Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

VMware vSAN Data Protection in ESA 8.0 U3 – deep snapshots, protection groups and more

  • October 15, 2024
  • 14 min read
IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at vladan.fr. He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.
IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at vladan.fr. He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.

vSAN ESA isn’t new, however with the latest 8.0 U3 which is part of VMware/Broadcom offerings in many packages such as VMware Cloud Foundation (VCF), VMware vSphere Foundation (VVF), there is a new functionality called VMware vSAN Data Protection in ESA 8.0 U3. WE have talked about other features of vSphere 8.0 U3 in our post on StarWind blog here, but VSAN wasn’t on part of it. That’s why an important update on vSAN today.

Early in January we have written about VMware vSAN MAX which is more advanced version of vSAN (in short), and has different topologies, including stretched clusters. VMware vSAN ESA 8.0U3 brings stretched-clusters technology as well.

Today, I’d like to focus on an important technology, important function, that everyone needs to be aware of. It is a new architecture in snapshot technology in vSAN ESA that allows to bring VMware vSAN Data Protection in vSAN 8.0 U3.

The information from the post is gathered from VMware EXPLORE Las Vegas session about VMware vSAN ESA Deep Dive: Your Storage Platform for VMware Cloud Foundation, by Pete Kohler and Duncan Epping. It’s freely available to watch when you have a VMware/Broadcom account.

VMware vSAN ESA 8.0 U3 Snapshot Architecture

Screenshot from the EXPLORE session

Screenshot from the EXPLORE session

 

The snapshot feature in vSAN ESA 8.0 Update 3 is built on a new B-tree snapshot architecture, which offers several advantages:

Snapshots on the metadata level – The snapshots are natively integrated into the vSAN ESA file system, ensuring minimal performance impact even with deep snapshot chains. You can imagine the speed increase in taking snapshots, deleting snapshots or so when you don’t need to create new objects or files, or copy any bits from one location to the other.

In fact, 8.0 U3 has a new mechanism allowing you to create deep snapshots (up to 200 snapshots per VM!!!). The snapshots are very fast. In this demo we could see that there is almost no decrease of performance or any latency increase while creating those snapshots but also when deleting snapshots (even Delete ALL snapshots which normally triggers large copies while consolidating files).

It is because of the nature of snapshots in vSAN ESA 8.0 U3. The snapshots are occurring at the metadata level so there is no copy of data anywhere or creation of new object or new file somewhere. This is a game changer.

Does not stun VMs – also, because of this new technology introduced, there is no more of stun VMs. You know when the VMs are “paused” for a short period of time allowing the snapshot creation. This also contributes to the speed of the technology.

Protection Groups

Protection Groups and Scheduling – are groups of VMs according to your choice, which are protected together. Administrators can create Protection Groups (PGs) that include multiple VMs. These groups can be defined by VM name patterns or selected manually.

Administrators can create Protection Groups (PGs) that include multiple VMs

 

Each PG can have up to 10 snapshot schedules, specifying the frequency of snapshot creation, retention periods, and immutability settings. Yes, VMware has a good reflex here to integrate immutability which is very important while facing today’s cybersecurity threads.

Snapshots are created in a crash-consistent manner, ensuring data integrity across all VMs in the PG.

Note: Those are not a consistency groups. The VMs will be snapshotted around the same time, but not EXACTLY at the same time!

Snapshots are created in a crash-consistent manner, ensuring data integrity across all VMs in the PG

 

Retention and Immutability – Snapshots can be retained for a specified number of days, until a fixed date, or indefinitely. Immutability settings prevent manual deletion of snapshots before the retention period expires, enhancing data protection.

Note: Once activated, you cannot modify the protection group anymore. You cannot edit or delete, change the VM membership, edit or delete snapshots.

Create Protection Group | General

 

Note: When you restore snapshot, it actually stops your VM and then put the VM in the time when the snapshot was created (it goes back in time), so you should be aware of that. This is the normal snapshot behavior we all know.

Instant Deletion and Recovery – Snapshots can be deleted instantly without impacting performance. VMs can be restored to any point-in-time snapshot or cloned from a snapshot, even if the original VM has been deleted from vCenter/ESXi. (This is certainly useful and allows quickly restore a full VM).

Compatibility?

Yes, snapshot feature is fully compatible with existing backup applications using VMware’s vSphere API for Data Protection (VADP). This compatibility ensures seamless integration with third-party backup solutions, providing additional layers of data protection.

With these enhancements, VMware vSAN ESA 8.0 Update 3 offers a robust and efficient solution for data protection, making it easier for administrators to manage and safeguard their virtual environments.

VMware vSAN ESA 8.0 U3 Data Protection Deployment

When you activate the vSAN ESA in your environment, the Data Protection is NOT active out-of-the box. No. The Data Protection is an appliance (a VM) that you must deploy. It is possible to download it from VMware/Broadcom customer portal. You’ll find it within “drivers and tools” within the VMware vSAN group there. It’s called VMware vSAN Snapshot Appliance and the latest filename is – “snapservice_appliance-8.0.3.0-24057802_OVF10.ova”.

The deployment is a bit tricky as your DNS must match exactly, there are certificates you must copy exactly, and all this without any reasonable output if somethings isn’t configured as it should. The appliance simply deploys, but does not show in your UI. Duncan Epping has a post talking about possible solutions, but then I stumbled across William Lam’s post which automates everything via PowerCLI script. The script needs to be modified to fit your environment, but even for me who is not a scripting guy, this was an easy way of trying out the Data Protection within my nested lab.

Simply do connect to your vCenter first with

Connect-VIServer cmdlet, and then launch the script you have previously downloaded from William’s Github.

Simply do connect to your vCenter first with

 

You wait just couple of minutes, the OVA is deployed, certificates are downloaded automatically, and then within the UI of your vSphere client, you should see the plugin deployments. (Which was not the case when I tried to deploy the OVF manually….)

Nask name | Target | Status

 

After that, when you go to you should see the Data Protection VM status as “Deployed”. (this wasn’t the case when I tried to do the manual deployment). Even if my DNS seems to be fine and I copied the text within the certificate as required for the deployment.

vSAN | Services

Final Words

VMware vSAN 8.0 Update 3 introduces significant enhancements in data protection, making it a robust solution for safeguarding virtual environments. Here’s a look at key features:

  • Deep-Snapshots – Scalable Snapshots: Leveraging the ESA (Express Storage Architecture), vSAN 8.0 U3 enables high-performance, scalable snapshots. These snapshots are designed to be efficient and quick, minimizing the impact on system performance.
  • Local Data Protection – The new update allows for capturing local snapshots using an intuitive UI, which can be stored directly on the vSAN datastore. Even if you need to re-deploy the Data Protection appliance VM, you still find your snapshots where they were before – on the vSAN datastore.
  • Snapshot Schedules – Users can define snapshot schedules, ensuring that data is backed up at regular intervals without manual intervention.
  • Data Protection Groups – allowing admins to define VM membership, snapshot schedules, retention policies, and immutability criteria. This helps in organizing and managing data protection more effectively.
  • Immutability Criteria – Ensuring that snapshots cannot be altered or deleted within a specified period, providing an additional layer of security against data tampering.

VMware keeps pushing the research, listening to their customers, and continuously improving their technology. It’s really good to see. These latest features and improvements collectively enhance the data protection capabilities of VMware vSAN 8.0 U3 ESA, making it a more reliable and efficient solution for modern virtual environments.

The question remains whether la vast majority of VMware clients are facing today, the VMware licensing renewal. And this is just another chapter that we will not write about today as we leave it to other analysts.

Hey! Found Vladan’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!