Virtuális környezetek védelme Pulai András

22 Agenda New User Interface 1 SDR – Simplified Disaster Recovery 2 Virtual Machine Protection 3 Data Growth and Storage Management 4 Licensing Overview 5 Technical Overview: Backup Exec 2012

Simplifying the Backup Experience Scalable, robust backup technology beneath a new and easy to use interface Backup Exec Technical Overview: Backup Exec 2012

44 Before and After Modern Resource Centric Unified workflow Consolidated views Toolbar instead of “task pane” Technical Overview: Backup Exec 2012

55 Simplified - User Only Shown Relevant Options Technical Overview: Backup Exec 2012

66 Simplified - User Only Shown Relevant Options Technical Overview: Backup Exec 2012

7 Ease of use Backup job stages Modular backup job stages Easy to expand protection Simply add an additional stage to: —Duplicate/copy backups —Convert to virtual —Etc Technical Overview: Backup Exec 2012 Stage 1: Backup to Disk Stage 2: Copy to TapeStage 3: Backup to Virtual

Integrated Disaster Recovery 8 Simple, easy, and integrated disaster recovery technology Backup Exec 2012 Technical Overview: Backup Exec 2012

9 Integrated bare metal recovery (SDR) including to dissimilar hardware No additional license required; included in Backup Exec 2012 New! Integrated bare metal recovery 9 Server Protected Backup Exec™ 2012 Server Server Recovered Symantec SRD Recovery Disk Simplified System Protection Job Server Fails X Technical Overview: Backup Exec 2012 Even to Dissimilar Hardware/Vendor

10 Technical Overview: Backup Exec 2012 Even to Dissimilar Hardware/Vendor

Virtual Machine Protection 11 Advanced and modern protection technology designed specifically for virtual environments Backup Exec 2012 Technical Overview: Backup Exec 2012 Symantec V-Ray

12 Symantec V-Ray Technology 12 Symantec V-ray – Transparent backup and recovery across physical and virtual environments – Patented visibility into virtual machines and applications – 3 rd Generation Granular Recovery Technology (GRT) Don’t Let Poor Visibility and Silos Slow You Down Unified Protection, File & Application Recovery, Deduplication, & Automated Protection BE 2012: Agent for VMware and Hyper-V Technical Overview

13 Uniting Physical and Virtual Protection 13 – Reduce cost and management of multiple products - Complete data, application, and system protection for physical and virtual environments from a single console. – Reduce cost of multiple agents - Backup unlimited Windows and Linux Guest VMs to disk or tape with a single agent licensed per vSphere Host or Hyper-V Host. – Reduce storage resources – Advanced deduplication for physical and virtual backups; granular file and application recovery from a single online, image-level backup. Physical Virtual Symantec Backup Exec™ 2012 Server + Virtual Agent Symantec V-Ray BE 2012: Agent for VMware and Hyper-V Technical Overview

14 Advanced VMware and Hyper-V support Hyper-V vSphere Backup Exec 2012 Server Virtual Machines VMware virtual machine protection Image-level VM protection Direct backup; no proxy server Application protection through VSS Data reduction technologies Optimized data deduplication Block optimization Incremental, differential backups Single pass backup, all recovery options Full VM recovery Application recovery Granular application recovery Granular file/folder recovery Redirected recovery Technical Overview: Backup Exec 2012 Symantec V-Ray

15 Agentless or Agent-based protection – You Decide Use an Agent Little or no I/O impact Optimize for recoverability Restore an entire guest Restore granular data Restore granular application data Integrated Management View with vStorage API Optimize for virtual performance Restore an entire virtual guest Integrated Management View with vStorage API Go Agentless Technical Overview: Backup Exec 2012 Symantec V-Ray

16 Single-pass Backup of Virtual Guest Systems 1 Data and application protection, recovery 16 VMware/Hyper-V Server Running Application Servers Backup Exec 2012 Server + Virtual Agent Restore granular Exchange, SQL, SharePoint, and Active Directory Data in Seconds: Individual Mailboxes/ s/Private or Public Folders/Calendar Items/Tasks/User Accounts or Attributes/SQL Databases Granular Recovery for Virtual & Physical Applications Technical Overview: Backup Exec 2012 Symantec V-Ray Backup Storage

