none
Hyper-V with a DC VM and backup

    Question

  • If I had a Hyper-V server which was ONLY used as Hyper-v.... but there was a VM which runs on it (lets say on a D drive) and that VM is a domain controller.... how can I safely performs backups of the hyper-v host and the domain controller? can I either do the following:

    backup all critical of hyper-v (this would not backup D drive with the VM)

    Backup all volumes on the hyper-v system

    backup hyper-v critical volumes, and a perform a backup inside the Domain Controller VM to a separate attached "backup VHD"

    I am assuming that I will be using Windows Server Backup

    Thursday, July 04, 2013 12:48 PM

Answers

  • Here is a good place to start when looking at using Windows Server Backup for backing up the VMs - http://technet.microsoft.com/en-us/magazine/2008.10.disasterr.aspx?pr=blog  The beauty is that you get the VM backup 'automatically' when backing up the host, if that is what you want.

    For DCs, though, you might want to consider some other things.  DC backups are for two different reasons.  Recovery of a DC that crashed and burned, and recovery of the AD database because somebody did something they should not have, like a deletion of some sort.  For the first reason - crash and burn - my recommendation is to always have at least two DCs running in your environment.  That way if one of your DCs does crash and burn, the other one continues providing the services while you build a new DC.  Recovering a DC from backup medium is a lot more difficult that creating an entirely new VM and making it another DC.  Recovery of deleted information from a backup is most likely something that you will need, though you might want to back up the DC only before a change is made (you do enforce change control, right? :)) Then you would not have to back up the DC as often, saving some time and headaches.


    .:|:.:|:. tim

    • Marked as answer by Steve Mills Saturday, July 06, 2013 1:15 PM
    Thursday, July 04, 2013 7:15 PM
  • Hi Steve,

    Snapshots in Hyper-V are different than VSS Snapshots. Basically for VSS Snapshot the VM is beeing freezed at the point in time you do the backup to achieve data consistency (only for applications supporting VSS).

    Hyper-V Snapshots are different. In case you create a Snapshot, no more data will be written to the original VHD of your VM. Instead, an AVHD will be created and all new data written into there. In order to go back to the moment you took the snapshot, you can delete the Snapshot. Here the problems for DCs are starting, as everything will be reverted.

    One more thing with your DC: Don't forget to turn off the Time Synchronization between Host and VM.

    Best Regards,
    Jens


    jensit.wordpress.com

    • Marked as answer by Steve Mills Saturday, July 06, 2013 1:15 PM
    Thursday, July 04, 2013 8:41 PM

All replies

  • Hi Steve,

    for the backup of the VM, the easiest option would be using Windows Server Backup from the Host.
    With this you can create a backup of the whole VM. 

    Also you can use it for the Host Backup.
    Best to store the backup on a external Harddrive, etc.

    Best Regards,
    Jens


    jensit.wordpress.com

    Thursday, July 04, 2013 6:17 PM
  • Here is a good place to start when looking at using Windows Server Backup for backing up the VMs - http://technet.microsoft.com/en-us/magazine/2008.10.disasterr.aspx?pr=blog  The beauty is that you get the VM backup 'automatically' when backing up the host, if that is what you want.

    For DCs, though, you might want to consider some other things.  DC backups are for two different reasons.  Recovery of a DC that crashed and burned, and recovery of the AD database because somebody did something they should not have, like a deletion of some sort.  For the first reason - crash and burn - my recommendation is to always have at least two DCs running in your environment.  That way if one of your DCs does crash and burn, the other one continues providing the services while you build a new DC.  Recovering a DC from backup medium is a lot more difficult that creating an entirely new VM and making it another DC.  Recovery of deleted information from a backup is most likely something that you will need, though you might want to back up the DC only before a change is made (you do enforce change control, right? :)) Then you would not have to back up the DC as often, saving some time and headaches.


    .:|:.:|:. tim

    • Marked as answer by Steve Mills Saturday, July 06, 2013 1:15 PM
    Thursday, July 04, 2013 7:15 PM
  • thanks for that, my main reason specifically for asking this is because there are various precautions you need to take when running a DC in a VM, I read that snapshots are a no no, but isn't this what the volume shadow copy service does as well which server backup uses... does that not affect the DC VM if VSS takes a snapshot, or is this warning purely related to taking snapshots using the hyper-v MMC?

    Change control - I understand its importance but we don't have it implemented, I'd like to though. where is the best place to start for looking into how to deal with this? how do we enforce it? are there any examples of good change control practice and forms/documents/systems we can use to get going on this? anything you can point me to would be appreciated, I know it's a little off topic on this but would be useful for me.

