back up and running with the latest copy ASAPOperational Recovery & Disaster Recovery – focus on being able to recover multiple points in time

Secondary SitePrimary Site• DPM for Hyper-V• Live host-level

virtual machine backup In guest consistency

• Bare metal restore

• Rapid recovery Continuous Data Protection

• No SAN required

• Protects VMs without hibernation (if OS is VSS enabled)

Reco

very

WAN Connectivity

Up to every 15 minutes

Microsoft Data Protection Manager SP1

VSS/Backup Recommendations

VSS in Hyper-V does not support:Host-level backups of pass-through VHDs.Host-level backups of iSCSI volumes in guest VMs

Instead, use guest-based Exchange-aware streaming backup or VSS backup

Data Protection Manager 2007VSS in Hyper-V does support host-level backups of VHDsHardware-based VSS backups of Exchange Storage

Supported by the vendor, not Microsoft

Hyper-V Backup Best Practices

Ensure your backup solution supports VSSSupport for the VSS writer in Hyper-V specifically

Virtual Machine Backup Best practicesLeverage the Hyper-V VSS writer to take online snapshots of virtual machinesSystem Center Data Protection Manager will provide Hyper-V VSS snapshots

Ability to quickly recover virtual machinesReplicate snapshots to backup location for DR

Virtualization & High Availability

Traditional Non-Virtualized Environment

• Downtime is bad, but affects only one workload

Virtualized Environment• Value of the physical server

goes up• Downtime is far worse because

multiple workloads are affected

Virtualization and High-Availability Go Hand in Hand

Microsoft Hyper-V Quick Migration

Provides solutions for both planned and unplanned downtimePlanned downtime

Quickly move virtualized workloads to service underlying hardwareMore common than unplanned

Unplanned downtimeAutomatic failover to other nodes (hardware or power failure)Not as common and more difficult

Windows Server 2008 R2 introduces Live-migration supporting movement of virtual machines between servers with no loss of

service

Quick Migration FundamentalsSave state

Save entire virtual machine state

Move virtual machineMove storage connectivity from origin to destination host

Restore state and runRestore virtual machine

and run

Network Connectivity

Shared Storage

VHDs

Other VM Availability Scenarios

Guest-based VM clustering (using WSFC)Cost prohibitive – requires Enterprise edition of Windows Server and shared storageMore complex to install/configure/manageAn option for cluster-aware applications

3rd party replication/failover solutionsUse software-based replication/failover to replicate VMs between Hyper-V hosts (or within VMs)

Double-Take for Hyper-VCA XOsoft High AvailabilitySteelEye LifeKeeper for Windows

Disaster Recovery ChallengesDowntime is Expensive

Traditional DR is slow/complexIncreased pressed on IT for availability

Requires specialized training

Things are ComplicatedTraditional DR requires identical HW/SW configsDifficult to test multi-tier applications

Infrastructure/People are ExpensiveDuplicate data center infrastructuresSignificant personnel resources required

Virtualization BenefitsDowntime is Expensive

More Rapid Backup and RecoveryQuick/Live Migration/Clustering

Requires specialized training

Things are ComplicatedEliminate maintaining duplicate physical systems Automate Backup, Recovery and DR processes

Infrastructure/People are ExpensiveReduce expenditure on facility and infrastructureDiminish need for specialized hardware/personnel

Some DR Terminology

RTO – Recovery Time ObjectiveHow much data you can afford to lose…

RPO – Recovery Point ObjectiveHow long you can afford to be down…

Hot siteServers up and operational at remote site at all times.

Warm siteServers pre-provisioned at remote site. Tasks to complete for failover to occur.

Cold siteEmpty site and servers on retainer awaiting DR event.

Hyper-V Recovery "Value Meals"Recovery Time

ObjectiveRecovery Point

ObjectiveWhat should I use it

for?