17 Virtualized Application Support Single pass backup Automatic recognition of supported GRT applications – No backup browse / no selection Application MetaData collected on VM before backup – AWS must be installed in each VM (used for both backup and restore) – AWS is only used to collect MetaData during VM backup (60 seconds / Guest VM) In the PDI folder under the LOGS directory VM must be powered on. Credentials for accessing each VM are required Media Server must be able to connect to the VM Applies to VMware and Hyper-V NOTE: Each copy of Active Directory, Exchange and SQL that you wish to protect requires their respective app/db agent license Technical Overview: Backup Exec 2012 Symantec V-Ray

18 Application GRT for Virtual Machine Image Backups Application GRT automatically enabled unless disabled on VMware/Hyper-V Settings Symantec V-Ray Technical Overview: Backup Exec 2012

19 So easy to add VMware Server (or Hyper-V) OR Technical Overview: Backup Exec 2012 Symantec V-Ray

20 Technical Overview: Backup Exec 2012 Symantec V-Ray

21 Technical Overview: Backup Exec 2012 Symantec V-Ray

22 New! backup and convert to virtual 22 Convert to Virtual (P2V) – Parallel data streams – One stream to media server – Other stream to hypervisor – Result is full VM (not just the virtual disk) Protected Server Backup Exec 2012 Server Hypervisor Backup to Virtual (B2V) – Serial data streams – Backup stream to media server – Conversion job runs after or on different schedule – Result is full VM (not just the virtual disk) Protected Server Backup Exec 2012 Server Hypervisor Parallel Data Streams Backup Stream Convert Stream Backup Stream Convert Stream Serial Data Streams Technical Overview: Backup Exec 2012 Symantec V-Ray

23 Virtual Machine Backup Methods Image-level Backups – Capture entire snapshots of virtual machines – Enables full virtual machine recovery and granular file/folder recovery Agent-assisted Backups (for virtualized applications) – A form of image-level backup – Includes application recovery and granular application recovery support – Requires AWS to be installed to virtual machine Agent-based Backups – Legacy backup method – Backups are captured by a local agent installed to a virtual machine – Recommended only in situations where image-level backups are not optimal, such as Physical Compatibility Mode RDM disk configurations 23 BE 2012: Agent for VMware and Hyper-V Technical Overview

24 Virtual Machine Proxy-less Backup 24 BE 2012: Agent for VMware and Hyper-V Technical Overview Virtual Host APP OS DATA APP OS DATA APP OS DATA APP OS DATA Backup Exec™ 2012 Server Backup Data No Proxy Server “Middle Man” Backup data travels directly to Backup Exec server Simplifies backup topology Increases backup performance

25 VMware Virtual Machine Discovery 25 BE 2012: Agent for VMware and Hyper-V Technical Overview LAN (Discovery) SAN (Data Transport) vSphere Server Virtual Machines Backup Exec Server +Agent for VMware and Hyper-V Data Store VMware Virtual Machine Discovery Methods: Enter vSphere/vCenter hostname or IP address into Backup Exec interface Virtual machines then available for backup selection

26 Virtual Machine Dynamic Inclusion Dynamically Protects New VMs Found at Job Run-time Applies to Folders (nodes) that Hold VMs / VM data Ability to Exclude VMs that are Powered Off Global/job Exclusion Can Also Be Used to Exclude VMs 26 BE 2012: Agent for VMware and Hyper-V Technical Overview Virtual Host NEW APP OS DATA APP OS DATA APP OS DATA APP OS DATA Backup Exec™ 2012 Server New Virtual Machines Automatically Protected Virtual Machines

27 VMware Backup Transport Modes SAN – Uses iSCSI or Fiber Channel shared storage for data transfers HOTADD – Uses a virtualized Backup Exec server that exists as a virtual machine NBD – Uses the LAN/ethernet for data transfers NBDSSL – Uses the encrypted LAN/ethernet for data transfers 27 BE 2012: Agent for VMware and Hyper-V Technical Overview