    Many thanks.

    Steve

    Thursday, July 04, 2013 7:48 PM
  • Hi Steve,

    Snapshots in Hyper-V are different than VSS Snapshots. Basically for VSS Snapshot the VM is beeing freezed at the point in time you do the backup to achieve data consistency (only for applications supporting VSS).

    Hyper-V Snapshots are different. In case you create a Snapshot, no more data will be written to the original VHD of your VM. Instead, an AVHD will be created and all new data written into there. In order to go back to the moment you took the snapshot, you can delete the Snapshot. Here the problems for DCs are starting, as everything will be reverted.

    One more thing with your DC: Don't forget to turn off the Time Synchronization between Host and VM.

    Best Regards,
    Jens


    jensit.wordpress.com

    • Marked as answer by Steve Mills Saturday, July 06, 2013 1:15 PM
    Thursday, July 04, 2013 8:41 PM
  • Ahh that makes sense, thanks for explaining how the snapshots differ between these two mechanisms.

    thanks to everyone who posted info about this.

    Tim I would be very appreciative of info surrounding the change control stuff if you are able to help on that one. cheers.

    Steve

    Friday, July 05, 2013 10:00 AM
  • Change control can be simple or complex.  The basic idea is to know whenever a change is made to the environment.  Hence my comment about only doing a physical backup of the DC before a planned change is made.  With change control properly implemented, all changes are planned.

    ITIL - IT Infrastructure Library (itil.org) - is an organization that has documented best practices for change control in a generic manner to apply to any IT environment.  There are levels of certification, but any IT shop should have someone who has achieved at least the Foundation certification.  After you start looking at what it takes to get that certification, you will see it is primarily common sense, but it helps you understand the 'why' behind things and helps you tailor it for your environment.


    .:|:.:|:. tim

    Friday, July 05, 2013 3:50 PM
  • Cheers Tim, I will take a look at ITIL. my friend has done this so I might have some pointers from him :)

    Steve

    Saturday, July 06, 2013 1:14 PM
  • Under certain circumstances you might still want to consider 3-party replication solution.

    For instance, we’ve decided to follow with Veeam Backup and Replication, since Hyper-V replica that we used to utilize didn’t work well with our storage - Hyper-V replica due to its journaling approach doubled write I/O on each protected VM. And tt was constraint number one.

    The other ones were related to:

    • 15 restore points Hyper-V replica limitation
    • the fact that Hyper-V replica, in contrast to Veeam, didn’t support file and item level recoveries from replica VMs
    • the lack of flexible scheduling
    • storage considerations: restore points are stored compressed with Veeam

    However, I have to say that Hyper-V replica is a nice solution that is likely to meet bunch of end users’ expectations and the fact that it didn’t answer our requirements doesn’t necessarily mean that it wouldn’t be applicable in other users’ environments.

    Kind regards, Leonardo.

    Friday, July 12, 2013 2:09 PM
  • Hi Leonardo,

    please consider that Hyper-V Replica is not a backup solution. It is a replication mechanism which allows you to recover your VMs in a secondary location, for example if your main datacenter burns down.
    Therefore it does not include file and item level recovery, etc.

    Apart of this, I think Windows Server Backup is enough for an environment like Steve described.

    Best Regards,
    Jens


    jensit.wordpress.com

    Friday, July 12, 2013 4:18 PM
  • thanks, I appreciate all the input on this topic. we are currently trying to figure out whether high availability or DR would be the best route for our situation so it's good to take on board about the veeam solution, you are not the first to mention this to me and I have heard its quite a good product. we currently use shadowcopy shadowprotect which I don't have any knowledge about really, its a solution already in place but since my involvement I am looking at reviewing existing stuff and implementing better solutions.

    Friday, July 12, 2013 6:34 PM
  • @Jens.

    Yep, I do understand it. In fact, this was another reason we made a decision to switch to Veeam Backup and Replication. With the latter, it’s possible to have reliable backup and replication functionality in one solution. Let alone, the sheer convenience of tracking both backup and replication staff through one pane of glass.

    @Steve

    I’m also along the same line with those who’ve recommended it.

    We’ve been using it quite a long time, so, feel free to ask any questions regarding it. Otherwise, you can ask all of your generic questions at Veeam Forum; quite a responsive community, actually:

    http://forums.veeam.com/index.php

    Kind regards, Leonardo.


    Monday, July 15, 2013 3:34 PM