How to use continuous data protection in Veeam Availability Suite v10

28 viewsTutorials

CDP traditionally stands for continuous data protection, that is, continuous data protection. Earlier Veeam Backup and Replication, which is part of Veeam Availability Suite package along with Veeam ONE, performed a usual software replication with snapshots (called this near-CDP data protection).

Now via Veeam CDP it’s possible to operate with RPO concept (Recovery Point Objective), i.e. the maximum time of data changing which can be lost in the event of data corruption or storage failure. Surprisingly, without snapshot technology but only via VAIO (vSphere API for IO Filters) from VMware RPO can be achieved with 15 seconds or less (depending on the equipment used on the host and its utilization).

This default value appears in the Veeam demo screens:

Note that the replication task looks as usual, except that there was a tab Schedule, where you can configure the RPO, if your host supports ESXi VAIO. In addition, there are two options: the first is Short-term retention, the time for which copies of the machine will be stored in the short-term period for example, 4 hours. During these 4 hours you can roll back to any point according to the RPO parameter.

This is very important when you can not immediately detect data corruption, and corrupted data (for example, the Active Directory directory) from some point begin to replicate. If you come to your senses within 4 hours, you can roll back the replica back to any time within the specified RPO interval, without losing more than 15 seconds from that moment. It’s clear that if you put large retention values ​​here, you will need a huge space to store delta states for every 15 seconds. Therefore 4 hours here is the most optimal value.

The second setting, Long-term retention, allows you to flip restore points with a certain periodicity and store their specified time in accordance with the policy of an enterprise.

Veeam Backup and Replication 10 will use the special VAIO driver (CDP filter driver), which will be installed on the VMware ESXi host as a VIB package and will not require installation of any special software in guest virtual machines. It works at the level of the VMDK disk of a separate VM, it is attached to its VMX process and allows receiving data from the input/output stream directly, which will significantly speed up the operation of the replication mechanism and will not require to create VM snapshots.

When restoring a VM from a replica, we’ll see this picture:

Green indicates the available interval for recovery, you can return to any of its points. Dark green indicates an Application-consistent replica (that is, made using VSS support at the application level), and the usual green one is a Crash-consistent replica, that is, one from which the operating system is guaranteed to start (in fact, applications in 95% of cases too ).

The Veeam CDP will have a few moments in operation:

  • You can use the traditional replication mechanism instead of CDP.
  • It is not possible to replicate templates and disabled VMs via CDP (because there is no I/O flow and VMX process).
  • CDP does not need to be enabled for all virtual machines. It needs to protect only the most business-critical applications, since it requires a lot of space and creates an additional load on resources.
  • If you really do not need 15-second protection, then the interval is better to increase. If you, for example, put 60 seconds, then Veeam will have more time to organize the replication process and will begin to deduplicate replica storage space, as well as conduct other optimizations. For small intervals, the provision of RPO policy will be at the forefront.
  • The technology will require testing in order to determine the physical capabilities of the provision of specified policies.
  • You will not be able to use Veeam CDP and VMware Essentials / Essentials Plus, because VAIO is not included in these publications (vSphere Standard or higher is required).

As for the architecture of the CDP solution, you can use the CDP Proxy machine, which removes data from the host’s virtual machines, either as a VM on the same host (for small and low-cost environments) or as a separate machine from an ESXi host connected to a separate host the network adapter in the dedicated network to the ESXi host, from which CDP data will be sent via a high-speed channel.

Edited question