28 Virtual Disk Types VMware Virtual Disk Types – Both thick and thin virtual disks (VMDK) are supported – Upon recovery, the administrator can select to restore as either a thick or thin virtual disk – Enables changing of the virtual disk type during a recovery operation 28 BE 2012: Agent for VMware and Hyper-V Technical Overview

29 VMware Storage Distributed Resource Scheduling (SDRS) 29 BE 2012: Agent for VMware and Hyper-V Technical Overview VMDK Datastore_1Datastore_2Datastore_3Datastore_4 Pod_1 Backup Exec 2012 and SDRS Support For SDRS events during active backup/restore temporary “lock” place on VMDK file Backup/restore operation completes Lock is released, SDRS event continues

30 Hyper-V Virtual Machine Discovery 30 BE 2012: Agent for VMware and Hyper-V Technical Overview Backup Exec Server +Agent for VMware and Hyper-V LAN (Discovery and Data Transport) Hyper-V Server Virtual Machines AWS Hyper-V Virtual Machine Discovery Methods: Deploy Agent for Windows Systems (AWS) to Hyper-V host Virtual machines then available for backup selection

31 Microsoft Cluster Shared Volumes (CSV) 31 BE 2012: Agent for VMware and Hyper-V Technical Overview VHD Shared Volume Cluster Node Backup Exec 2012 and CSV Hyper-V virtual machines in CSV configuration fully supported Includes virtual machines configured for high availability

32 Virtual Disk Types Hyper-V Virtual Disk Types – Both dynamically expanding and fixed size virtual disks (VHD) are supported – When recovered, a virtual machine will have the same VHD type as it had when it was backed up 32 BE 2012: Agent for VMware and Hyper-V Technical Overview

Storage Optimization Features for Virtual Backups 33 Helping administrators meet their backup windows and get the most out of their storage resources. Backup Exec 2012 BE 2012: Agent for VMware and Hyper-V Technical Overview

34 Block Optimization 34 BE 2012: Agent for VMware and Hyper-V Technical Overview Used Block Unused Block Used blocks captured during backup Empty blocks ignored Virtual Disk (VMDK/VHD) Block Map Only Used Blocks Captured During Backup Greatly reduces size of virtual backups Increases backup performance Reduces backup storage requirements Symantec V-Ray

35 Changed Block Tracking (CBT) CBT Enables Differential and Incremental Backups – Incremental: captures blocks that have changed since the last backup operation – Differential: captures blocks that have changed since the last full backup operation 35 BE 2012: Agent for VMware and Hyper-V Technical Overview Symantec V-Ray Used Block Unused Block Tracks blocks that have changed since last backup operation Virtual Disk (VMDK/VHD) Block Map Changed Block

36 Data Deduplication of Virtual Machine Backups Client Deduplication Deduplication calculations happen at the client Greatly reduces data transferred to the Backup Exec server Greatly reduces data stored by the Backup Exec server Improves backup performance Usually optimal for Hyper-V environments Hyper-V host acts as deduplication “client”, not individual virtual machines Server Deduplication Deduplication happens at the Backup Exec server Greatly reduces data stored by the Backup Exec server Usually optimal for VMware environments 36 BE 2012: Agent for VMware and Hyper-V Technical Overview Client Server Symantec V-Ray

37 Virtual Machine Deduplication Stream Handlers 37 BE 2012: Agent for VMware and Hyper-V Technical Overview Symantec V-Ray Intelligent Stream Handlers for VMDK and VHD Files Deduplication Blocks Align to File Extent Boundaries Data Changes Result in Fewer Unique Blocks; Increased Efficiency Applies to Image-level Backups of Virtual Machines File Segment Block 128k File Seg. Block Bl. 128k 32k Block 128k Block 102k Block 128k VMDK/VHD Backup With Deduplication

Management Plug-in for VMware 38 Additional features available through integration with the vSphere client. Backup Exec 2012 BE 2012: Agent for VMware and Hyper-V Technical Overview

