In-Depth
Backing up Hyper-V
With support for Hyper-V in Service Pack 1, Microsoft's System Center Data Protection Manager can be the ideal application for backing up virtual machines.
If you've ever used System Center Data Protection Manager (DPM) 2007 -- Microsoft's flagship enterprise backup solution -- then you know that it makes backing up and restoring network servers relatively painless. However, when you add virtualization to the mix, the backup process takes on an additional degree of complexity. That being the case, this article will focus on System Center DPM and what's involved in using it to back up virtual machines (VMs) that are running on Hyper-V.
It's important to note that the original released to manufacturing (RTM) version of DPM 2007 doesn't offer protection for Hyper-V. However, Microsoft added Hyper-V support in Service Pack 1 (SP1). SP1 also added support for backing up a server's system state information, a capability that was previously unsupported.
Guest Operating Systems
DPM gives you various options depending on how you want to back up your Hyper-V server and the guest operating systems that are running on it. As you might have guessed, there are pros and cons associated with each of these methods. Furthermore, the types of guest OSes that you're running on your Hyper-V server also play a role in the backup method you'll be using.
First you'll need to take into account which guest OSes you're running. There are three reasons why your guest OSes are going to dictate which backup methods you'll be able to use, and all three of these reasons are related to compatibility.
First, you need to consider whether the guest OS supports the use of Volume Shadow Copy Services (VSS). Newer Windows server OSes, such as Windows Server 2003 and Windows Server 2008, are VSS-aware. If you're running an older Windows server OS or a non-Windows OS, then VSS won't be supported for the VM.
On a similar note, the second consideration is whether or not the VM is enlightened. A VM is said to be enlightened when it's running the Hyper-V integration services. Currently, the integration services will work with Windows Server 2003 SP2 and later; Windows Server 2003 R2; Windows Server 2008; and SuSE Linux Enterprise Server 10 SP1 and later. Windows XP and Windows Vista are also both supported -- although some caveats apply -- but I'm limiting my discussion to server OSes. Legacy Windows server OSes and other non-Windows OSes aren't compatible with the integration services.
The third issue to take into account is whether or not the DPM 2007 agent is compatible with the guest OS. Currently, DPM 2007 agents can only be deployed to Windows operating systems. Furthermore, you can't deploy a DPM 2007 agent to a Windows server unless that server is a member of a domain that exists within the same forest as the DPM server.
Host vs. Guest Backup
Now that I've talked about the various DPM 2007 and Hyper-V compatibility issues, I'll discuss your various backup options. DPM 2007 allows you to perform either a host-level backup or a guest-level backup of your VMs. As I mentioned earlier, there are advantages and disadvantages to each method, and you may sometimes be limited by compatibility issues.
Host-Level Backups
Host-level backups are by far the most flexible type of backup you can perform against Hyper-V, because a host-level backup will work regardless of the type of OS running on the guest machines.
Suppose, for a moment, that you need to back up a Hyper-V server that's running several legacy Windows server guest OSes and a couple of non-Windows guest OSes. The non-Windows OSes won't be compatible with the DPM agent, and they won't support VSS or the Hyper-V integration services. Likewise, the legacy Windows guest OSes might support the DPM agent, but they won't support VSS or the Hyper-V integration services.
However, none of this matters when you perform a host-level backup, because the DPM 2007 agent is applied to the parent operating system -- the Windows Server 2008 OS that's running Hyper-V. Even though the guest OSes don't natively support VSS, DPM uses the host OS to make a VSS backup of the guest operating system.
What happens is that the guest machine is forced into a hibernation mode. This dumps the VM's memory and its CPU contents to a file. Once that happens, DPM 2007 takes a VSS snapshot of the VM, and after that the VM's OS is resumed.
There's a momentary interruption in service while the VM is in a hibernated state, but the process of creating a VSS snapshot usually only takes a moment to complete. The process isn't nearly as invasive as if you ran a traditional backup against the VM while it was hibernating.
