Many businesses today are making use of Microsoft’s Hyper-V hypervisor to run production workloads for their organizations. Along with running Hyper-V solely as the hypervisor platform of choice, your business may run Hyper-V along with other hypervisors such as VMware vSphere for serving out workloads in production, labs, dev/test and POC environments. With each new version of Windows Server with Hyper-V that have been released, Microsoft has certainly been bringing a wide range of new features to the platform. Windows Server 2019 with Hyper-V is the most powerful Hyper-V version to date. Like VMware vSphere, Hyper-V has great high-availability features that are baked into the platform. However, this does not mean that backups of your data are no longer necessary. Backing up Hyper-V VMs is critically important. There are definitely best practice considerations you want to make to backup Hyper-V VMs in your environment to ensure your data is safe. In this post, we will take a look at Hyper-V VM backup best practices and see how this can effectively be done.
Hyper-V VM Backup Best Practices
With backups there are certainly key areas that can make the difference in effectively protecting your data or not protecting it. Let’s look at the following key areas in a Hyper-V environment for capturing effective backups:
- Hyper-V Checkpoints are not backups
- Capture Hyper-V VM backups at the Hyper-V Host or Cluster level
- Make use of Resilient Change Tracking (RST)
- Use Application-aware backups
- Make sure to use Hyper-V Integration Services
- Encrypt your Hyper-V backups
- Verify your Hyper-V backups
Let’s cover these topics one-by-one.
Hyper-V Checkpoints Are Not Backups
In the world of Hyper-V, checkpoints are the name for the point-in-time “image” of a Hyper-V virtual machine that captures both the data and can also capture in-memory data for Hyper-V. It can be tempting to make use of Hyper-V checkpoints as a type of backup since many reason the checkpoint contains a known good state of the VM, so why not leverage it that way.
Additionally, the waters have been muddied in the world of Hyper-V since Windows Server 2016 and Windows 10 Hyper-V versions. Starting with Windows Server 2016 and Windows 10, you can choose between standard and what is called production checkpoints for each virtual machine. Now with Hyper-V in those versions, the production checkpoint is the default selection for creating a checkpoint. This can create confusion and unravel established best practices since production checkpoints are described as being supported for production. Additionally, they are described as being images that can be restored later in a way that is completely supported.
However, even with production checkpoints, this is a dangerous mechanism to rely on as any type of backup. Checkpoints rely on the underlying production virtual disk structure and also the production infrastructure. They can be exported from the production environment; however, this is rarely done and most likely checkpoints that are assumed to be backups, will be left on the same production infrastructure.
Checkpoints are not meant to be backups, but are still a mechanism that are best suited for quick rollbacks of changes made prior to the checkpoint being taken. True enterprise-level backups provide much more functionality than provided even with production checkpoints.
Additionally, backups are totally separate in every way from dependencies on production data, infrastructure, network, etc. This means your data is safely stored outside of the production environment. This is not true of Hyper-V checkpoints.
Capture Hyper-V VM backups at the Hyper-V Host or Cluster level
In legacy backup solutions from days gone by, backup agents had to be installed inside the guest operating system to capture data from within the physical or even virtual servers. This was cumbersome to maintain and difficult to manage. Updates to backup agents generally required reboots and as a result, subsequent maintenance periods.
With modern Hyper-V backup solutions, it is best practice to capture Hyper-V VM backups at the Hyper-V host or Hyper-V cluster level. This means you are capturing not only the data contained in the VM, but also the VM settings and configuration itself. In the event of a total loss of production infrastructure where the VMs themselves have to be recreated along with the data, having backups of the Hyper-V VMs at the host or cluster level makes the restore process much easier.
Be sure your Hyper-V backup solution is able to capture backups of Hyper-V cluster configurations as there are many solutions that are only able to backup Hyper-V via a Hyper-V host and not the cluster. This presents challenges if the VM lives in a Hyper-V cluster and is Live Migrated to a different host after the initial backup is taken. Hyper-V cluster-aware backup solutions are essential for production Hyper-V cluster deployments.
