VMware@SoftLayer Cookbook –
Backup, Recovery, Archival (BURA)
IBM Global Technology Services:
Khoa Huynh (khoa@us.ibm.com)
Daniel De Araujo (ddearaujo@us.ibm.com)
Bob Kellenberger (kellenbe@us.ibm.com)
This document is part of a series of VMware@SoftLayer cookbooks. They are intended
to provide vSphere administrators with important information to deploy VMware
vSphere environments within SoftLayer. VMware@SoftLayer refers to the deployment
of VMware vSphere infrastructure in SoftLayer as a Hybrid Cloud. In this particular
case, a hybrid cloud refers to the deployment of a private cloud within the SoftLayer
This document provides how vSphere administrators can set up data backup and recovery
solutions for VMware-based hybrid clouds in the SoftLayer environment.
This document is intended for experienced vSphere administrators with basic deployment
skills to install and administer VMware vSphere ESX and vCenter products. It is not
intended to provide information on enabling operating system tasks within VM guest
operating systems. Additionally, it will not cover advanced network design concepts to
recover guest network services.
Table of Contents
1 VADP-based Backup & Restore Solutions.......................................................................4
1.1 vSphere Data Protection (VDP).................................................................................4
1.1.1 VDP Specifications.............................................................................................5
1.1.2 System Requirements..........................................................................................5
1.1.3 VDP Deployment and Configuration..................................................................6
1.1.4 Creating Backup Jobs.......................................................................................11
1.1.5 Restoring Backups............................................................................................16
1.1.6 Locking and Unlocking a Backup.....................................................................19
1.1.7 File-Level Restore.............................................................................................19
1.1.8 Advanced Topics..............................................................................................22
2 SoftLayer-provided Backup & Restore Services............................................................26
2.1 eVault.......................................................................................................................26
2.2 Idera.........................................................................................................................29
VADP-based Backup & Restore Solutions
Customers can re-use, or extend, existing backup and restore tools which they have in
their on-premise data centers into SoftLayer. These tools can either exploit the vSphere
APIs for Data Protection (VADP) or rely on agents installed on the servers that need to
be backed up. One of the most advanced backup and restore tools in a VMware vSphere
environment is the vSphere Data Protection (VDP), which is included with the vSphere
license. Alternatively, customers can also use the backup and restore services provided
by SoftLayer, such as eVault and Idera Continuous Data Protection (CDP).
vSphere Data Protection (VDP)
vSphere Data Protection (VDP) is an advanced data backup and recovery solution for
VMware vSphere environment, as shown in Figure 1. It is provided at no additional
charge with the vSphere license (there is also an Advanced version that is licensed for up
to 8TB backup storage). VDP was designed specifically for the VMware environment
and is actually powered by EMC Avamar under the cover. VDP provides the following
features for data backup and recovery:
Nice Graphical User Interface (GUI)
Relatively easy to set up
Fully integrated with VMware vCenter and vSphere Web Client
Very flexible – VDP allows full-VM backup, full-VM restores, as well as file-level
recovery (FLR)
Advanced technologies – VDP exploits vSphere APIs for Data Protection (VADP)
for centralized, efficient, off-host backups, and it uses Change Block Tracking (CBT)
technology for data de-duplication (in our testing, de-duplication reduces the backup
image size almost 7:1)
No agent to install (a big advantage for large VMware environments)
There is also an advanced version of VDP – VDP Advanced – that provides additional
data backup and recovery capabilities:
• Up to 8TB of de-duplicated capacity per appliance
• Application-aware backups for Exchange, SQL, and Sharepoint
• WAN-efficient backup replication to another VDP Advanced appliance
• Automated backup verification
• Backup to EMC Data Domain
Enabling VDP Advanced functionality requires an appropriate number of CPU licenses,
which are available for purchase separately from vSphere. More details on VDP
Advanced are available at vmware.com/go/vdpadvanced.
Figure 1. vSphere Data Protection overview.
VDP Specifications
VDP supports the following specifications:
• Each vCenter Server can support up to 10 VDP appliances
• Each VDP appliance supports backup for up to 100 virtual machines
• Only one VDP appliance can exist per ESX / ESXi host
• Each VDP appliance can handle 0.5 TB, 1 TB, or 2 TB of de-duplicated backup data
(this amount can be selected during the initial configuration of the VDP appliance)
The above specifications should allow users to determine if VDP is a suitable data
backup and recovery solution for their environments based on the number of virtual
machines and amount of data that need to be backed up.