Small >1 Day to Week(s) > 1 Day to Week(s) Development and Testing Systems

Medium > 4 Hours to Day(s) > 4 Hours to Day(s) Workgroup Applications

Large Minutes to Hour(s) Minutes to Hour(s) Infrastructure Systems and Messaging Systems

“Biggie” Size Immediate Real-Time Business-Critical Systems$$$$

Days to Weeks Recovery

Use free or low-cost solutions to backup VMs at the host level (image-level backups)DR site is a “cold site” with equipment available on-demand from a vendor/co-lo companyStore images to tape/disk and rotate off-siteWill need to manually restore images and fix problems ….…and there will be problems!

Hours to Days Recovery

Use free or low-cost solutions to backup VMs at the host level (image-level backups)DR site is a “warm site” with storage available for replicated/copies VM imagesTransfer images to off-site data storage location

Some tools provide off-site capabilitiesWill need to manually restore images and fix problems ….…and there will be problems!

Minutes to Hours Recovery

Use replication to provide site-to site replication of VM data

These host-level replicated VM copies are potentially inconsistent

Can use SAN-based or host-based replicationCost / Bandwidth trade-off

Less impact to WAN – changes being sent in real-time (compression/throttling)Will need to attach replicated VMs to replacement equipment and fix problems

Immediate Recovery

Warm or hot site is used for DRStorage to storage replication installed between sites3rd party replication technologies used for VM replication

“in the guest” for transactional integrity“on the host” for all other workloads

Restoration is usually automated using 3rd party tools or interoperability with Windows Server Failover Clustering

Windows Server 2008 - WSFC

No More Single-Subnet LimitationAllows cluster nodes to communicate across network routersNo more having to connect nodes with VLANs!

Configurable Heartbeat TimeoutsIncrease to extend geographically dispersed clusters over greater distances

Storage Vendor Based SolutionMirrored storage between stretched locationsHardware or Software based replication

GeoCluster

Integrates with Microsoft Failover ClusteringUses Double-Take Patented ReplicationExtends Clusters Across Geographical DistancesEliminates Single Point of Disk FailureGeoCluster for Hyper-V Workloads

Utilizes GeoCluster technology to extend Hyper-V clustering across virtual hosts without the use of shared diskAllows manual and automatic moves of cluster resources between virtual hosts

GeoCluster nodes use separate disks, kept synchronized by real-time replication

Only the active node accesses

its disks

At failover, the new active node

resumes with current,

replicated data

Data is replicated to all passive nodes

Replication

How GC Integrates w/WSFC

Multi-site stretch configurations can provide automatic fail-over

Secondary SitePrimary Site

SAN SAN

Replicated data from

site A

Storage Array Storage Array

• Geographically distributed clusters are extended to different physical locations

• Stretch clustering uses the same concept as local site clustering

• Storage array or third party software provides SAN data replication to

Stretch Clustering automatically fails VMs over to a geographically

different site

Primary site data is replicated to the

secondary site

Microsoft Stretch Clustering & Storage Continuity

Software-based Quick Migration/Geo-clustering for Hyper-V VMs

demo

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learningMicrosoft Certification and Training Resources

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

Interactive Theater Sessions (session codes and titles)

VIR04-INT: Why Virtualizaiton and Data Protection are Better Together

Related ContentBreakout Sessions (session codes and titles)

VIR311: From Zero to Live Migration. How to Set Up a Live MigrationWSV202: Considerations and Strategies for Deploying Virtual ClustersWSV313: Innovating High Availability with Cluster Shared VolumesWSV315: Implementing Hyper-V on Clusters (High Availability)WSV328: Windows Server 2008 R2: HyperV

Hands-on Labs (session codes and titles)

VIR04 – HOL: Introduction to Hyper-V

Windows Server ResourcesMake sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter

Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2

Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies•Over 15 booths and experts from Microsoft and our partners

Complete an evaluation on CommNet and enter to win!

question & answer

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.