Showing posts with label Backup and Recovery for VMware. Show all posts
Showing posts with label Backup and Recovery for VMware. Show all posts

VMware Backup Best Practices – Reliable VM Protection & Recovery Guide

VMware Backup Best Practices – Reliable VM Protection & Recovery Guide

Why VMware Backup Best Practices Matter

VMware environments host critical workloads, making data protection and disaster recovery essential. Following VMware backup best practices ensures data integrity, fast recovery, and minimal downtime during system failures, hardware crashes, or ransomware attacks.

Let's take a look at several different best practice considerations when backing up and restoring VMware vSphere virtual machines. We will discuss the following:

  • Understanding RPO and RTO and how they relate to backup and recovery
  • Understanding what constitutes a backup and what does not
  • Using Changed Block Tracking to back up VMs
  • Following the 3-2-1 backup best practice methodology
  • Not forgetting about backup security
  • Evaluating VM housekeeping
  • Staying current with the latest vSphere releases
  • Leveraging the cloud as an off-site storage location
  • Protecting against ransomware


1. Understanding RPO and RTO and how they relate to backup and recovery

Often, organizations configure backups without considering RPO and RTO. Simply put, RPO, or Recovery Point Objective, determines the amount of data loss a business can tolerate. In other words, if backups for a specific VM are set to run daily, the worst-case scenario is potentially losing 24 hours of data. The business must determine if this level of data loss is acceptable. Scheduling backups every 6 hours could result in 6 hours of data loss, and so on.


Setting a VM backup schedule should not be arbitrary. This should be carefully considered from a business perspective to determine what an acceptable loss would be.


RTO is the Recovery Time Objective. This determines the time required to restore a virtual machine. If backups are configured to run hourly, you might only lose one hour of data. However, due to the large amount of data, restoring that VM might take three hours. The Recovery Time Objective defines the acceptable amount of time your business can operate without the data specified in the RPO.


When considering best practices for backing up VMware vSphere VMs, understanding the value of these two metrics as they relate to your specific business is absolutely critical. There is no right or wrong answer for every business, and the answer will likely differ for each organization.

2. Understanding what constitutes a backup and what does not

Often, IT administrators believe they have what they consider to be a "backup," when in reality it is not a true backup. One of the most common scenarios is viewing VMware vSphere VM snapshots as backups. However, snapshots are not backups. Why?


Let's think about what a true backup actually is. A backup should be a completely independent copy of the virtual machine, allowing that VM to be restored without relying on the production infrastructure. This is not the case with VMware vSphere snapshots. VMware vSphere snapshots consist of a chain of delta disks that are interdependent to create a complete copy of the data. If anything happens to one of the disks in the chain, both the VM and the snapshot are lost. In this case, you cannot rely on a snapshot as a backup because it is not a complete copy of the data. Furthermore, it is not an independent copy separate from the production infrastructure. If there is an issue with the physical infrastructure hosting the VM, it means the VM (including its snapshots) is gone. Again, a backup should not depend on the production infrastructure.

3. Using CBT to Back Up Virtual Machines

In the old days of backup, every time a backup ran, it was likely configured to take a full copy of the data. This was very inefficient both in terms of the backup time required and the backup storage space needed to store multiple full copies of the data. A much more efficient way to back up data is to only copy the changes that have occurred since the last backup. By doing this, backups become highly efficient. The actual changed or new data is likely trivial compared to the entire data volume.


One feature of the vSphere Storage APIs for Data Protection is Changed Block Tracking (CBT). Changed Block Tracking (CBT) is a VMkernel feature that tracks which storage blocks of a virtual machine have changed over time. The VMkernel tracks block changes on the VM, enhancing the backup process for applications developed to leverage VMware's vStorage API. VMware vSphere tracks the changed blocks that occur on a virtual machine. Backup solutions can then leverage this information to copy only the changed blocks each time a VM backup is run.


This offers many benefits, significantly reducing not only the backup window but also the backup storage space required for the VM backups. One crucial point to note when targeting a VM for backup with a backup solution is that CBT cannot be enabled on a VM that has an existing snapshot or is powered off.

