Key Points: [Slide purpose: to show how virtualization changes relationship between hardware and software] After virtualization: Virtual machines are hardware-independent Thus, virtual machines can be provisioned and run on any x86 hardware system You can manage the OS + application as a single unit Script: Now compare that scenario with the virtualization scenario: For one, server virtualization breaks those dependencies between OS and hardware. The OS communicates with the “virtual hardware” provided by VMware’s virtualization layer. The virtualization layer makes the virtual machine hardware- independent. The virtual hardware seen by the OS looks the same regardless of what x86 hardware is actually underneath the virtual machine, whether it be HP, IBM, Dell, or any other supported x86 system. Stated another way, a virtual machine can be provisioned and run on any x86 hardware system. It can be taken from one physical machine where it had been running and provisioned to a different physical machine—no changes required. As this demonstrates, virtualization dramatically simplifies the way that you think about managing systems. You can now manage the OS and its application(s) as a single unit. Before, changing the hardware meant going through a process for getting an operating system installed on the hardware followed by a process for installing and migrating the application. With virtualization, you can move the OS and application as a unit, much more simply and much more efficiently. The result: Virtualization simplifies IT so that companies can leverage their storage, network, and computing resources to control costs and respond more quickly.
[Click ONCE to show the bullets for each graphic] We typically break describe three key properties of virtual machines that are responsible for their powerful benefits. Let’s examine each one of those properties… The first key property is partitioning. Virtual machines allow a single computer to be divided into separated partitions that can each run an operating system and application stack concurrently. In fact, those virtual machines can be running completely different operating systems and software because they each have their own virtual storage locations, memory spaces and networking interfaces. A component of the VMware virtualization layer called the virtual machine monitor manages the concurrent execution of each virtual machine on the host system hardware. Typically we’d actually see a ratio of about 4 to 8 running virtual machines per physical CPU. The networking and storage features of virtual machines let you use them just as you would real machines in networked configurations or joined together in clusters for high-availability. 2. Our second critical feature is isolation which is critical for safe and reliable server consolidation. VMware Virtual machine monitors use the hardware protection features of the CPU to isolate the virtual machines from each other and the monitor. By basing our isolation on the hardware protection we get very strong isolation. In other words, there is unlikely to be a hole. Each virtual machine is isolated from the host and other VMs, in the sense that it doesn’t share a kernel or processes. In a real environment, what this means is that applications in one virtual machine can encounter viruses or blue screen their operating system, and there is no effect on any other virtual machine. In fact, we had the U.S. National Security Agency try to hack from one virtual machine to another for over a year and they couldn’t find any weaknesses to exploit. That proven isolation strength has led the NSA to approve VMware technology for running insecure off-the-shelf software on their secure machines. Resource controls & isolation features give application owners full protection from the stability and performance problems of other applications. A virtual machine with an application leaking memory or a runaway process consuming CPU can only use as much of the host resources as you’ve allocated to that virtual machine. The neighboring virtual machines will retain their allocations of CPU, memory, disk I/O and network I/O. Isolation and resource controls r emoves end user objections to server consolidation because you can guarantee service levels and security. 3. Our third primary feature of virtual machines is encapsulation. The complete state of a virtual machine – memory, disk storage, I/O device and CPU state, and virtual hardware configuration – is stored in a small set of files. These files are hardware independent so you can move a virtual machine from one x86 system – say a Dell server– to another – say an IBM server – and that virtual machine will run with no changes necessary as long as the VMware virtualization layer is present. An encapsulated virtual machine is at a minimum just the virtual machine configuration file (a small text file defining the virtual machine’s properties) and the virtual disk file that contains its installed operating system. A snapshot of a running virtual machine would add files encapsulating the memory and processor state of the virtual machine so that a point-in-time image of a running virtual machine can be saved and reverted to at any time. Encapsulation means that your ability to copy, save, and move virtual machines wherever and whenever you need them is as simple as copying a directory of files.