System Requirements
VDP 5.5 has the following software requirements:
• VMware vCenter Server Version 5.1 or later
• vSphere Web Client
• Web browsers must be enabled with Adobe Flash Player 11.3 or higher to work with
the vSphere Web Client and VDP
VMware ESX 4.0, 4.1
VMware ESXi 5.0, 5.1, 5.5
A single VDP appliance is available in three different configurations:
• 0.5 TB, which requires a minimum of 4 x 2-GHz processors, 4GB of memory, and
873 GB of disk space (for creating and managing checkpoints)
• 1 TB, which requires a minimum of 4 x 2-GHz processors, 4GB of memory, and
1,600 GB of disk space (for creating and managing checkpoints)
• 2 TB, which requires a minimum of 4 x 2-GHz processors, 4GB of memory, and
3,100 GB of disk space (for creating and managing checkpoints)
VDP Deployment and Configuration
Before deploying the VDP appliance, an entry must be added to the DNS Server for the
VDP appliance's IP address and Fully Qualified Domain Names (FQDN). The DNS
server must support both forward and reverse lookup.
The user account that is used to administer the VDP should have Administrator privilege.
To verify that this is the case, go to Home > Adminiistration > Role Manager and click
the Administrator role. The VDP user should be listed to the right of that role if it is set
up correctly. Note that, if the VDP user belongs to a domain account, then it should be
used in the format “SYSTEM-DOMAIN\admin” format to configure the VDP.
For best performance and flexibility, the following best practices should be followed:
• The VDP appliance should be deployed on a shared VMFS5 or higher to avoid block
size limitations
• All virtual machines (VMs) should be running hardware version 7 or higher to
support the Change Block Tracking (CBT) feature provided by VDP
• VMware Tools must be installed on all VMs that are backed up by VDP because
some VDP features, such as file-level restore, require VMware Tools.
The VDP appliance can then be installed through the normal deployment of the OVF
template. After the VDP .ovf template is deployed successfully, as shown in Figure 2,
the VDP appliance must be configured.
Figure 2. VDP appliance has been successfully deployed.
To configure the VDP appliance, we can use the VDP Configure utility, which can be
invoked in any browser (Figure 3):
where IP_address_VDP_Appliance is the IP address of the VDP appliance
( in our case). The default root password is “changeme”, which must be
changed after the first login.
Figure 3. VDP Configure utility.
Using the VDP Configure utility, the following can be set up for the VDP appliance:
Network settings: Ipv4 static address, netmask, gateway, primary and secondary
DNS, hostname (e.g. vdpa-l-01b), and domain name (e.g. cil.ibm.local)
Vcenter information: username, password, IP (or FQDN), and vCenter port (443)
Time zone
VDP credentials (password)
Storage settings: we need to select “Create New Storage” here
With the “Create New Storage” option, we can create new storage where new VMDK
storage disks are created. On the “Device Allocation” page, the number of required disks
is displayed. Be default, the “Store with Appliance” option, which deploys disks on the
same datastore selected when deploying the VDP appliance, is checked. If we do not
want this option, we need to un-check it; in this case, we need to select the appropriate
disks on the datastores that are visible to the VDP appliance.
Once the storage is created, we need to specify the type of provisioning for the disks.
There are three types of provisioning that are available:
• Thin – the thin disk starts small and uses only as much datastore space as needed for
initial operations. The disk can expand later as necessary up to the value that we
enter for the disk size.
Thick Eager-Zeroed – the entire size of the disk will be allocated when it is created.
All previous data will be erased, so this type of provisioning should be used when
data security is a major concern.
Thick Lazy-Zeroed – the default type of provisioning. In this case, the entire disk is
allocated when it is created. However, previous data will not be erased during
creation; rather, it will be zeroed out on demand later as new data is written to the
On the “Ready to Complete” page after the storage has been configured, we can run some
performance tests. In order to pass these performance tests, the configured storage must
be able to support at least 30 MB/sec for writes, 60 MB/sec for reads, and 400 seeks per
second. The performance results reported will be either Passed (if all read, write, and
seek tests passed), Failed (if read and/or write tests failed), or Conditionally Passed (if
read and write tests passed, but seek test failed).
