There are two main ways you can protect your virtualized servers and your virtualization infrastructure, at the Virtual Machine level or at the Hypervisor level.
Data protection that occurs within the Virtual Machine is referred to as GOS (Guest Operating System) level. GOS-level protection is unique to the operating system and applications being protected, but is independent of the virtualization hypervisor architecture and implementation.
Data protection at the virtualization hypervisor layer is called the HOS (Host Operating System) level. In this case, the data protection is aware that it’s in a virtual environment and thus protects a collection of virtual machines.
Proponents of GOS-level protection believe that the solutions typically offer more granularity than HOS-level solutions. However, as the size of the environment grows, automation capabilities are often found lacking. GOS-level solutions can also have issues protecting hypervisor-level features such as virtualization-based clustering.
HOS-level protection, also referred to as “virtualization aware”, i.e., the backup software is aware of virtualization and protects one or more virtual machines within the overall virtualization environment, typically offers better overall ease of use and automation but have limitations concerning granularity.
Microsoft Hyper-V HOS-Level Protection
Microsoft uses a data protection architecture known as VSS (Volume Shadow Copy Service) to protect their operating systems, applications, and their virtualization. VSS at the operating system and application level is used not only by Microsoft, but by other virtualization vendors (for example, VMware) to make sure that the data being used by Microsoft operating systems and applications is in a consistent state so that recovery is insured (this is also called “quiescing.”) However, Microsoft as a virtualization vendor also uses VSS at the HOS-level as well.
Compared to VMware’s HOS-level protection, Microsoft’s HOS-level VSS protection is a bit lower level. What this means is that data protection vendors must write software for missing functionality when offering Microsoft HOS-level virtualization protection. The most prominent example of this is CBT (Changed Block Tracking) – which is functionality that Microsoft doesn’t offer within VSS but which VMware offers within its HOS-level protection architecture. From an IT administrator and user perspective, however, this isn’t visible.
VMware vSphere HOS-Level Protection
After a series of mis-steps culminating in the “clunky” VCB (VMware Consolidated Backup) offering, VMware came back strong beginning in VMware vSphere 4 with its VADP (vStorage API for Data Protection) data protection architecture. VADP is the leading data protection architecture in the virtualization market today and has advanced functionality such as CBT built-in so that vendors can offer data protection with less effort.
Is there any downside to VMware’s VADP? Yes. VMware limits access to their API set to only licensed versions of their hypervisor. In other words, their free (unlicensed) ESXi product doesn’t support it. Thus vendors are forced to provide GOS-level protection in this case. This compares poorly to Microsoft, for example, which has no such limitation on its free Hyper-V Server 2012 or Hyper-V Server 2008 versions of its Hyper-V virtualization platform.
Losing My Religion: Virtualization Backup Dogma, Faith and Fact
Despite the tremendous advantages that virtualization brings to IT professionals, many find themselves at their wits' end with respect to protecting ever more prevalent virtualized environments. The cacophony of competing vendor claims as well as the claims of their paid consultants only increases the confusion and attendant frustration in those simply seeking to an optimal solution for protecting their unique IT infrastructure.
Thank you for your interest in Losing My Religion: Virtualization Backup Dogma, Faith and Fact