Virtual Tape Library on Azure used with Microsoft System Center Data Protection Manager 2016
- March 29, 2017
- 26 min read
INTRODUCTION
Tapes have been the definite archive media for many years and will probably continue to be used for this purpose for many years to come. There are many reasons why you may want to use tapes versus cloud, like meeting compliance and security requirements, accommodating backup latency issues, or you are just not ready to move your data to the public Cloud.
For many companies, there is no interest in backing up the production data to an actual tape. The reason is that they only need the Grandfather-father-son rotation or granularity. Tapes are also sensitive to magnetic fields and condensation and the transfer speed is slow. The same things can be accomplished using a virtual tape library, also known as VTL, which could be a hardware box or software that you install on your backup server.
StarWind Virtual Tape Library (VTL) is an appliance and can also be software-only (as part of StarWind VSAN functionality) that eliminates the need for physical tapes by emulating industrystandard tape hardware, keeping all data on inexpensive, fast and high-capacity spinning disks. It is designed for SMB and Enterprises, who either look to get rid of backup tapes completely, or are willing to accelerate the backup process and add an extra level of protection. Even with explosive data growth, StarWind VTL fits the backup into the backup window by accelerating it, so the process does not overlap with production time. Optionally, it creates an additional copy of backup data on the intermediate HDD for better safety. As a result, tape backup becomes affordable, fast and convenient.
This guide is intended for experienced StarWind users and Windows system administrators and IT professionals who would like to configure StarWind Virtual SAN solution. It provides detailed instructions on how to create the Virtual Tape Library device that will run on top of the Windows Server 2016 and integrate with Microsoft System Center Data Protection Manager 2016.
A full set of up-to-date technical documentation can always be found here, or by pressing the Help button in the StarWind Management Console.
For any technical inquiries, please visit our online community, Frequently Asked Questions page, or use the support form to contact our technical support department.
Content Copyright
Some content of this whitepaper has been copied from a whitepaper, wrote by Charbel Nemnom Microsoft® MVP, about VTL used with SCDPM.
What is a Virtual Tape Library (VTL)
A virtual tape library simulates a media changer and a number of tape drives. Instead of using physical tapes, the VTL software or hardware writes the backed up data to individual files that represent a tape. Different vendors use different file setups and extensions.
The advantage of using VTL versus actual tape is to gain granularity of the tape while benefiting from the speed of a disk-based backup and restoration. This also enables you to customize your storage for the VTL software or hardware. You can either choose to have a lot of storage but lack speed or the opposite.
A VTL solution is installed and configured the same way as a physical tape library, and from a DPM perspective, you can manage it the same way regarding its short-term and long-term retention policy.
Introducing System Center Data Protection Manager 2016
System Center Data Protection Manager 2016 (SCDPM) is the latest release by Microsoft with a lot of improvements and new features. DPM is well recognized in the industry for the protection of Microsoft workloads and environments. With DPM 2016, you can back up the most common workloads in a modern data center. DPM can backup various business workloads that might be running on physical machines, Hyper-V, VMware, or in Microsoft Azure:
• Exchange Server
• SQL Server
• SharePoint Server
• Microsoft Dynamics
• Windows Server
• Hyper-V VMs
• System States and Active Directory
• Windows clients
• Files and folders
• VMware VMs (Supported starting with DPM 2012 R2 Update Rollup 11 or later, DPM 2016 support is coming very soon).
In an earlier article, we have covered the latest features of System Center Data Protection Manager 2016. You can read all about it here.
The data protected by DPM can be backed up to disks for short-term retention, to tapes for short-term and long-term retention, and to Microsoft Azure for long-term retention.
Pre-Configuring the Servers
The following schema is showing the hypervisor in your data center with virtual machines and System Center Data Protection Manager on it, and the connectivity with the StarWind VTL server that is running on Azure through a Site-To-Site VPN or through an ExpressRoute:
Prerequisites
Before starting the installation of this infrastructure, you need the following prerequisites:
• An Azure Subscription (you can have a free trial here)
• A connection to Azure with one of the following:
• Site to Site VPN
• ExpressRoute
When these prerequisites are met, you can start to deploy your VTL environment to Azure.