Existing VDP storage can also be attached to the VDP appliance during this initial
configuration phase.
The VDP appliance should be restarted after the initial configuration phase. After
restarting, we can view the configuration of the VDP appliance using the same URL
(https://<IP_address_VDP_Appliance>:8543/vdp-configure/). In our case, the network
and storage configurations of the VDP appliance are shown in Figures 4 and 5. The
VDP operational status can also be monitored on the “Status” tab of the VDP Configure
utility, as seen in Figure 6.
Figure 4. VDP network configuration.
Figure 5. VDP storage configuration.
Figure 6. VDP operational status as seen in the VDP Configure Utility.
Creating Backup Jobs
After the VDP appliance has been configured properly, it is fully integrated into the
vCenter Server. Setting up backup jobs, recovery points, reports, etc. can now be done
from the vSphere Web Client (https://<IP_address_vCenter>:9443/), as shown in Figure
7. Clicking on the “vSphere Data Protection” on the left pane of the Home view in the
vSphere Web Client will connect to the VDP appliance.
To create or manage backup jobs, we click on the “Backup” tab of the VDP view, and
then select “New” in the pull-down menu of the “Backup job actions” button in the top
bar of this tab. The first option is to select the type of backup job:
• Full image – this will aggregate all disks in each virtual machine into a single image
backup for that virtual machine
• Individual disks – this option allows us to select only the disks in each virtual
machine that need to be backed up. This provides us the flexibility to filter based on
certain configuration criteria, such as by operating system or by retention policy.
In this example, let's select the “Full Image” backup type. Click “Next” to select the
virtual machine(s) that we want to back up in this job. On this “Backup Targets” page,
we just select all virtual machines that we want to back up, as shown in Figure 8. In our
case, we select two virtual machines (appserver and CentOSTest) for this backup job.
Figure 7. Accessing vSphere Data Protection from the vSphere Web Client.
Next we need to determine how often these virtual machines will be backed up. The
schedule options are shown in Figure 9. In our case, we use the default schedule – daily
backups starting at 8pm. Click “Next” to specify the retention policy, which determines
how long backups are retained, as shown in Figure 10. After the retention period
expires, the backup images will be deleted from the system. Again, we select the default
retention policy of keeping backups for 60 days in our example. Click “Next” to enter a
name (e.g. Backup01) for this backup job.
On the “Ready to Complete” page (Figure 11), which is displayed by clicking “Next”, we
see a summary of all options that we have selected for this backup job. Click “Finish”
will create the backup job based on those options.
Figure 8. Selecting backup targets.
Figure 9. Backup schedule options.
Figure 10. Retention policy options.
Figure 11. Summary of options selected for backup job.
Once a backup job has been created, it will appear on the “Backup” tab of the VDP view.
The backup job will be started based on the schedule that we specify for it. However, we
can start any backup job immediately by clicking on the “Backup now” button on the
upper right corner of the Backup tab.
For demonstration purposes, let's click on the “Backup now” button now. The status of
the backup job can be seen in the Task console by clicking on the “Tasks” on the left
pane of the Home view. Figure 12 shows that the backup job is about 10% complete
while the appserver and CentOSTest virtual machines are being backed up.
Figure 12. Monitoring backup job status in the Task console.
The “Reports” tab of the vSphere Data Replication view shows the backup of all virtual
machines. For each virtual machine, this report shows the associated backup job (if there
is one) and the timestamp of the last successful backup (Figure 13).
Each backup job can be enabled or disabled, edited, cloned, or even deleted by selecting
that job in the “Backup” tab and then select the appropriate action in the pull-down menu
displayed by clicking on the “Backup job actions” button.
Restoring Backups
After virtual machines have been backed up, we can restore the backups to the original
location or to an alternate location. In order to restore a backup image, we go to the
“Restore” tab of the vSphere Data Protection view. On this tab is a list of virtual
machines and associated backup images that have been collected, as shown in Figure 14.
Clicking on a virtual machine on this list allows us to see all of the available backup
images for this virtual machine from which we could restore.