[This slide uses a six-click build. Please practice with it before presenting.] Let’s take a look at a typical virtual infrastructure and the components of VirtualCenter used to manage it.
Note to Presenter – Read the slides and see below for additional talking points on Hardware Independence (System, Application, data). Hardware Independence – Unlike many solutions that require specific vendor hardware say for say clustering or replication, VM’s can run on any x86 hardware without requiring any changes or modifications. This significantly speeds up provisioning during planned maintenance. Minimizes the system configuration issues for the DR site – that we mentioned earlier. Hardware independence also translates to significant cost savings. You can eliminate the risk of “configuration drift”, i.e. the risk that two sites become non-identical over time when changes at one site aren’t made to the other site in lock step. You don’t have to worry about forgetting to update firmware at both sites at the same time, of making sure you add memory to systems at both sites at the same time, etc. You can use your older servers assets as a part of your DR site so that you may be able to provide hardware for recovery without needing to buy new servers
Now we will talk about Isolation - Note to DR Road Show Presenter – Read the slides and see below for additional talking points on Isolation Isolation – This is a core property of a VM. It is isolated and any changes or instability in one VM is completely isolated from the other VM’s on the host. Ideal for test and dev and production environments requiring various application and OS levels running within the same host. Because systems are isolated it significantly enhances security when for example vm’s are used as a means to deliver a virtual desktop on an unmanaged PC. Implications Simplify DR testing – because virtual machines are isolated from each other you can run your DR tests on the actual DR recovery hardware without impacting your ability to recover production virtual machines should your production site fail during a DR test Better utilization of DR hardware – Because of the isolation properties and the ability to use virtual LAN’s (more later) we can use the hardware designated for recovery for other workloads when the production site is functioning normally. For example DR test can be run on the DR site alongside a simultaneous test-dev or batch program workload. Resource pooling - resource pooling isolates the performance impact of virtual machines on each other by allocating resources to a group of virtual machines based on user-specified limits. Using resource pools, you can ensure that different workloads, e.g. DR testing workloads, batch jobs, actual recovery virtual machines, etc. do not interfere with each other.
[Note: slide has manual animation to step through DRS Maintenance Mode sequence of events] Key Points: Just with VMotion, you can move running virtual machines off of a server for planned maintenance downtime For customers using DRS, Maintenance Mode further automates process of evacuating (i.e. moving virtual machines off of) a physical server Some scenarios this applies to: firmware updates, replacing failed components (that didn’t bring down the server), adding or replacing memory
Mnozstvo Heterogennych prostredi HA a DR z jednej konzoly Fyzicke, virtualne masiny z jedneho miesta
This slide has build animation – click and test before you present. There are three ways that our customers commonly do backup and recovery in virtualized environments. These are: In-VM, Put backup agent in virtual machine: same configuration and procedure as with physical machines Provides file-level backup and restore In-Console Backup from service console: backs up entire virtual machine (by backing up the small number of files that encapsulate it) Simpler, doesn’t load individual VM’s, but less granular restore since you can only restore full disk images, not individual files within virtual machines Many customers use in-VM and in-Service Console backup as complementary options—in-VM for file-level backup of data and in-Service Console for image-level backup of system disks New VMware Consolidated Backup (Next Page we will show how it works) We also have a New Consolidated Backup capability in VI3 which provides another option that has significant benefits. Key Points: What is it? Centralized agent-less backup for virtual machines Pre-integrated with major 3rd-party backup products VCB does not do backups itself, but is rather an enabler that makes it easier to do backups using standard 3 rd -party backup tools Customer Impact Reduce the load on ESX Server, thereby allowing it to run more efficiently and to run more virtual machines. Perform backups at any time, even in the middle of the day Improve manageability of IT resources by using a single agent running on the proxy server rather than an agent on every virtual machine. Eliminate backup traffic on the local area network by utilizing Fibre Channel tape devices for virtual machine backups Move backup out of the virtual machine Run midday backups – LAN Free Integrated with 3 rd party backup – VERITAS, Tivoli, EMC, CommVault, VizionCore, CA So how does one select a backup method? This Flow chart is a very high-level simplification. Many of these decisions will be dependent on the customers backup ISV provider and the specific application needs. We are not implying that a customer must choose between in-Console and in-VM backup. These are complimentary. Many customers use both. If you have a FibreChannel SAN then VCB is a very viable option but note that it will allow file level backup only for Windows and will enable full-image based backup for any OS Additional Optional Script: We can install a backup agent in the ESX Server service console that runs underneath the virtual machines. Backup software can then be configured to back up the entire set of virtual machines on the system, configuration and disk files included, because of the property of encapsulation that I mentioned to you earlier. It is important to note that in this configuration, individual file recovery for each virtual machine is not possible. Backup software protects the virtual machines beneath the operating system level, and therefore does not have the access it needs to understand the makeup of the individual file systems. Virtual machines are recovered in their entirety by restoring the virtual machine configuration files from within the backup software.
