How to backup or protect the applications which are installed inside Virtual Machines (VMs) ?


Data Protection for VMware can protects Microsoft Exchange Server, Microsoft SQL Server, and Active Directory Domain Controllers that run inside VM guests. In prior releases (before V7), Data Protection for VMware used VMware functions to quiesce applications that run on the VM guest. 

During backup processing, the application server was not notified that the backup to the Tivoli Storage Manager server completed successfully. As a result, logs were not truncated on the application server. Data Protection for VMware V7.1 backs up VM guests with both guest level application consistency and log truncation which is not available in previous versions. You can back up these VM guests with the following interfaces
  • Data Protection for VMware vSphere GUI
  • Tivoli Storage Manager backup-archive client command-line interface
  • Tivoli Storage Manager backup-archive client Web client
  • Tivoli Storage Manager backup-archive client GUI based on Oracle Java
However, to implement this function, you must specify the following Tivoli Storage Manager backup-archive client V7.1 option in the dsm.opt file (Windows) or dsm.sys file stanza (Linux).
INCLUDE.VMTSMVSS vmname

This option notifies VM applications that a backup is about to occur. This notification allows the application to truncate transaction logs and commit transactions so the application can resume from a consistent state when the backup completes. By default, this option is not enabled. You must set this option to enable application protection for a VM.

Also Read: Full and Incremental backups types for taking VM backups

When a virtual machine is included by this option, Tivoli Storage Manager, provides application protection. That is, Tivoli Storage Manager freezes and thaws the VSS writers and truncates the application logs. If a virtual machine is not protected by this option, application protection is provided by VMware, and VMware freezes and thaws the VSS writers, but application logs are not truncated.

The vmname value specifies the name of the VM that contains the applications to quiesce. Specify one VM per INCLUDE.VMTSMVSS statement. To protect all VMs with this option, use an asterisk as a wildcard (INCLUDE.VMTSMVSS *). You can also use question marks to match any single character. For example, INCLUDE.VMTSMVSS vm?? protects all VMs that have names that begin with "vm" and followed by any two characters (vm19, vm27).

After a backup is completed, you can use the QUERY VM command with the -Detail option to view the status of application protection for your VM backups

Choosing the protection type for database & applications inside the VM's

With TSM for VE you can protect database and application products that are typically hosted in VMware virtual server environments and gives guidance on choosing between three generic types of data protection.
  • Off-host data protection solutions that feature a backup/recovery agent that can be hosted on a machine other than the hypervisor host, for example, Tivoli Storage Manager for Virtual Environments (Data Protection for VMware) and Tivoli Storage FlashCopy Manager for VMware.
  • In-guest data protection solutions that require the deployment of a backup/recovery agent in the guest machine, for example, Tivoli Storage Manager for Mail (Data Protection for Microsoft Exchange Server) or Tivoli Storage Manager for Databases (Data Protection for Microsoft SQL Server).
  • Hybrid solutions that use elements of both off-host data protection and in-guest data protection solutions.
Also Read: Quick Steps to configure TSM for Database (TDPOracle & TDPSQL) and TSM for Mail (TDPExchange & TDPDomino) 

There are several considerations that need to be taken into account when choosing the appropriate data protection solution, for example:
  • Recovery time objectives (RTO) - block-level recovery from an off-host backup may give shorter recovery time as compared to recovery from an in-guest backup.
  • Recovery point objectives (RPO) - recovery of transaction logs produced by in-guest backup may minimize data loss in a recovery scenario.
  • Type of storage - raw device mapping disks in physical compatibility mode cannot be the target of a VMware snapshot operation and would be better suited for in-guest solutions.
  • Other considerations including storage vendor, data layout, Tivoli Storage Manager server configuration, long-term recovery requirements, and so on.
Also you should consider that the following types of virtual disks do not support VMware snapshot operations. If you have data stored on these types of disks, it is generally recommended to use in-guest agents to protect the data on these disks
  • Raw device mapped volumes created in physical compatibility mode (pRDM)
  • Independent disks
  • iSCSI disks attached directly to the virtual machine
Restoring a full VM that was backed up with self-contained application enabled, is the same as restoring a full VM that did not have self-contained application protection enabled. When the VM is powered on after a restore, the applications resume automatically, unless they are configured to be started manually.