We can start the restore process by selecting one (or more) backup images and then click
on the “Restore” button near the top of the “Restore” tab. Backup images from different
virtual machines can be selected to be restored in one restore operation. After verifying
the backup images to be restored, click “Next” to set the restore options, as shown in
Figure 15.
Figure 13. VDP reports.
Figure 14. List of virtual machines and backup information.
Figure 15. Setting restore options.
The restore options include the following:
Restore to the original location – this is the default option (box checked)
Restore to another location – by clearing the “Restore to the original location” box,
we can specify the new location (e.g. a new vSphere cluster) to which the backup
image can be restored. In addition, we can specify a new name for the (restored)
virtual machine in its new location.
Advanced options – these include the ability to specify a different datastore for the
restored image and whether the newly restored virtual machine should be powered
on after the restore operation completes.
After reviewing all settings in the “Ready to Complete” page, click “Finish” to start the
restore operation. As the restore operation is under way, its progress can be monitored in
the Tasks console, as shown in Figure 16.
Figure 16. Monitoring the restore progress in the Tasks console.
Locking and Unlocking a Backup
During maintenance periods, VDP checks each backup image in the appliance to see if
its retention period have expired. If it has expired, that backup image will be removed
from the appliance. In order to prevent a backup image from being removed by the
VDP , it can be locked. While locked, the retention period for that backup image will not
be checked by the VDP until it is unlocked. Note that all full image backups can be
locked; individual disk backups can never be locked.
To lock a backup image, we select that image from the list of backup images in the
“Restore” tab, and then click on the “Lock/Unlock” button in the action bar near the top
of the tab. This is a toggle button. After an image is locked, the expiration date for that
image will be changed to “Never”. Unlocking the image will revert its expiration date to
retention period set when the backup job is created.
File-Level Restore
VDP creates full backup images of entire virtual machines. As we have seen in the
previous sections, these backup images can be restored in their entirety using the VDP
user interface through the vSphere Web Client. However, if only specific files need to be
restored from these full backup images, the VDP Restore Client must be used.
The VDP Restore Client, which can be accessed through a web browser, allows a full
backup image to be mounted as a file system. That allows us to browse through the file
system and select specific file(s) that can then be restored. The VDP Restore Client is
only available to virtual machines that have backups managed by the VDP, so this would
require the user to log into one of those virtual machines through either the vCenter
console or some other remote connection.
The VDP Restore Client does have the following limitations:
• No support for unformatted disks, dynamic disks (Windows), and multi-drive
• No support for the following file systems: EXT4, FAT16/32, GPT, extended
partitions, encrypted partitions, compressed partitions. Partitions that are mapped to
multiple virtual disks are also not supported
• No support for the following Windows 8 and Windows Server 2012 file systems:
deduplicated NTFS, ReFS, EFI bootloader
• Symbolic links cannot be restored or browsed
• Cannot restore more than 5,000 files or folders in a single restore operation
To perform a file-level restore for a virtual machine, we need to do the following:
• Log into the virtual machine for which we need to restore file(s). This virtual
machine must have already been backed up by the VDP and has a valid backup
image. Additionally, VM Tools must have been installed on this virtual machine.
• Access the VDP Restore Client from that virtual machine through a web browser:
https://<IP_address_VDP_appliance>:8543/flr (in our case, it's, as shown in Figure 17.
Figure 17. Accessing the VDP Restore Client.
Log into the VDP Restore Client using the login credentials of the local virtual
machine. A list of backup images that can be mounted will be displayed after the
Select a backup image from which we want to restore file(s), and click “Mount”.
After a backup image has been mounted, we can browse through the list of
directories and files, as shown in Figure 18. We can select one or more files to
restore. Then click “Restore selected files”.
We then specify the destination location (i.e. hard drive, folder, etc.) to which the
selected file(s) will be restore, as shown in Figure 19. Click “Restore”, then “Yes”
to the dialog box asking if we are sure to initiate the restore operation.
The progress and final result of the restore operation can be seen in the “Monitor
Restores” tab of the VDP Restore Client, as shown in Figure 20.
After the restore operation completes, the restored files should be at the destination
Figure 18. Browsing and selecting file(s) to restore in VDP Restore Client.