Make Use of Resilient Change Tracking (RCT)
Hyper-V Resilient Change Tracking or RCT is a new way that Microsoft has introduced for keeping up with Hyper-V block-level changes in virtual machines. RCT allows backup vendors to make use of this native feature for capturing the changes in the Hyper-V VM since the last backup iteration.
This is especially important for backup efficiency and backup time windows. Legacy backup solutions captured all of the data that changed each time the backup ran. Using “changed block tracking” in Hyper-V by means of RCT drastically improves the efficiency of data copied with a backup run and also diminishes the backup time window it takes to capture those changes. Storage space for backups are also reduced and requires much less space than using legacy solutions that capture full backups with each run.
Use Application-aware Backups
Many production applications running in your Hyper-V environment are generally powered by backend database applications that may be running on Microsoft SQL Server, Exchange Server, Active Directory, or SharePoint. Capturing database applications in a way where the data is consistent is extremely important. Database applications must have data written to disk in a way that where consistency is maintained.
Application-aware backups leverage Microsoft’s Volume Shadow Copy Service (VSS) to properly interact with database applications such as mentioned above and flush all data to disk before the data is captured for backup purposes. This allows backups to be taken in a consistent state and also allows for restoring data in a way that requires no other processes to bring data into a consistent state. Make sure your backup solution provides Hyper-V VM Backup Best Practices including a way to properly leverage application-aware backups for your application servers.
Make Sure to Use Hyper-V Integration Services
Hyper-V integration services are the special set of software services and tools that get loaded into the Hyper-V guest operating system that allow the Hyper-V host to properly interact with the guest operating system. This is important for many reasons including performance as well as backups.
When backups are taken at the Hyper-V host or cluster level, the Hyper-V host is able to properly interact via Hyper-V Integration Services with the guest operating system VSS services to quiesce virtual machines and flush data properly during the backup run.
Modern Windows operating systems have the Hyper-V Integration Services loaded by default, however, you want to keep an eye out for updates to the Hyper-V Integration Services and keep those running at the latest levels in your guest operating systems.
Encrypt Your Hyper-V Backups
Encrypting your backups is as necessary as encrypting your normal production data. It is certainly included in Hyper-V VM Backup Best Practices. Why? Backup data “is” production data. It can be easily assumed that once production data transfers over to your backups that magically somehow the data in the backups is no longer sensitive, important, or valuable to an attacker. Of course, this is certainly not true.
If hot backup data is easily read and potentially accessed by unauthorized individuals or an attacker, your sensitive production data can certainly be compromised. Make sure your backups are encrypted both in-flight and at-rest.
Verify Your Hyper-V Backups
One of the most important Hyper-V VM Backup Best Practices is verifying them. It is also perhaps the one step that is most often skipped by Hyper-V administrators due to the manual effort and tedious nature of verifying backups. However, it can literally save your business from a data restore disaster.
If you experience a true disaster recovery scenario, the worst thing that could happen would be to find out your backups are no good or have been silently erroring out and not properly capturing the data or not capturing the expected data. Make sure your data protection solution has a way to automatically verify backups taken of your Hyper-V virtual machines. In this way, the process is automated and takes the human-factor out of the equation. This helps make sure that backups are verified, and done in an automated, continuous fashion as needed.
Hyper-V Backup Best Practices Requires a Good Backup Solution
There is no question that your choice of a Hyper-V backup solution will either allow easily achieving Hyper-V backup best practices or greatly hinder achieving them. All backup solutions are certainly not created equal. You want to choose a solution that provides the best value for the price and allows aligning your backups with recommended best practices.
An example of a great Hyper-V backup solution is Vembu BDR Suite. I have used Vembu BDR Suite for a few years now and very pleased with the capabilities, features, functionality, and price of the solution. It is a rock solid solution for protecting your Hyper-V backups at the Hyper-V cluster level and provides the means to achieve the best practices mentioned here and many others. Download a free, fully-featured trial version here.
Regardless of which solution you use, make sure your backup vendor is able to provide the features and functionality you need to be able to meet the many Hyper-V VM backup best practices to ensure your data is safe.