39 Backup Exec Management Plug-in for VMware The Backup Exec Management Plug-in for VMware allows administrators to do the following: – Monitor backup status of VMware virtual machines protected by Backup Exec – Resource-centric view of the backup status of protected virtual machines – Perform virtual machine validation tasks – Configure Backup Exec integration with ApplicationHA for automatic virtual machine recovery* * ApplicationHA is a separate product and is purchased and configured separately. Offered At No Charge 39 BE 2012: Agent for VMware and Hyper-V Technical Overview

40 Virtual Protection Status Monitoring 40 BE 2012: Agent for VMware and Hyper-V Technical Overview

41 Virtual Machine Validator 41 BE 2012: Agent for VMware and Hyper-V Technical Overview Feature of Management Plug-in for VMware Enables Launching of Virtual Machine Backup Sets from Storage for Validation Requires VMware Workstation Requires GRT-enabled Backups Stored to B2D or Dedupe Folder VMware Workstation Backup Exec Server Validation

42 Virtual Machine Auto Recovery Feature of Management Plug-in for VMware Enabled By Integration Between Backup Exec and ApplicationHA Supports Monitoring and Auto Recovery of Virtualized Applications When Virtualized Application Goes Offline: 1.ApplicationHA attempts to restart the application 2.ApplicationHA attempts to restart the virtual machine 3.Integration between Backup Exec and ApplicationHA performs a full virtual machine recovery Restore Jobs Are Submitted “On Hold” Pending Administrator Approval 42 BE 2012: Agent for VMware and Hyper-V Technical Overview

Example Virtual Protection Configurations 43 Example Backup Exec protection configurations for VMware and Hyper-V environments. Backup Exec 2012 BE 2012: Agent for VMware and Hyper-V Technical Overview

44 VMware Small Environment Example 44 BE 2012: Agent for VMware and Hyper-V Technical Overview APP OS DATA APP OS DATA APP OS DATA VM 1VM 2VM 3 Data Store LAN (Discovery) SAN (Data Transport) Backup Exec™ 2012 Server vSphere Server (ESXi) SAN Environments: Backups can travel over the SAN Significant performance improvements

45 VMware Large Environment Example 45 BE 2012: Agent for VMware and Hyper-V Technical Overview vCenter Server APP OS DATA APP OS DATA APP OS DATA APP OS DATA APP OS DATA APP OS DATA APP OS DATA VM 1VM 2VM 3VM 4VM 5VM 6VM 7 Data Stores LAN (Discovery) SAN (Data Transport) vSphere Servers (ESXi) Backup Exec™ 2012 Server

46 Installing Backup Exec to a VMware Virtual Machine Backup Exec 2012 Can Be Installed to a VMware Virtual Machine Backup I/O Will Have Larger Impact on vSphere Server Performance – Consider using “Hot Add” transport method vSphere Support of Local Tape Devices is Limited to Certain SCSI Configurations Instructions for SCSI Pass-through Available via VMware’s Knowledge Base: – Fibre Channel attached tape devices not supported by VMware – Ensure tape device is supported on the Backup Exec HCL Recommended that Backup-to-disk (B2D) Devices Be Used 46 BE 2012: Agent for VMware and Hyper-V Technical Overview

47 Hyper-V Small Environment Example 47 BE 2012: Agent for VMware and Hyper-V Technical Overview Hyper-V Host AWS Agent Backup Exec™ 2012 Server LAN (Discovery and Data Transport) APP OS DATA APP OS DATA APP OS DATA VM 1VM 2VM 3 For Smaller Hyper-V Environments: Consider installing Backup Exec onto the Hyper-V host Will likely offer better performance (backup devices are local)

48 Hyper-V Large Environment Example 48 BE 2012: Agent for VMware and Hyper-V Technical Overview LAN (Discovery and Data Transport) Backup Exec™ 2012 Server Hyper-V Host 1 AWS Agent APP OS DATA APP OS DATA APP OS DATA VM 1VM 2VM 3 Hyper-V Host 2 AWS Agent APP OS DATA APP OS DATA APP OS DATA VM 4VM 5VM 6