There is also the Advanced Login provided by the VDP Restore Client. To use advanced
login, just click on the “Advanced Login” link on the login page of the VDP Restore
Client. The advanced login requires an additional authentication using the vCenter
credentials. The advanced login capability allows us to mount, browse, and restore files
from any virtual machine that has been backed up by VDP, not just the virtual machine
that we currently log in. However, all restored files will be restored to the virtual
machine that we currently log in.
Advanced Topics
Backup images can be replicated to another location using the VDP replication jobs.
VDP replication jobs determine which backup images are replicated, when they should
be replicated, and to what destination.
Note that imported backups, which were created from a previous appliance on disks
imported to the new appliance, cannot be replicated.
Figure 19. Selecting restore location.
A replication job can be created on the “Replication” tab of the VDP view. Among the
options that can be set for a replication job
• Backup options – these options allow us to limit the number of backups that are
replicated. By default, all backups for each selected client will be replicated. For
replication, we can specify the backup types (e.g. daily, weekly, monthly, yearly, or
user-initiated), maximum backups to replicate per client, and date restrictions (if any
). In our case, we selected “user-initiated” for backup type, and default values for
the rest (i.e. no limit on number of backups to replicate per client and no date
The destination host to which the selected backups will be replicated: hostname or
IP address, port, username, and password. It is recommended that we verify
authentication in this step by clicking on the “Verify authentication” button at the
bottom of this page.
Figure 20. Monitoring progress and result of file-level restore operations.
Replication schedule – how often do we need to replicate the selected backup
images: daily, weekly, or monthly, and the start time of the replication job.
Retention options – when the replicated backups will expire from the destination. We
can keep the same expiration date for each replicated backup the same as for each
source (original) backup image, or set the expiration dates by backup types.
Alternatively, we can also choose to keep them forever.
Name of the replication job
As with backup jobs, we can edit, clone, delete, enable, or disable replication jobs by
clicking on the “Replication job actions” and selecting the appropriate action on the pull23
down menu. We can also initiate a selected replication job immediately by using the
“Replicate now” button. The progress and results of the replication job(s) can be
monitored in the Tasks console.
Viewing VDP Configuration
The “Configuration” tab of the VDP view also displays a lot of useful information, as
shown in Figure 21.
Figure 21. The VDP and backup window configuration.
Among the information found in this tab:
• VDP appliance information and status
• VDP appliance storage usage, including the total capacity, free space, de-duplicated
size, and the amount of disk space that would take up if the backup data was
converted to the native, non-de-duplicated format. In our test, using the CBT
technology for de-duplication results in 80% reduction in the disk space required for
backup images!
• Backup window configuration – this is shown graphically at the bottom of Figure
21. Basically, each 24-hour day is divided into two operational windows: a backup
window and maintenance window. The backup window is the portion of each day
reserved to perform the actual backup jobs that are normally scheduled. The
maintenance window is the portion of each day reserved to perform maintenance
tasks, such as integrity checks. Because of this, it is strongly suggested that “Backup
now” operations should not be done during the maintenance window because they
would take away precious resources that the VDP appliance needs for maintenance
tasks. The backup window configuration can be edited using the “Edit” button just
below the graphical representation of the backup window.
For more detailed information on VDP, please refer to the vSphere Data Protection
Administration Guide for VDP 5.5:
VDP Storage Management
In previous sections, we already discussed how to create storage for the VDP appliance
using the vdp-configure utilty (https://<IP_address_VDP_appliance:8543/vdp-configure
). We can add previously-created VDP disks to a new VDP appliance by selecting the
“Add existing VDP storage” on the “Create Storage” page of the vdp-configure utility.
In the even that the primary disk partition (OS boot partition) of the VDP appliance is
corrupt or lost, we could detach the disks containing backup images from the
unrecoverable VDP appliance, and then attach them to a newly-deployed VDP appliance.
To remove a disk (not Disk 1, which is the primary 100-GB OS boot partition) from the
VDP appliance, we can do it from the vSphere thick client (not the Web version):
• Log into the vSphere (thick) Client
• Go into “vCenter > Hosts and Clusters” view and select the VDP appliance
• Choose “Edit Settings” for the VDP appliance, then select the “Hardware” tab
• Click Hard disk 2 from the list and note the full path and name of the disk (vmdk file
). Then click the “Remove” button.