Installing System Center Data Protection Manager 2016
You can install SCDPM in different ways. Please refer to the articles below in which we have described in detail how to install System Center Data Protection Manager 2016 and where you can choose the installation method that suits your needs:
• How to install SCDPM 2016 on Windows Server 2016 and SQL Server 2016
• How to Automate the installation of SCDPM 2016 on Windows Server 2016
• How to Deploy SCDPM 2016 using SCVMM 2016 on Windows Server 2016
System Center Data Protection Manager 2016 can protect Windows Server 2016 private cloud deployments efficiently and seamlessly. In Windows Server 2016, Microsoft has introduced Resilient Change Tracking (RCT) technology. RCT allows backup applications (such as DPM) to find out which blocks of a file have been changed since an earlier point in time. DPM 2016 relies now on RCT technology to check the virtual hard disk file that has been changed and only read the changed blocks instead of tracking the VM changes using the file system driver. However, when you deploy DPM 2016 agent on any Windows Server 2016 Hyper-V (host or cluster), DPM will still install the file system driver for you, which gives you the flexibility to migrate VMs from Windows Server 2012 R2 to Windows Server 2016, and keep protecting those VMs for you seamlessly. Best of all, the RCT technology is transparent and does not need any configuration or management from your side.
In this guide, we will focus on StarWind Virtual Tape Library (VTL) management on Azure, and how System Center Data Protection Manager 2016 can leverage it.
Deploying VTL on Azure
We will start by deploying the VTL Appliance on Azure Virtual Machine. Before starting the deployment, make sure to provide a connection to your data center (see prerequisites chapter).
1. Go to the Azure portal, https://portal.azure.com and search for StarWind (1) products. Select the StarWind VTL product (2) and click Create (3):
2. Provide a name for the VM, the disk type (HDD or SSD), a username/password combination, choose the subscription, a resource group and a location. Click OK:
3. Choose a size. Be careful, depending on the VM size, you will be able to add more data disks. I’ll start with a DS3_V2 VM size:
4. In the Settings part, choose if you want to use Managed disks, specify a storage account, and choose the Virtual Network where your S2S VPN or your ExpressRoute is connected. You can additionally add a Public IP and an NSG:
5. When the validation has been passed, you can deploy the VTL Appliance in the VM on Azure:
6. As you can see, in the last part you have a licensing information. Here, the license must be imported to the console. But for other products, like Virtual SAN, you can pay for your license with your Azure Subscription:
7. The deployment is in progress:
8. After less than 10 minutes, the appliance has been deployed correctly:
9. To use tapes, we must provide a data disk to store data. Add a data disk directly to your Virtual Machine on Azure:
10. The disk has been created successfully:
11. Now, connect to the VM and create a new volume:
Virtual Tape Library Configuration
1. If you have a license, install it, or contact the StarWind team to get a trial or to buy one:
2. Add Azure (localhost) server where the StarWind VTL is installed:
3. When you’re connected, go to Configuration (1), click Advanced Settings (2) and Modify (3):
4. Choose the volume where you would like to store tapes:
5. Right click on the server and choose Add Device (advanced):
6. Choose Tape Device as a device type:
7. Choose to create a Virtual Tape to store data on disks:
8. Give a name to the VTL loader and choose the location:
9. Select the Device Model to emulate a tape drive. Based on DPM compatible list of tape libraries, the HP MSL2024 and HP MSL8096 both are supported. For this example, we will select HP MSL8096 because it’s more performant than HP MSL2024. Please note that ADIC is not supported by DPM.
10. Create a new iSCSI target to connect your DPM environment later:
11. You can start the creation of the VTL loader:
12. The creation of the VTL loader is finished:
It’s now time to create a tape. Right click on your VTL loader (1) and choose Create Tape…(2):
14. Choose the Tape Type (1) and the size for the VTL (2). In this example, we will select LTO-6 Ultrium 6/16T (2500GB) ~2.45TB. The recommended types to use are LTO-5 and LTO-6 tapes. You can also customize the Tape Capacity Size in case you don’t have enough usable space (i.e. LTO-6 with 1000GB). You cannot set the value higher than the maximum tape capacity (Less Than or Equal To 2500GB is supported). As a best practice, we would suggest creating more tapes with smaller sizes instead of larger sizes (more on that in Configuring tape optimization for DPM section).