So what happens if a VM is VSS-aware? Well, if a guest machine is VSS-aware, then the snapshot process is far more seamless, and there's no downtime required. The process begins when the DPM 2007 agent contacts the virtualization host -- Hyper-V -- and requests a backup. When this happens, the Hyper-V integration service components perform a referential VSS query. This means that even though the DPM 2007 agent is only talking to the host OS, Hyper-V will tell the guest OS to contact its own VSS writers. Those VSS writers then prepare for a VSS snapshot to be taken. The snapshot is only taken when Hyper-V gets the OK from the guest machine's internal VSS writers. This guarantees that the guest OS is in a consistent state when the snapshot is taken.
As you can see, one of the main benefits to using host-based backups is that you can make consistent VSS backups of compatible guest machines with no downtime. Plus, you can make VSS snapshots of incompatible guest machines with only minimal interruption.
There are some other benefits to performing a host-based backup, including the ability to capture the entire VM, not just the OS and applications that are running on it. What this means is that a host-based backup makes it possible to perform a virtual "bare-metal restore." You can't really perform a bare-metal restore of a VM, but you can do the virtualized equivalent by restoring a VM to any available Hyper-V host server.
Probably the biggest benefit to performing a host-based backup is the cost savings. As you most likely know, you're required to purchase a license for each DPM 2007 agent that you deploy. When you perform a host-based backup, an agent is only required on the host OS. Therefore, you can back up as many VMs as you want for the cost of one DPM 2007 agent per host server.
You may be wondering why anyone would ever want to use anything but a host-level backup, given its benefits. But, as I mentioned earlier, there are some downsides that must be considered. The biggest problem with using host-level backups is that doing so allows you to restore a VM in its entirety, but doesn't allow you to restore individual elements on that VM, such as files, folders and databases.
To see what I'm talking about, look at Figure 1. I captured this screenshot while creating a protection group that included my Hyper-V server. Notice there's actually a container for Microsoft Hyper-V and that all my VMs are listed beneath this container. You'll also notice that individual VMs can't be further expanded to allow for a more granular backup. Backing up a VM at the host level is an all-or-nothing proposition. You don't have to back up all of your VMs, but you can't pick and choose which individual elements within a VM you want to back up.
[Click on image for larger view.] |
Figure 1. Data Protection Manager 2007 lists the individual VMs that reside on a Hyper-V server. |
Guest-Level Backups
Guest-level backups require you to install the DPM 2007 agent onto individual VMs, as opposed to installing the agent through the host OS. This means your costs will usually increase, as Microsoft requires you to purchase a license for each DPM 2007 agent you use.
Notice that I said that your costs will usually increase. There's one situation in which you can perform guest-level backups without the extra costs. If you purchase the System Center Management Suite, you're automatically licensed to use as many DPM agents as your host OS will allow. For example, Windows Server 2008 Enterprise Edition is licensed to support up to four guest OSes. As such, you'd be licensed to use up to four DPM 2007 agents for the VMs on that server at no additional cost.
Aside from the cost, there are other negative aspects to using guest-level protection. For instance, the fact that each guest OS requires its own agent means that the compatibility issues I discussed earlier come back into play. Therefore, you'll only be able to make guest-level backups of guest OSes that are running supported versions of Windows -- and that have been joined to your domain.
So what's the advantage to making a guest-level backup? Well, as far as DPM 2007 is concerned, a guest-level backup is no different than backing up a physical computer. In other words, you'll be able to back up and restore individual files, folders, applications and even the VM's system state.
To see the difference between a host-level backup and a guest-level backup, take a look at Figure 2. In this figure, I'm creating a protection group that contains one of my virtual Exchange servers. As you can see in the figure, DPM gives me the option of backing up individual files, folders and the machine's system state. Because DPM 2007 is an Exchange-aware backup application, there's also an option for backing up Exchange storage groups.
[Click on image for larger view.] |
Figure 2. Making a guest-level backup gives you full access to the VM's contents. |
The Final Word
So the big question is: Which backup method should you choose?
Assuming you have compatible VMs and the necessary server resources, I'd recommend using a combination of the two techniques. That way you can perform restorations either at the VM level or at a more granular level within a VM.
About the Author
Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.