In-Depth

Harden VMs with VDP

Here's what you need to know to deploy vSphere Data Protection (VDP) as part of your business continuity plan.

• By Jeff Hunter
• 08/01/2013

Protecting an organization's data is a key part of any business-continuity plan. With many solutions out in the marketplace today, the key is finding the right one to meet your business's needs. Back in August 2012, VMware Inc. partnered with EMC Corp. to bring to market vSphere Data Protection (VDP). VDP was released with vSphere 5.1 and is included with vSphere 5.1 Essentials Plus and newer. That's right -- if you have vSphere 5.1, you already have access to VDP at no additional charge. There's also VDP Avanced, which includes all of the features of VDP, as well as more scale and application agents for Microsoft SQL Server and Microsoft Exchange. These agents facilitate application-consistent backups and more granular backup and restore capabilities.

VDP leverages EMC Avamar code to provide enterprise-class stability and de-duplication in a backup solution designed for small to midsize environments. VDP has a patented, variable-length de-duplication algorithm that can achieve efficiencies greater than 90 percent. For example, I've backed up 100GB of VMs in my lab environment, but this backup data only consumes 9.8GBs of actual storage on the VDP appliance.

VDP benefits include:

• Fast, efficient backup and recovery for VMware VMs
• Backup data disk space requirements are significantly reduced by using a patented, variable-length de-duplication technology across all backup jobs
• VMware vSphere APIs for Data Protection (VADP) and Changed Block Tracking (CBT) are utilized to reduce load on the vSphere host infrastructure and minimize backup window requirements
• Full VM restore (or "image-level" restore) and file-level restore (FLR) are possible without the need for an agent to be installed in every VM
• Deployment and configuration are simplified using a virtual appliance form factor
• Administration is performed utilizing the vSphere Web Client
• Appliances and data are protected using a checkpoint and rollback mechanism
• Windows and Linux files can easily be restored by an end user with the Web-based VDP Restore Client

Additional benefits with the Advanced version include:

• Protection for mission-critical Microsoft Exchange and SQL Server workloads with agents designed specifically for these applications
• Dynamic add capacity as backup requirements grow

Additional Benefits
Another benefit of VDP is ease of deployment and management. It's deployed as a Linux-based virtual appliance via an open virtual appliance (OVA) file into the vSphere environment. It supports backing up a maximum of 100 VMs per appliance (up to 400 VMs per appliance can be backed up by VDP Advanced), and supports a maximum of 10 appliances per vCenter Server instance. Once the appliance has been deployed, management is performed using a Web browser (see Figure 1).

Before deploying VDP, be sure your environment has met all of the prerequisites. One appliance requires a host record in DNS, Network Time Protocol (NTP) configuration and user account configuration to help ensure successful deployment. Full requirements are covered in the VDP Evaluation Guide, which can be found at bit.ly/11484hC.

It's important to deploy a properly sized appliance from the start. VDP can be deployed with .5TB, 1TB or 2TB of de-duplicated backup data capacity. Once the appliance has been deployed, it isn't possible to add capacity. VDP Advanced is deployed with 2TB of de-duplicated backup data capacity. With VDP Advanced, it's possible to add capacity in 2TB increments, up to 8TB (see Figure 2).

Thoroughly evaluate the environment to determine how much backup data capacity you need by calculating the number of workloads that need protection, the data-change rate for these workloads and the retention policy. VDP has an efficient de-duplication algorithm to help minimize the backup data capacity you need.

Deployment Considerations
Deploying VDP in the same site, cluster, and storage environment as the VMs that it will protect provides more reliable backups, and better backup and restore performance. This deployment setup also uses minimal storage and network resources. It's possible to place a virtual appliance at a site other than where the VMs are located. However, this means the backup traffic between the protected VMs and the virtual appliance will be transmitted across the WAN that connects the sites. The protected VMs and VDP must also be managed by the same vCenter Server.

After deploying VDP, you can create backup jobs. This wizard-driven process is simple and intuitive. The first step is selecting the VMs (or application databases with VDP Advanced) to protect. Then select the schedule and retention policy for the backup job. A backup job can be scheduled to run daily, weekly or monthly. Be sure to understand the backup data retention requirements of your organization and set VDP accordingly (see Figure 3). Setting the policy too low means you might not have the proper level of protection, while setting it too high consumes more backup data storage capacity.

Performing a restore is a straightforward process, as well. The job starts with selecting a restore point. You can then choose to restore the VM to its original location or an alternate. In some cases, VDP can leverage CBT for restores, which can greatly decrease the amount of restore time. When restoring to an alternate location, the VM can be given a new name and be located on a different data store. You also have the options of powering on the VM and connecting it to the network after it's restored. This makes it easy to practice restores or perform Restore Rehearsals (see Figure 4), which is a best practice regardless of the backup solution in use.

VDP vs. VDP Advanced
Organizations with Microsoft Exchange or SQL Server workloads should strongly consider VDP Advanced because it provides specific support for these applications. This support provides the ability to back up and restore individual components (such as an individual SQL Server database), enables application-consistent backups, and provides even more efficiency with client-side de-duplication. These agents also provide more options for backup and restore, such as enabling multi-stream backup (see Figure 5) and specifying incremental or full backups.

VDP also offers file-level restoration. An end user such as a guest OS administrator or application owner can open a Web browser, log on to the VDP Restore Client, select the files to be restored (see Figure 6), and then monitor the progress of the restore job -- all without intervention from a backup administrator.

The status of a VDP virtual appliance and details about its backup jobs can be found on the Reports tab. Items such as capacity information and the success of recent backup jobs can be seen at a glance. The list of clients can be filtered, which enables quick location of specific information in environments with many VMs. It's also possible to configure e-mail reporting for each appliance (see Figure 7).

Data protection is a key component of any business-continuity plan. VDP and VDP Advanced provide efficient solutions for protecting a VMware VM infrastructure, including mission-critical apps such as Microsoft Exchange and SQL Server. Deployment is quick and easy. Administration is performed using a Web-based GUI integrated with the vSphere Web Client. End users can restore files without the need for assistance from a backup administrator. Reporting is available in both the UI and via e-mail reports.

For more details, visit the VMware Web site. An evaluation copy of VDP Advanced can be downloaded there, as well. Be sure to grab the VDP Evaluation Guide to help you get started quickly.