Previous Post"vSAN Data Protection Part 1: Installation Deployment."This article describes how to install and deploy the VMware Snapshot Service Appliance appliance and enable the vSAN Data Protection feature in a vSAN ESA cluster. This article continues with the configuration and management of vSAN Data Protection related features.
Log in to the vSphere Client management interface, where you can navigate to vSAN Cluster-Configuration-vSAN-Data Protection or click Manage in the Data Protection tab of the vSAN Cluster Summary to open the vSAN Data Protection management view. The Summary view displays general information about the protection group, including a list of member virtual machines, snapshot scheduling, and the number of snapshots generated.
I. Creation of protection groups
With vSAN data protection, you can create flexible policy-based protection through Protection Groups. These policies can be customized to meet specific business needs, such as creating protection groups to group VM virtual machines (e.g., HR, Database, Dev), with separate protection policies and scheduling tasks for each group, up to three protection groups for VM virtual machines belonging to a vSAN cluster, and up to 10 scheduling tasks for each protection group.
Click "Protection Groups" - "Create Protection Group". Configure the name and policy of the protection group.
- invariant mode
When immutable mode is enabled, it is not possible to edit or delete protection groups, change VM memberships, edit or delete snapshots, while administrators will not be able to disable this mode. Immutable snapshots are read-only copies of data and cannot be modified or deleted even by an attacker with administrative privileges.
- Membership
Defining the membership of a virtual machine that joins a protection group is supported in the following ways:
-
- Dynamic Virtual Machine Name Patterns
Dynamic matching of VM names and inclusion of protection groups through wildcards (such as * or ?). Dynamically matches the VM name with a wildcard character (e.g., * or ?) and adds it to a protection group, e.g., SQL-*, which matches multiple characters, or SQL-? which matches a single character.
-
- Selecting a Single Virtual Machine
The manual (Static) method selects the virtual machine and adds it to the protection group.
-
- VMs matching the pattern and manually selected VMs will be included in the protection group
Both Dynamic and Static methods are included for selecting VMs and adding them to protection groups.
Select the Select individual VMs method to manually select VMs and click Next. Select the virtual machines in the vSAN cluster that you want to add to the protection group. vSAN protection groups do not support linked clone virtual machines and virtual machines with existing vSphere snapshots that do not appear in the selection view, such as the HCIBench virtual machine in the current environment.
Set the snapshot scheduling task. Note that the minimum time between generating snapshots can only be set to 30 minutes, and the time to retain snapshots can only be set between 6 hours and 3 years.
Of course, you can add multiple scheduling tasks to the protection group, currently up to 10, with customizable settings by minute, hour, day, week, month, and year intervals.
Finally, check to make sure the protection group is created.
After a protection group is successfully created, snapshots are not created by default for the VM VMs in the protection group and will be created automatically based on the set scheduling time.
By clicking on a protection group, you can manually generate a snapshot of the group immediately, or re-edit the group, pause the scheduling task for the group, and delete the group.
There are two options for deleting protection groups, the first being "Retain snapshots until the expiration date" when the scheduling task set by this protection group retains theThe second is to delete the protection group directly after deleting the snapshot generated by the current protection group and then deleting the protection group.
It is also possible to click into that protection group to display information and all related actions for the current specific protection group.
Manually clicking on "Generate Snapshot" allows you to set the name of the snapshot and how long it will be retained (up to how long, how many days ago, and permanently), which is different from the settings for auto-scheduled tasks.
Click "Snapshots" to view all the snapshots created by the current protection group, including manually created snapshots and snapshots created by automated tasks, you can select a snapshot to perform the "delete" operation.
Click "Virtual Machines" to view the snapshot status of all virtual machines in the current protection group, and you can select a virtual machine to perform "restore" and "clone" operations.
II. Virtual Machine Restore
vSAN snapshots are non-quiet snapshots. vSAN snapshots are stored on thevSAN Data is stored locally. It is possible to use thevSAN Snapshots restore a VM to a previous state retained by the snapshot, such as a VM that needs to be rolled back due to a configuration error or update failure. You can have up to 200 snapshots per VM, so you need to take this into account when making plans, for example.
Now test creating a text file in the VM1 virtual machine, then using vSAN Data Protection to generate a vSAN snapshot of the virtual machine, then going to the VM1 virtual machine and deleting the file you just created, and then restoring the virtual machine from vSAN Data Protection to see if the file is restored.
Use vSAN Data Protection to manually generate a vSAN snapshot for a virtual machine.
Then go to the VM1 virtual machine and delete the file.
Now to restore the VM, navigate to VM1 Virtual Machines - Snapshots - vSAN Data Protection - Snapshot Management, select the snapshot you just created and click "Restore VM".
When restoring a virtual machine from a vSAN snapshot, vSAN replaces the current virtual machine with the snapshot virtual machine. The virtual machine is shut down and a new snapshot is created as a recovery option.
Manually power on the virtual machine, log on to the system and view the files, you can see that the files have been restored.
You can also restore a virtual machine that has been deleted, migrated, or unregistered in vCenter but still has a snapshot available in the cluster. This becomes useful when a virtual machine is deleted accidentally or maliciously.
Now that you have shut down the VM1 virtual machine and selected Delete from Disk, the virtual machine has been completely deleted from vCenter.
At this point, navigate to vSAN Cluster-Configuration-vSAN-Data Protection-Virtual Machines and click Removed Virtual Machines to see the vSAN snapshot of the VM1 virtual machine.
Click "Restore Virtual Machine", select the name of the snapshot to restore, and click Next.
Set the name of the restored virtual machine and the folder where it will be placed, and click Next.
Set the computing resources used by the restored virtual machine and click Next.
Click on "Restore".
The virtual machine is restored successfully from the vSAN snapshot and inherits the vSAN snapshot of the previous virtual machine. However, to continue with the automatic snapshot creation task, the virtual machine needs to be re-added to the protection group.
III. Virtual machine cloning
vSAN Data Protecation supports enhanced cloning capabilities that allow you to clone a new virtual machine from a vSAN snapshot created at any point in time for workflows such as software testing and development. It utilizes efficient linked clones as these clones help reduce resource usage and speed up development cycles.
For example, the VM1 VM was manually created with a vSAN snapshot name of Version 1 for testing in the following figure, and now a new VM needs to be cloned based on this version for other testing.
Click "Clone Virtual Machine", set the name of the virtual machine and select the folder where it will be placed, click Next.
Select the compute resources to be used for cloning the virtual machine and click Next.
Click on "Clone".
The cloning is complete and you can now use that VM to complete the relevant tests.
