VMware has long been an industry leader in providing enterprise-level virtualization solutions, such as VMware vSphere – a powerful platform with many key features and functionality, which empowers organizations to be agile and scalable with their SDDC strategies. When developing your data protection plan and seeking to find the best way to backup VMware virtual machines, you need to design your VMware backup strategy using best practices for VMware backup. This can enable you to provide resilient, secure, and robust protection of your data, while saving you time and money.
Failing to follow best practice recommendations can leave you vulnerable to data loss, which may ultimately result in damaged customer confidence or even loss of your business. Therefore, it is recommended to have a comprehensive checklist of best practices highlighting the most important areas you need to give attention to while backing up your VMware environment. Below, you will find our VMware VM backup checklist.
Never Treat Snapshots as Backups
Many have mistakenly made the decision to rely on snapshots of their VMware virtual machines as a type of backup. However, this can prove to be a disastrous approach, as VMware snapshots should never be utilized as backups. Snapshots are not backups, and VMware does not support them in this capacity. They are temporary restore points in time that allow for quickly reverting an entire virtual machine, including its settings, to its previous state at a specific point in time. Snapshots can be useful in development environments providing a quick rollback mechanism to test processes, patches, settings, etc. VMware snapshots work in a “chain”, meaning that they require and rely on the base VMDK disks and any other delta disks in place to reflect the current virtual machine state. Thus, if any disk in the chain is corrupted, the whole chain becomes corrupt. In contrast, using backups provides an autonomous way to preserve and restore your data, without relying on either the physical infrastructure or underlying virtual disks. So, never use snapshots instead of backups!
Create Image-based, Application-aware VM Backups
Many legacy backup solutions require the use of in-guest agents to perform backups of virtual machines. Installing and managing guest operating system agents can be time-consuming. Additionally, configuration settings that make up a crucial part of a properly functioning virtual machine, may not be captured by an agent. Thus, if there is a need to recover a VMware VM, you will have to create a new virtual machine, load the agent, and restore files.
However, the best way to backup VMware VMs is to utilize an agentless VM backup solution that works at the host or vCenter level to create image-based virtual machine backups. In this way, backups of your VMware virtual machines will also include configuration settings, along with all the guest operating system files, enabling VMware VMs to restore exactly the same as they were at the time their backups were made.
Most organizations run business-critical applications, such as Microsoft Exchange, Microsoft SQL Server, or Microsoft Active Directory, on their virtual infrastructure. These applications require transactional consistency and should be backed up in such a way as to maintain application consistency. To follow the best way to backup VMware VMs, you should create your VM backup jobs utilizing “application-aware” to ensure that your virtual machine backups contain consistent information with no corruption.
With application-aware mode enabled, no additional steps will be required to recover the VM and application to an application consistent state. Application-aware backup relies on Microsoft Volume Shadow Copy service and special VSS writers that interact with the respective application running on a VMware VM to make sure all transactions living to memory or pending I/O operations are flushed to disk, frozen for the VSS snapshot to be taken, and then unfrozen. This approach allows for the complete capture of all transactional data during the backup process, and can enable the full restore of any application VM to an application-consistent state.
Use Changed Block Tracking
Changed Block Tracking (CBT) is a technology that has been around since the VMware vSphere 4.0 days and was an exciting advancement in the way virtual machine backup solutions were able to backup VMware virtual machines. With CBT, only the changes that have been made since the last backup iteration are backed up. This is drastically more efficient and less time-consuming than running regular full VM backups. Making sure that your 3rd party VM backup solution takes advantage of the built-in Changed Block Tracking mechanism can enable efficient and streamlined creation of VM backups, which require much less disk space and shorter backup windows. Thus, using CBT is an integral part of following the best way to backup VMware virtual machines.
Reduce VM Backup Size to Save Storage Space
When backing up a VMware vSphere environment, make sure that your backups are making the most efficient use of available disk space. Windows and Linux guest operating systems contain swap files and swap partitions respectively, which are temporary hard disk space used by operating systems as virtual memory to extend the RAM. Swap data changes constantly and can grow to as much as 3X the system memory. If backed up, swap data would amount to many gigabytes of useless data, increasing the backup size and creation time. Thus, make sure your data protection software can skip swap files and partitions by default.
Of course, the elimination of swap data is not the only efficient way to reduce the size of VMware VM backups. There are many other technologies designed for this purpose, among them are global data deduplication and compression. If used together by your VM backup solution, such technologies can result in tremendous storage space savings.
Truncate Application Transaction Logs
To follow the best way to backup your VMware environment, make sure your VM backup solution includes a feature that allows you to perform transaction log truncation on application servers such as Microsoft Exchange Server and Microsoft SQL Server. Thus, after the entire VMware virtual machine running either Microsoft Exchange or Microsoft SQL Server is successfully backed up, log files that have been committed to the Exchange or SQL database are identified and truncated (deleted) on the source VM. This frees up storage space and provides valuable housekeeping across the VMware vSphere infrastructure with virtual machines running business-critical applications.