Fundamentally, there are two different ways to backup a VMware server. The first is with a program inside each virtual machine. That could be a standard NetBackup client, or a NetBackup PureDisk deduplication client. This represents a pretty easy transition for most IT administrators, so it is a popular approach. It works well with database agents. However, with the NetBackup Standard Client, there is a risk that too many backups running simultaneously will overload the VMware server. That is a significant risk with this approach. The alternate approach is to use VCB, which is the VMware snapshotting technology. VCB is a high-performance software solution that takes a snapshot of the virtual machine and then copies it to a different server where the backup actually takes place. It keeps the risk low of overloading the VMware server. When people talk about NetBackup for VMware, this VCB solution is usually what they’re referring to. When you use NetBackup and VCB, you can restore either an individual file or an entire virtual machine from the VCB snapshot file. This may not sound like a big deal, but it is. More on that soon.
NetBackup has clear market leadership for VMware protection. <click> As discussed previously, we support two main methods for VMware protection. One is based on integrating with VMware’s Consolidated Backup infrastructure, and the other is based on running a PureDisk client inside the virtual machine. We’ll explain the VMware incrementals item is a moment. <click> Granular Recovery is one of our top competitive advantages – it’s why we won the Best of VMworld award. When you use NetBackup with VCB, VCB takes a snapshot of the virtual machine and sends it to a different server for the backup to actually take place. Then, NetBackup uses patented technology to look inside the VM file, and catalog and index it. Later, you can restore either an individual file or an entire virtual machine from that VCB snapshot file. Nobody else has the technology to look inside that VCB snapshot file in order to catalog and index it, and nobody else can extract a single file from that snapshot file when doing a restore. That is a huge competitive advantage for us. Another one of our advantages is our support for “Auto-discovery.” That means that NetBackup for VMware will automatically discover all the virtual machines on your network. You don’t need to hunt them all down individually and enter IP addresses or hostnames! It is a huge time-saver. IT Admins love this feature. Lastly, in NetBackup 6.5.2 we are introducing a new capability to couple full VMware image backups with file level incrementals so that you don’t have to perform full image backups every time. The advantage with this technology is that for incremental backups, we copy over only the files that have changed since the virtual machine FULL backup. This significantly reduces backup time, I/O load, and storage consumption, while still retaining the ability to restore both an entire virtual machine image and/or individual files regardless of which backup method was used.
As you know, when you use NetBackup with VCB, VCB takes a snapshot of the virtual machine. Later, you can restore either an individual file or an entire virtual machine from that VCB snapshot file. That’s a big deal. We call it “single backup pass, two types of restore.” One type of restore is restoring the entire virtual machine. The other type of restore is restoring individual files. Competitors don’t have this ability to do a “single backup pass, two types of restore.” In order for our competitors to do two types of restore, they have to do two backup passes. But we only have to do one backup pass. What does that mean that they have to do two backup passes? It means their backups take twice as long, use twice as much storage, and twice as much I/O. That’s a big deal! It’s also why we won the Best of VMworld award.