• Under “Removal Options”, select “Remove from virtual machine”
• Repeat this procedure for each disk that we want to remove (detach) from the VDP
After a new VDP appliance is deployed, we can re-attach the disk(s) to it.
SoftLayer-provided Backup & Restore Services
There are two BURA services currently provided by SoftLayer:
• eVault
• idera
Both of these services require agents to be installed in VMs that need to be backed up.
SoftLayer has partnered with eVault to provide reliable, easy-to-use, enterprise-class
backup and recovery solutions. The backup solution utilizes eVault's Infostage line of
products. eVault is a centrally managed backup service by SoftLayer. Figure 22
provides an overview of eVault in SoftLayer. It requires an agent to be installed in each
system (physical or virtual) that needs to be backed up. It does not exploit the vSphere
APIs for Data Protection (VADP). This service supports the backup of individual files,
directories, and applications (e.g. MS Exchange, Oracle, SQL, etc.) at flexible schedules
(i.e. single instance, daily, weekly, monthly, etc.). It also provides FIPS-140 encryption
option. For specialized applications, such as SQL and Exchange, additional plug-ins
must be purchased.
The eVault backup service can be ordered per server – regardless whether it is a physical
or virtual server. Backup space is allocated per server, and the monthly cost is based on
the amount of backup space per server, as shown in Figure 23. The backup and restore
jobs from multiple servers are managed from a web-browser-like GUI within the
SoftLayer portal, called the Web Control Console (WCC).
For VMware@SoftLayer environments, there are several issues with the eVault service
in SoftLayer:
• The eVault agents currently provided by SoftLayer can only be installed on Linux
and Windows systems
• There are VMware ESX agent tarballs stored on SoftLayer service website, but there
is no workable automated script to untar and install this agent.
• There is no support for VMware ESXi at this time.
It should be noted that the eVault support in SoftLayer is only a subset of the eVault
product from Seagate, which does provide eVault agent for ESXi:
As a result, if we only want to back up virtual machines running Linux or Windows, and
do not need to back up the VMware ESX / ESXi hosts, then the eVault backup service
provided by SoftLayer is quite sufficient. However, if the ESX / ESXi hosts need to be
backed up, then the eVault service in SoftLayer is not a suitable option.
Figure 22. Overview of eVault in SoftLayer.
Figure 23. Costs for eVault service.
Additional details on how to install eVault agents, create backup jobs, and perform
restores are available from KnowledgeLayer:
Installing eVault backup agent for Linux:
Installing eVault backup agent for Windows:
Accessing and performing backup & restore operations in Web Control Console (WCC):
The Idera Continuous Data Protection (CDP) is a backup software created by Idera
(formerly R1Soft) that allows for backup of both physical and virtual servers. Although
the Idera CDP service is licensed and supported by SoftLayer, it is actually administered
by customers. Like eVault, it also requires agent access and is not VADP-enabled. An
overview of this service in SoftLayer is shown in Figure 24. Idera CDP consists of three
main components: the CDP server, the agent, and database plugins (which are available
for purchase separately from the first two components). Idera CDP service provides
block-level full / incremental backup, full-image and file-level restores, and MySQL
protection feature.
To use the Idera CDP service, the CDP server must first be provisioned – preferably, a
bare-metal server – in SoftLayer. The user is responsible for provisioning this CDP
server, including CPU, memory, storage, and network resources. In addition to the
operating system, we also need to purchase from SoftLayer the following add-ons:
• Idera Server Backup 5.0 Enterprise (either for Linux or Windows) for $18.13 per
• Idera Backup Agent Pack (available in packs of 1 to 25 agents from $3.63 to $54.38
per month)
All virtual machines and physical servers that need to be backed up must be registered
with the CDP server. The backup space resides on the CDP server and is shared by all
virtual machines and servers that are registered with the CDP server. All backup and
restore jobs are managed through the Idera Web Console, which can be accessed through
both public and private networks in SoftLayer. The Idera CDP passwords can be tracked
and stored within the SoftLayer's customer portal.
Figure 24. Overview of Idera backup service in SoftLayer.
More detailed information on the Idera CDP service in SoftLayer is available through
Download PDF
Similar pages
Mora VDP 325 W
Mora VDP 642 GX
Mora VDP 642 GX1