Protecting Microsoft SQL Server database inside the VM

Off-host solutions such as Data Protection for VMware are well suited for single instance deployments of Microsoft SQL Servers that don't have strict recovery point objectives. For more sophisticated Microsoft SQL Server deployments that have many databases and/or require more granular recovery points, it might be desirable to use a cooperative solution that allows an in-guest agent to recover a single database without disrupting the entire Microsoft SQL Server or virtual machine. Such a cooperative solution can also be used to allow an in-guest agent to manage log backups so that recovery can be accomplished to any specific point in time.

Also Read: Steps to take MS SQL DB backup and Restore using TDP for SQL

Finally, in-guest agents need to be used in situations where disks cannot be protected by off-host solutions (for example, physical raw device mapped volumes) or there are very specific recovery use cases.

When to use only Off-host data protection

If one or more SQL databases are configured in full recovery mode, Data Protection for VMware is recommended as it provides the ability to truncate logs after a successful backup operation. However, use of the self-contained application protection feature of Tivoli Storage Manager is required to truncate logs. Choose Off-host data protection if you have below settings.
  • Microsoft SQL Server database files are already stored on disks that can be protected by virtual machine snapshots.
  • Not having AlwaysOn Availability Groups, AlwaysOn Failover Clusters, or SQL servers deployed in cluster configurations.
  • No requirement to recover to any specified point in time and databases are configured in simple recovery mode.
  • SQL databases are configured in full recovery mode but log roll-forward is not a requirement.
  • No need to recover individual databases or already protecting Microsoft SQL Server database in some other way.
  • If you can use a global policy on a per-virtual machine or per-datastore basis to manage retention of Microsoft SQL Server data
When to use Hybrid solution using off-host data protection with an in-guest agent

With the hybrid solution, full database backups are contained within the Data Protection for VMware virtual machine backups & Data Protection for Microsoft SQL Server can be deployed in-guest to recover an individual Microsoft SQL Server database from a virtual machine backup. Choose  hybrid solution (Off-host & in-guest) data protection if you have below settings.
  • If you have Microsoft SQL Server database files stored on disks that can be protected by virtual machine snapshots.
  • If you don't have AlwaysOn Availability Groups, AlwaysOn Failover Clusters, or SQL servers deployed in cluster configurations.
  • If you need to recover individual databases without disrupting other databases on the same server.
  • If you need to recover to any specified point in time using transaction logs
When to use only In-guest data protection

Choose  only in-guest data protection if you have below settings.
  • If you have Microsoft SQL Server databases deployed on physical compatibility raw device mapped (pRDM), independent, or direct iSCSI mounted disks.
  • If you have AlwaysOn Availability Groups, AlwaysOn Failover Clusters, or Microsoft SQL Server deployed in a cluster configuration.
  • If you need to define policy at an individual database level

Protecting Microsoft Exchange Mail Server inside the VM

Off-host solutions such as Data Protection for VMware are well suited to help optimize recovery of an entire virtual machine into a DAG by seeding the Microsoft Exchange Server databases on the virtual machine so that the native Microsoft Exchange Server database facilities don't have to resynchronize entire databases but only the set of changes since the latest recovery point.

If you require frequent mailbox or mailbox item recoveries beyond what native Microsoft Exchange Server features provide, it might be desirable to use a cooperative solution that allows an in-guest agent to recover individual mailbox or mailbox items.

Finally, in-guest agents need to be used in situations where disks cannot be protected by off-host solutions or there are very specific recovery use cases.