When NetBackup for VMware uses VCB, the VMware ESX server takes a snapshot of each virtual machine, but sends it over to another server to do the actual backup. This means that the VMware ESX Server doesn’t get bogged down executing the actual backup. A lot of our competitors don’t use VCB. As a result, when they are backing up a VMware ESX Server that’s already running at 80% utilization, the whole thing can grind to a halt.
Speaker Notes: The primary message for the launch – one agent, one backup, one console. Backup Exec 12.5 introduces new, comprehensive data protection for both VMware Virtual Infrastructure and Microsoft Hyper-V environments. Backup Exec 12.5 eliminates the need for customers to maintain a disparate set of data protection tools for both physical and virtual environments—a key value proposition for customers trying to reduce complexity in their environments. In addition, unlike backup solutions designed for pure virtual environments, Backup Exec 12.5 supports backing up virtual machines to disk, tape, and the “cloud” via SPN Online Storage [North America only]. The Agent for VMware Virtual Infrastructure and Agent for Microsoft Virtual Servers (which includes Hyper-V) automatically discover and back up unlimited guest machines per physical host environment. The per-physical-host licensing model is designed for Backup Exec’s high-velocity channel model—making it easier for partners and customers to do business with Symantec. It eliminates the complexity of traditional licensing models tiered by number of “sockets” or “guest machines”. Backup Exec’s new virtual server agents allow both granular recover of files and folders as well as entire virtual machines via a single-pass backup. Single-pass backups eliminate the need for multiple backups of the same data for different recovery granularities. This reduces the impact of the backup process on production data and the footprint of the backup on storage resources. Additional Notes: Virtual machines protected by either AVVI and AMVS will be “crash consistent” (which guarantees the consistency of the file systems), but not “application” consistent (which guarantees that the databases and associated metafiles for applications like Exchange, SQL Server, and SharePoint are consistent). Application consistent backups still require the installation of the appropriate Backup Exec Agent in the Guest OS—note that no competitor can do any better. This is a limitation of both the VCB framework and the lack of a data protection framework for Hyper-V/MSVS. Granular recovery of files and folders inside Guest OSs require the installation of the Agent for Windows Servers (AWS) be installed in the Guest OS. AWS is only required as a mechanism to channel the recovered files and/or folders to the Guest OS file system. AWS is not required for backup to get granular recovery. AVVI uses VMWare VCB to do Off-Host backup of virtual machines. AMVS has no such capability. Virtual machines are backed up directly from production. Recovery of both VMware and Hyper-V virtual machines can only occur over the network—no SAN-based recovery is possible.
With the introduction of two new virtual agents for VMware and Hyper-V, customers now have an easy to manage, single point of control for their virtual server environment. Backup Exec integrates with VMware Virtual Center, allowing a great degree of control over the management of data protection in virtual environments and provides automatic detection and views of the entire virtual infrastructure. If you have a single ESX host environment or Hyper-V environment, no matter how many guests or how much memory you have on this machine, we have a single price and you can protect unlimited guest machines with the hardware and resources you have been given – this has changed the landscape for the virtual business. We leverage VMware Consolidated Backup (VCB) technology and Microsoft VSS technology to reduce the time and challenge it takes administrators to configure a backup job- now a single backup job of the host environment can be easily configured and run through Backup Exec and provides granular recovery of files and folders or entire guest machines in seconds, previously this set-up process required hours of scripting and an expertise in virtual instructors. As you can see, granular recovery is just a click away…. Additional background for speaker: Virtual Server Backup and Recovery Challenges prior to BE 12.5: Administrators and companies who have not had the experience of recovering a Guest virtual machines using basic backup and recovery tools will face several limitations recovering their data with these older backup tools designed only for physical systems including; Having to install a backup agent inside of each Guest virtual machine or on the ESX server directly – now solved with BE 12.5 Recovery of a single file typically requires a long restore of the entire Guest virtual machine – now solved with BE 12.5 Separate backups for system level vs. individual file level recovery – now solved with BE 12.5 Taking Guest virtual machines off-line during backup in order to protect them completely – now solved with BE12.5 Ensuring applications running inside of the Guest virtual machines can be recovered- now solved with BE 12.5 Having to use separate backup products for physical vs. virtual machines – now solved with BE 12.5
… .from a single backup, administrators can go into guest OS and recover individual guest machines, so businesses can quickly recovery from a small-scale IT disaster in seconds or….