4. Following the 3-2-1 Backup Best Practice Methodology

The backup industry best practice methodology, the 3-2-1 backup rule, ensures multiple copies of data are stored in a protected manner.


The 3-2-1 backup rule recommends storing (3) copies of your data on at least (2) different types of media, with at least (1) copy stored offsite. As seen from this description, these principles enforce storage diversity. First, you have multiple copies of the data. You store these multiple copies on different media types. This could include storing backups on hard disks and tape media. Finally, you have at least one backup copy stored offsite. This ensures that if all other data copies are lost locally, you have another data copy available for recovery.


Today, many businesses leverage the cloud for this aspect of the 3-2-1 backup strategy. Cloud storage is a cheap, efficient storage location that allows for keeping a copy of data off-site. This helps protect against ransomware attacks, as ransomware can infect all online storage locations locally. It can even encrypt all copies of backups. Choosing the cloud as an off-site storage location helps ensure a copy of the data is safe from these types of risks.

5. Don't Forget About Backup Security

When creating and building backups, don't forget about security. Protecting backups is crucial.


Encrypting backups is already an industry-standard practice during the backup process. If you are not doing this, or if your backup solution cannot do this, you need to look elsewhere. Not only should the backup data itself be encrypted, but the transmission process should also be encrypted.


When storing tape media, pay attention to the physical security of the storage location. Tapes should be under effective supervision, and storage facilities should not allow unauthorized access.


6. Evaluating VM Housekeeping

As your VMware vSphere environment continuously evolves, you will certainly experience VM sprawl within your environment. This sprawl also affects your backups. Keeping your vSphere assets lean helps ensure you are not backing up irrelevant content or retaining worthless backup data.


Furthermore, when talking about VM housekeeping, ensure your VMware vSphere virtual machines do not have lingering snapshots. Keeping virtual disks tidy helps reduce corruption and other adverse side effects. Modern backup solutions leverage snapshots to redirect I/O from the base disk so data can be copied to the backup. If a VM already has a snapshot present when targeted for backup, the backup solution will create another snapshot on top of the existing one. This can further degrade performance and increase the risk that snapshots won't commit properly under high load and other conditions.


7. Staying Current with the Latest vSphere Updates

Keeping your vSphere environment up to date is a general best practice. It helps ensure things run smoothly. It also helps ensure users benefit from the latest improvements in performance and other tweaks. Having the latest version of vSphere ensures you benefit from these improvements with your data protection solution. However, it's important to note that users need to ensure their implemented data protection solution is compatible with the latest version of vSphere.


8. Leveraging the Cloud as an Offsite Storage Location

When implementing the 3-2-1 backup rule, most organizations are using cloud storage for off-site storage. This makes perfect sense for backup storage, as it is relatively inexpensive, nearly limitless, scalable, and resilient. Businesses don't need to provision, maintain, and continuously allocate physical infrastructure to meet backup storage needs. This helps ensure physical backup storage does not become a barrier to effective backups.


Cloud storage from various providers also includes powerful built-in features, such as immutable backups. This helps protect against ransomware.


9. Protecting Against Ransomware

Ransomware has become a major problem for businesses today. Ransomware attacks can shut down and impact critical services, which can take days or even weeks to recover from. Devastating ransomware attacks can have severe consequences for businesses and the areas they impact.


Ensure your backup environment is set up with an air gap: whether through credentials or by restricting low-level file access from the primary production network environment. If malicious processes cannot connect to or lack permission to access the backups, such a setup can protect these backups from being encrypted.

Advanced VMware Backup Strategies

  • VM Replication for near-instant disaster recovery.

  • Cloud-based VMware backup for hybrid environments.

  • Backup encryption to meet compliance and security standards.

  • Deduplication and compression to optimize storage usage.


Next blog will demo how to back up VMware step by step practices

Posted by at No comments:
Tags , , , , , ,
Subscribe to: Posts (Atom)