49 Installing Backup Exec to a Hyper-V Virtual Machine Backup Exec 2012 Server Can Be Installed to a Hyper-V Guest Virtual Machine Limited Support of Host-attached Backup Devices – Host-attached SCSI tape devices are not supported Backup-to-disk Devices Recommended In This Configuration 49 Hyper-V Server Backup Exec™ 2012 Server + Virtual Agent BE 2012: Agent for VMware and Hyper-V Technical Overview

50 Installing Backup Exec to a Hyper-V Host Backup Exec 2012 Server Can Be Installed to Most Hyper-V Host Configurations Primary Exception is Server Core May Offer Solid Performance As Hyper-V Virtual Machines and Backup Storage Will Be Local 50 Hyper-V Server Symantec Backup Exec™ 2012 Server + Virtual Agent Disk Tape + BE 2012: Agent for VMware and Hyper-V Technical Overview

Notes and Best Practices 51 Key tips and tricks to help get the most out of Backup Exec’s virtual protection capabilities. Backup Exec 2012 BE 2012: Agent for VMware and Hyper-V Technical Overview

52 VMware Best Practices Configuring SAN-based backups for VMware with Backup Exec 2012: – Zone LUNs with VMFS data store so the Backup Exec server can access them. – On Backup Exec server ensure “automount disable” and “automount scrub” commands have been run to disable automatic drive letter assignment. – As a result, VMFS datastore LUN’s should appear in Windows Disk Administrator (on the Backup Exec server) as “unknown”; this is correct. Backup performance largely determined by the slowest component; these components are: – vSphere server system resources: CPU (GHz) – vSphere system disk I/O capabilities (Gbps) – Network type (Fiber Channel 1/2/4/8GB, iSCSI, 1/10GB Ethernet, etc) – Backup Exec server system resources 52 BE 2012: Agent for VMware and Hyper-V Technical Overview

53 VMware Best Practices Basic guidelines when configuring Backup Exec in a VMware environment: – For SAN-based backups, consider installing Backup Exec on a physical machine. – The internal bus of the Backup Exec server should be fast enough to support the I/O devices that are connected to it; if multiple I/O ports are used, a system with multiple internal buses should be considered. – Backup Exec server I/O performance is generally more important than CPU performance. For more information, see Backup Exec Technote BE 2012: Agent for VMware and Hyper-V Technical Overview

54 VMware Best Practices Number of Virtual Machines to Protect with a Single Backup Exec Server – No limit to number of VMs that a single Backup Exec server can protect – Highly dependent on the size of the VMDK files and backup infrastructure – In large environments, multiple Backup Exec servers can be used to optimize performance Backup Protection Recommendations – Seven-day rotation with incremental and differential backups Full backup is run on the 7th day to avoid long incremental/differential backup chains. – Use the Backup Exec 2012 Deduplication Option be used in conjunction with the Virtual Agent 54 BE 2012: Agent for VMware and Hyper-V Technical Overview

55 VMware Notes Some Features Require vSphere 4.x or 5.0 – Incremental and Differential backups require vSphere 4.x or later, HW version 7 or later – Change Block Tracking required for incremental/differential backups – BE 2012 Server is always the target for vStorage backups No remote VCB Proxy Servers Staging Required for GRT Restores From Tape – VMDKs are staged from tape back to temporary disk location before granular restore 55 BE 2012: Agent for VMware and Hyper-V Technical Overview

56 VMware Notes RDM Physical Compatibility Mode Disks – RDM (Raw Device Mapping) Physical Compatibility Mode disks bypass the ESX storage infrastructure GPT Disks – Image-level backups are supported, including full, differential, and incremental backups – Granular file and application recovery is not supported vSphere 4.0/5.0 Fault Tolerance – Fault Tolerance disables snapshots; vStorage backups are snapshot-based 56 Workaround is to Use Agent-based Backups BE 2012: Agent for VMware and Hyper-V Technical Overview

57 Hyper-V Best Practices General Performance Guidelines and Expectations – Overall backup performance in a Hyper-V environment will be largely determined by the slowest common denominator in the infrastructure – Disk I/O performance is the most common bottleneck – For best performance in larger environments, consider installing the Backup Exec server to a standalone physical server. – For single Hyper-V server environments, consider installing the Backup Exec server to the Hyper-V host itself. 57 BE 2012: Agent for VMware and Hyper-V Technical Overview