… recovery to a granular file or folder all from the same single pass backup – overall ensuring a business can quickly recover from a data corruption or a threatening virus to keep their business up and running. It’s that easy!
Zálohovanie vo virtuálnom prostredí
SOFT-TRONIK SK Zálohovanie vo virtuálnom prostredí František Ferenčík VMware Certified Instructor
Agenda <ul><li>Princ íp virtualizácie </li></ul><ul><li>Problematika vysokej dostupnosti </li></ul><ul><li>Zálohovanie vo virtuálnom prostredí </li></ul>
Hypervisor VM VM VM Virtuálne prosteedie Fyzické prostredie Aplikace naprieč virtuálnym a fyzickým prostredím Application and data HA File CUS IIS SQL SAP EXC ORACLE DB2 CUS Dostupnost aplikácií : Chráni aplikácie pred výpadkami fyzických a virtuálnych serverov Dostupnosť dát : Ochrana a obnova dat vo fyzických i virtuálnych prostrediach
Hypervisor VM VM VM Virtuální prostředí Fyzická prostředí Aplikace křížem přes virtuální a fyzická prostředí Application and data HA File CUS IIS SQL SAP EXC ORACLE DB2 CUS Dostupnost aplikací : Chrání aplikace před výpadky fyzických a virtuálních serverů Dostupnost dat : Ochrana a obnova dat ve fyzických i virtuálních prostředích VCS for VMware ESX <ul><li>Vedúce postavenie na trhu v multiplatformovej vysokej dostupnosti </li></ul><ul><li>Kompletné HA/DR riešenie </li></ul><ul><li>Chráni virtuálne i fyzické prostredia </li></ul><ul><li>Úplne centralizovaná správa </li></ul>NetBackup <ul><li>Vedúce postavenie na trhu podnikovej ochrany a obnovy dát </li></ul><ul><li>Monitorovanie a riadenie backup and recovery </li></ul><ul><li>Ochrana vzd ialen ých pobočiek </li></ul><ul><li>Granulárna obnova súborov pre VMware </li></ul>
If the application fails, VMware HA will not know about it If network or storage connectivity fails, VMware HA will not protect you Should crown-jewel apps be trusted to manual DR? VCS vs VMware HA Cause of Failure VMware HA VCS <ul><ul><li>App processes crash/hang </li></ul></ul>X <ul><ul><li>App process startup order </li></ul></ul>X <ul><ul><li>Admin accidentally caused failure </li></ul></ul>X <ul><ul><li>Configuration changes </li></ul></ul>X <ul><ul><li>OS failure </li></ul></ul>X X <ul><ul><li>NIC or network failure </li></ul></ul>X <ul><ul><li>Storage connectivity failure </li></ul></ul>X <ul><ul><li>Virtual Server failure </li></ul></ul>X X <ul><ul><li>Physical Server failure </li></ul></ul>X X <ul><ul><li>Data center failure </li></ul></ul>X X
<ul><li>VMotion delivers planned downtime protection </li></ul><ul><li>DRS active workload management </li></ul><ul><ul><li>Monitors resource utilization & intelligently allocates available resources among the VMs </li></ul></ul><ul><li>VCS delivers end-to-end unplanned downtime protection </li></ul><ul><li>Customers can use Vmotion/DRS while using VCS for VMware </li></ul>Hardware (x86) VMware ESX Hardware (x86) VMware ESX VM A VM D VM C VCS VCS VCS plus VMotion/DRS VM B SQL IIS VM B SQL
VM Protection Approaches VM Client-Based Data Backup (Normal Backup Client or Deduplication Client) ESX Server Client and Application Agent Inside VM C C A Backup Server and Storage C Simple Leverages DB agents High overhead with normal client Low overhead with dedupe client C A Application Agent Client Off-Host Backup via VMware VCB (Data, or Data + VMDK) ESX Server A Backup Server and Storage Shared Storage Low overhead on ESX Server Auto-discovery and configuration Individual file and/or VMDK options Compression and deduplication Lower average dedupe than in guest