Encrypt Your VM Backups
With high-profile security breaches in the news, all organizations today must be focused on security of their data contained, in particular, in VMware infrastructure. Therefore, in order to pursue the best way to backup your VMware VMs, make sure to encrypt your VMware VM backups both in flight and at rest to protect the sensitive production data they contain. Encryption, which works off a key pair, makes data unreadable to anyone attempting unauthorized access without the encryption key. In-flight encryption means that VM backup data is encrypted as it travels across the network. At rest encryption encrypts VM backup data at the disk or backup repository level, which secures the “cold” VM backup data that is stored on the disk.
Verify Your VM Backups
If you do not verify your VMware VM backups, you are setting yourself up for failure. There have been many horror stories from administrators, who have not verified their VM backups and learned that these VM backups were corrupted or didn’t allow restoring critical data as expected only in true DR scenarios. So, you’d rather look for a data protection solution that provides an automated way to verify VM backups (e.g., with screenshots), as performing manual verification is tedious and time-consuming. VM backup verification is an essential best practice to ensure the best way to backup VMware virtual machines.
Use NAS-based VM Backup Appliance
Modern VM backup solutions can be installed on a NAS, thus, allowing you to create an all-in-one VM backup appliance – a powerful and cost-effective device, which combines backup software, hardware, storage, and data deduplication.
With VM backup appliance, your VMware VM backups are written directly to NAS disks, bypassing NFS and CIFS, which tremendously reduces overhead induced by these network protocols or any network latency with competing traffic. Additionally, using a NAS-based VM backup appliance can help you separate your resulting virtual machine backups from the production infrastructure, and if the latter is down due to any failure, VMs can be restored without issue, since the backup infrastructure is self-contained, which is a tremendous advantage over running backup infrastructure within production workloads. Thus, using a VM backup appliance is an important step in pursuing the best way to backup VMware virtual machines.
Apply a LAN-free Data Transfer Mode, if Using SAN for VMware VM Backup
When choosing a modern VM backup solution for your VMware vSphere environment, pay attention to products that are efficient from a network standpoint and offer a LAN-free data transfer mode, so you can rest assured that the load on production networks doesn’t impact production workloads.
Some of these data protection solutions enable Direct SAN (Storage Area Network) access, allowing you to bypass production networks for copying backup data from production VMware environments. Generally, this involves reading data directly from/to the SAN device using either Fiber Channel or iSCSI, which provides a significant improvement in performance that directly impacts the time required to run VMware VM backup jobs.
Additionally, by offering a Hot Add feature, modern data protection solutions can read and write data both to/from VMware virtual machine snapshots through the storage I/O stack, bypassing the host’s TCP/IP stack, which helps alleviate network congestion and reduce the duration of VM backup jobs.
Generally, using a VM backup solution applying the best available VM backup mechanisms, while providing for SAN connectivity, you can be confident that your VMware VM backups are made in the best way possible with the least amount of overhead on the production network infrastructure.
Copy Your VMware VM Backups Offsite and to Cloud
The 3-2-1 backup rule has long been a staple of designing an enterprise VM backup solution that is robust enough to effectively handle multiple kinds of disaster recovery scenarios. The rule states that you need to have (3) copies of our data, on (2) different kinds of media, and at least (1) of those offsite (e.g., in the cloud). There is certainly wisdom in this approach, because if you have all copies of your data in one location and that location experiences disaster, you may lose not only production data, but also VM backup data.
To follow the best way to backup VMware VMs, make sure your data protection solution has the functionality allowing for backup copies to be placed locally, remotely, or even in public clouds (such as AWS or Azure). This can give you flexibility and resiliency to withstand various types of disaster. Utilizing a public cloud to store VMware VM backups is a great way to achieve geographic diversity, as your data can live in different geographic locations around the world.
Automate the VM Backup Process
Today’s often complex and massive IT infrastructure driven by virtualization requires organizations to automate their processes and procedures. Having the ability to automate data protection plans by utilizing a powerful HTTP API-driven interface allows you to programmatically interact, monitor, automate, and orchestrate the overall process of backing up your VMware infrastructure. For instance, you can monitor the health state of product components, including backup repositories, automate backup decommissioning, improve compliance with reporting, etc. (see the diagram below).
VM backup solutions that allow chaining backup jobs and making them interact with determined sequencing can also facilitate VMware VM backup automation. Ensuring the VM backup process automation is essential, if you want to pursue the best way to backup VMware VMs.
Pick the Right Data Protection Software
Picking the right data protection solution is a key step in effective and efficient VMware VM backup. Many organizations in the past have relied on built-in VMware data protection products, such as VMware Data Recovery and vSphere Data Protection. However, both products have reached end of life with VMware no longer developing or releasing data protection solutions with vSphere.
Even though they are not maintaining their own data protection solutions, VMware is committed to providing the underlying API support for third-party data protection solutions making them able to interact with vSphere storage APIs and provide VM backup functionality in vSphere. Therefore, choosing the right solution is the key point.