15. The virtual tape has been created, and you can see it in the StarWind console or in the Windows Explorer:
Integration of VTL with SCDPM
1. The first step before configuring the tape in SCDPM is to create an iSCSI connection to our Azure VTL server. Open the iSCSI Initiator from SCDPM and navigate to the Discovery tab. Click on Discovery Portal and provide the IP address of your Azure VTL VM:
2. When it’s done, go to the Targets tab to connect the target. Select the target and click Connect:
3. Be sure to choose a dedicated network to use this (like backup):
4. The iSCSI target is now connected:
5. Open the Device Manager console and you will see 2 new components: Medium Changer devices (1) and 4 Tape drives (2). We have 4 drives because when we were creating the VTL, we chose the device model HP MSL8096 supporting 4 drives:
If you’re using a physical DPM server, you can install the update, which is currently at version 4.2.0.0 and supports Windows Server 2016. You can download this update here.
6. My DPM server is virtual, so I can’t update drivers for the HP MSL8096. I just right click on the Unknown Medium Changer object and do an automatic update. After a few seconds, the driver is installed:
Add a tape to SCDPM
1. Now, when the environment is ready, we can add tapes to DPM. Open the SCDPM Console. Normally, tapes are discovered automatically. If not, click Rescan button on the top left of the console:
I have my library with 4 drives and 96 slots for tape. 95 slots are empty because I have created 1 tape at the beginning with 500GB.
2. You can create more tapes by clicking Add after selecting the Library:
3. A message will appear. Don’t click OK until you have created the tape in the StarWind console:
4. I have created a new tape in the StarWind Console:
5. I can now click OK. The tape will appear in the SCDPM console:
6. Before using these tapes, we need to identify them. Select two tapes and click Identify on the top:
7. After a few seconds, I can see that the Tape Label is Free:
Create your first Protection Group
We can now start protecting our servers on tape using VTL.
1. In the DPM console, click Protection and New. A new window will appear:
2. Choose servers or clients you want to protect:
3. Give a name to this protection group and choose the tape for the short-term protection and for the long-term protection (you don’t have the choice for this one):
4. It’s now time to schedule your backup. You will have the possibility to configure the shortterm backup and the long-term backup. Configure them at your convenience:
5. Choose the tape library (we have only one library) and the drives allocated. Since we have 4 drives available, increase the number up to 4. Performance will be better because you will read/write data on 4 drives simultaneously. Choose the compression of data to gain space:
6. The protection group is ready to be created:
7. The creation process is started:
8. The creation process is finished:
9. If you don’t want to wait till the first backup, you can force it by right clicking on the group and choosing Create recovery point:
10. I’ll start the short-term protection. Here, you have some information about tapes:
11. The backup is in progress:
12. Here is the view from the StarWind console:
13. Depending on your bandwidth, it’ll take some time to back up your servers/clients:
14. The view from the StarWind console:
15. The view from the Windows Explorer on the StarWind VTL server:
16. And the VHD in Azure:
Restore data from the VTL
The backup is now finished. We will restore data from the VTL. Before restoring, be sure that you have calculated the cost of the download of the image. In Azure, the billable network is the data transferred out of Azure datacenter. You can calculate the cost with the Azure pricing calculator, with the Bandwidth object (the first 5GB are free). To do the restore operation, the VTL server in Azure must be reachable from the DPM server.
1. In the DPM console, go to the Recovery tab and choose the server/client that you want to restore after selecting All Protected HyperV Data (1) and after choosing the VM (2) and the recovery point that you want (3):
2. Right click on the source and choose Recover… The first screen is giving you the information about the backup you have chosen:
3. Choose the recovery type. I’ll choose to recover the server as a virtual machine on another host, but you can choose to replace the original VM or to copy the restoration to a network folder or to tape:
4. Choose on which host you want to restore your server and in which folder:
5. In the Specify Recovery Options wizard, you can configure specific options for the recovery. The first thing to verify is the Recovery library name. It is important to choose the library that hosts all the tapes that are needed for the recovery. In this example, we have only one tape drive named “Hewlett Packard MSL G3 Series library (x64 based)”:
6. Review the recovery settings on the Summary page:
7. You can start the recovery:
NOTE: When restoring data from a tape, DPM uses a scratch space before it delivers the data to the selected data source. It is very important that your DPM %systemdrive% server has more than 10 GB of free disk space.