Deep Dive: VCB Backups and Granular Recovery VMware ESX VMware ESX NetBackup Media Server Primary Shared Storage Backup Storage VMDK VMDK VMDK VMDK VMDK VMDK VMware Proxy Driver NetBackup Enterprise Client PureDisk Plug-in NetBackup Media Server VMware Proxy Driver NetBackup Enterprise Client PureDisk Plug-in VMware ESX VMware ESX Backup Disk Tape PureDisk VMDK VMDK VMDK Combination: file and vmdk File Recovery Image Recovery VMDK 1 Backup policy alerts NetBackup that it is time to do a virtual machine backup 2 NetBackup instructs VMware to snapshot the virtual machine 3 The new VMDK snapshot is mounted to the NetBackup Server via the proxy driver 4 Backup is then performed to any NetBackup storage device (disk, tape, PureDisk) 5 The VMDK snapshot is deleted 6 The backup image is then mapped for file-level recovery 7 Virtual Machines can then be restored from image backups for DR 8 Or, single files can be recovered to any location
NetBackup Alternatives VM one backup copy one fast image backup file-level recovery full-VM recovery VM first image backup one fast image backup file-level recovery full-VM recovery second file backup second slow file backup VMDK VMDK <ul><li>NetBackup uses VMware’s VCB technology to backup only once , then maps the image backup for file-level restores </li></ul><ul><li>Deduplication then can reduce storage even further – by up to 95%! </li></ul><ul><li>2x the storage </li></ul><ul><li>2x the CPU and network usage </li></ul><ul><li>More than 2x the backup time! </li></ul>NetBackup Consumption
NetBackup Alternatives <ul><li>NetBackup software does not need to run on the ESX Server at all, thereby maximizing performance of ESX server </li></ul><ul><li>Backup traffic travels on the abundant SAN , not the constrained LAN </li></ul><ul><li>Performance hit is isolated to the dedicated backup server </li></ul>Backup Server and Storage Backup Server and Storage C C C C C C <ul><li>Competitive solutions require backup to run inside VMs, thereby reducing performance of the ESX Server </li></ul><ul><li>LAN bandwidth becomes a key choke-point </li></ul>NetBackup Performance ESX Server ESX Server ESX Server ESX Server
<ul><ul><li>Reduce Cost and Management of Multiple Products - complete data protection for physical and virtual server environments from a single console </li></ul></ul><ul><ul><li>Reduce Complexity – automatically discover and backup of unlimited guest machines to disk or tape with a single agent </li></ul></ul><ul><ul><li>Reduce Recovery Time - granular file-level and image-level recovery with a single backup </li></ul></ul>Backup Exec 12.5 & Backup Exec System Recovery 8.5 Exchange 2007 VMware ESX Server Veritas Backup Exec Backup Exec 12.5 Media Server
Backup Exec 12.5 & Backup Exec System Recovery 8.5 Veritas Backup Exec Efficient Backup of virtual Environments Comprehensive Backup
Backup Exec 12.5 & Backup Exec System Recovery 8.5 Veritas Backup Exec Easily restore an entire guest machine… Fast Recovery
… and granular files or folders from a single image-level backup Fast Recovery Backup Exec 12.5 & Backup Exec System Recovery 8.5 Veritas Backup Exec
František Ferenčík Vmware Certified Instructor [email_address] (prezentátor je certifikovaným školiteľom VMware technológií v spol o čnosti SOFT-TRONIK SK ) SOFT-TRONIK SK , s.r.o. Hattalova 12/A 831 03 Bratislava tel.: +42 1 244 631 232 fax: +42 1 244 631 232 www.soft-tronik.sk