When to use only Off-host data protection
For Microsoft Exchange Server databases not using continuous replication circular logging, Data Protection for VMware is recommended as it provides the ability to truncate logs after a successful backup operation. Choose Off-host data protection if you have below settings.
  • If you have Microsoft Exchange Server database files stored on disks that can be protected by virtual machine snapshots.
  • If you don't need to recover an individual database.
  • If you can use a global policy on a per-virtual machine or per-datastore basis to manage retention of Microsoft Exchange Server data.
  • If you are using native Microsoft Exchange Server features to satisfy individual mailbox/mailbox message recovery or you do not need to recover individual mailbox/mailbox messages.
  • If you do not have any special recovery point objective requirements that would necessitate log recovery or if you are using continuous replication circular logging.
  • If you need to be able to recover an entire virtual machine to rebuild a Microsoft Exchange Server configured in a database availability group. 
Also Read: Integrating TDPO with RMAN to configure Oracle DB backups

When to use Hybrid solution using off-host data protection with an in-guest agent
You can protect full database backups by using Data Protection for VMware  & Data Protection for Microsoft Exchange Server can be deployed in-guest to recover individual Microsoft Exchange Server mailboxes and mailbox items from a virtual machine backup. Choose  hybrid solution (Off-host & in-guest) data protection if you have below settings.
  • If you have Microsoft Exchange Server database files stored on disks that can be protected by virtual machine snapshots.
  • If you have no special recovery point objective requirements that would necessitate log recovery or you are using continuous replication circular logging.
  • If you can use a global policy on a per-virtual machine basis to manage retention of Microsoft Exchange Server data and any of the following conditions are met.
  • If you need to perform frequent individual mailbox or mailbox item recovery operations and concerned with recovery time objectives.
  • If you need to be able to recover an entire virtual machine to rebuild a Microsoft Exchange Server configured in a database availability group.
When to use only In-guest data protection
With In-guest data protection, you can have below advantages
  • Recovery of individual databases and/or servers can be coordinated with other resources (for example, for clustered servers or database availability group configurations).
  • Recovery to specific point-in-time states based on log recovery can be achieved to satisfy recovery point objective requirements.
  • Mailbox and mailbox item recovery is integrated in the native in-guest agent interfaces
Choose In-guest data protection, if you
  • Have Microsoft Exchange Server databases deployed on physical compatibility raw device mapped (pRDM), independent, or direct iSCSI mounted disksneed to perform frequent individual mailbox or mailbox item recovery operations.
  • Have special recovery point objective requirements that would necessitate log recovery.
  • Need to perform frequent recoveries of individual databases.
  • Need to define policy at an individual database level

Protecting File/web/print server/workstation (unstructured data)

Protecting virtual machines that are primarily managing unstructured data such as file servers, web applications, or workstations.

Off-host solutions such as Data Protection for VMware are well suited for most backup and recovery use cases as they provide efficient block-level, incremental backups to reduce the steady-state backup windows and provide administrators with the ability to perform recoveries of the entire virtual machine or recoveries of only specific files and directories.

In-guest agents need to be used in situations where disks cannot be protected by off-host solutions (for example, physical raw device mapped volumes) or there are very specific recovery use cases.

Also Read: Steps to configure SAP Oracle DB backup with TSM for ERP using BRTools

Protecting Microsoft Active Directory

Off-host solutions such as Data Protection for VMware are well suited to help optimize recovery of an entire virtual machine into a site that has a pre-existing domain controller by seeding the Active Directory databases on the virtual machine so that the Active Directory database replication facilities dont have to resynchronize an entire database but only the set of changes since the latest recovery point. 

Microsoft and VMware have provided built-in tools to facilitate recovery and replication with Windows Server 2012. Prior versions of Windows Server required explicit changes in the data protection products in order to ensure that Active Directory replication was aware when a machine was being recovered to a site with at least one pre-existing domain controller.

In-guest agents need to be used in situations where disks cannot be protected by off-host solutions or recovery of individual Active Directory objects is required.

Protecting Other applications

If you are using any other applications other than the above discussed applications, it is recommended to use In-guest data protection software to protect them. For example
  • If you are using Lotus Domino, SAP ERP or Oracle Databases within the VM's, it is recommended to use In-guest data protection (TDP Domino, TDP Oracle etc.) to protect the application data.
  • If you are using DB2 database, you can use only BA Client to configure the backup to TSM server.




What Others are Reading Now...

0 Comment to "How to backup or protect the applications which are installed inside Virtual Machines (VMs) ?"

Post a Comment