58 Hyper-V Best Practices Number of Virtual Machines to Protect with a Single Backup Exec Server – There is no limit to the number of virtual machines that a single Backup Exec server can protect – Highly dependent on the size of the.VHD files for each virtual machine, and the physical backup infrastructure. Backup Protection Recommendations – Use the Backup Exec 2012 Deduplication Option be used in conjunction with the Virtual Agent 58 BE 2012: Agent for VMware and Hyper-V Technical Overview

59 Hyper-V Notes The Backup Exec Agent Must Be Installed to Hyper-V Hosts to Enable the Agent for Hyper-V Hyper-V Integration Services Must Be Installed to Guest Virtual Machines to Enable Online Backup – Applies to VSS-compliant platforms, such as Windows 2003 and later Staging Required for GRT Restores From Tape – VHD’s are staged back to temp location first 59 BE 2012: Agent for VMware and Hyper-V Technical Overview

60 Hyper-V Notes For Non-VSS Aware Platforms and Applications, Consider the Standard Backup Exec Agents for Backup Backup Exec Media Servers Cannot Be Installed to Windows Server 2008 Core Systems Online Backup is Not Supported for the Following Disk Configurations (Protect Outside of Hyper-V Agent): – Remote iSCSI disks – Physical or pass-through disks – Dynamic disks – Volumes formatted as FAT32 – BE 2012: Agent for VMware and Hyper-V Technical Overview

Összefoglalás 61 Backup Exec 2012 Technical Overview: Backup Exec 2012

62 VMware Platform Integration Overview 62 BE 2012: Agent for VMware and Hyper-V Technical Overview VMware “Ready” Certified Integration Enables backup of all virtual machines In SAN environments off-host backups Backup of VMware virtual machines over SAN infrastructures vSphere Changed Block Tracking Differential : backup of only what has changed since the last full Incremental: backup of only what has changed since the last backup Block Optimization Support Intelligent skipping of unused blocks within a virtual disk file Greatly reducing backup sizes and increasing backup speed Integrated V-Ray Recovery Technology Entire virtual machine Individual files and folders* Entire applications Granular application objects Advanced V-Ray Data Deduplication Support VMDK Stream Handler enables increased deduplication efficiency Significant reduction of storage requirements for backup Improved Microsoft VSS Integration Proper protection of Microsoft applications (Exchange, SQL, SharePoint, etc) Application quiescence and log truncation

63 Hyper-V Platform Integration Overview 63 BE 2012: Agent for VMware and Hyper-V Technical Overview Full Hyper-V Environment Protection Protection of Windows 2008 R2 Hyper-V host servers Online protection of Hyper-V virtual machines Support for Cluster Shared Volume (CSV) and legacy LUN configurations Hyper-V Incremental and Differential Backups Differential backups: backup of only what has changed since the last full backup Incremental backups: backup of only what has changed since the last backup Block Optimization Support Intelligent skipping of unused blocks within a virtual disk file Greatly reducing backup sizes and increasing backup speed Integrated V-Ray Granular Recovery Technology Entire virtual machine Individual files and folders Entire applications Granular application objects Advanced V-Ray Data Deduplication Support VHD Stream Handler enables increased deduplication efficiency Significant reduction of storage requirements for backup Integration with Microsoft’s VSS API Proper protection of Microsoft applications (Exchange, SQL, SharePoint, etc) Application quiescence and log truncation

Köszönöm a figyelmet Pulai András

65 Build Your Backup Exec Franchise With Tools From Symantec Global Files Exchange SQL Avg Global What Is It? The Backup Exec Deduplication Assessment Tool (BEDAT) Tool designed to demonstrate benefits of Backup Exec deduplication technology Standalone tool; runs with or without Backup Exec installed How Does It Work? Installs to, and runs from, Windows x86 and x64 systems Estimates deduplication results for local and remote (network) servers Automatic cleanup after scan is complete Who Is It For? All Backup Exec partners Customers interested in using BEDAT should contact a Symantec partner: Where Can Partners Get It? PartnerNet: BE 2012: Agent for VMware and Hyper-V Technical Overview