DPM supports Item-Level Recovery (ILR), which allows you to perform a specific recovery of files, folders, volumes and virtual hard disks from a host-level backup of Hyper-V virtual machines to a network share or a volume on a DPM protected server. However, ILR is not supported when you restore from tapes, and you can only restore an entire VM or a single virtual hard disk.
8. The restoration is finished:
9. The VM has been created correctly:
Configuring tape optimization for DPM
This section will cover how to set up tape colocation and optimization for DPM.
When Microsoft released System Center Data Protection Manager 2007, they introduced a new feature called co-location. By enabling this feature, DPM 2016 allows you to choose which protection groups can be co-located on the same tape regardless of retention goals. This has a large impact on how long a tape can be used for backup jobs.
As a side note: If you don’t optimize and co-locate your protection groups, you will not be able to backup further once all tapes in your tape library are used at least once. The collocation set is needed for Scheduled backups and for Ad-Hoc backups in order to use the same tapes.
To enable co-location for your protected workloads on tapes, there are some key points that you should be aware of. DPM uses protection group sets to optimize tape usage. A protection group set is a set of protection groups for which the backups will be co-located on tape. The tape optimization feature is used to allow multiple protection groups to share a tape to store their backups. The first thing you need to configure is to create new sets of tape optimization by using DPM console and then associate protection groups to the set.
1. In the DPM console, click Management > Libraries. Select your library and choose Optimize usage:
2. When you click Create, a new window will appear, which will present you the option to choose the desired Protection Group for tape optimization. Select the checkbox next to the name of the Protection Groups field that you would like to co-locate, uncheck the box Don’t allow backups of different retention periods to co-locate on same tape, and click OK:
If you select this feature, DPM will ensure that datasets of different retention ranges will not be backed up to the same tape. In this guide, we use daily backups with retention range 12 weeks and quarterly backups with retention range 3 years. So, if you select this option, once a tape is used for a daily backup (with retention range of 12 weeks), it will not be used for any quarterly
backup (with retention range of 3 years). Similarly, once a tape is used for a quarterly backup, it will not be used for a daily backup.
But since we are using StarWind Virtual Tape Library (VTL), you can decide if this is the desired scenario in your case. Ideally for physical tapes, for each short-term tape full backup, a new tape will be used in DPM by design. And for each long-term tape full backup, a new tape will be used as well. The incremental backups will always go onto the same tape.
As mentioned earlier, for VTL scenarios, we would advise creating more tapes with smaller sizes. Generally, the collocation feature is utilized to use same tapes for backing up data sources of different protection groups. Thus, we will leave “Don’t allow backups of different retention periods to co-locate on same tape” unchecked.
Configuring DPM for the short erase tape feature
By default, when you erase a tape using System Center Data Protection Manager (SCDPM), it performs a long erase, this is always a time-consuming process, and it is a very common scenario regardless of the tape type you are using. A faster way is to perform a short erase.
1. On the DPM server, open the regedit console and navigate to the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent. Here, create a new DWORD value named UseShortErase with the value 0000000. Restart the server:
Short erase is faster but it does NOT erase the data from the tape. If you have a policy in your company that dictates that all data from the tape must be erased and unrecoverable, then you shouldn’t use this option. To revert to long erase, please remove this registry key.
2. To erase a tape, be sure that the tape is not associated to a protection group. Open the Libraries workspace in the Management view and select the desired tape for erase. Right click and select Erase tape:
3. Click yes to erase data:
4. When it’s done, the tape is changed to Free:
Understanding tape reports in DPM
DPM provides you with the information needed to keep track of your tapes, so you can manage them more effectively.
In the DPM console, click on Reporting view. You have two different tape reports that are very useful:
• Tape Management
• Tape Utilization
The Tape Management report provides you with information regarding how to manage tape rotation and lists all the libraries that are below the free tape threshold. It’s important to know that data is collected per library and is aggregated for all libraries.
The Tape Utilization report will give you the data needed to find the trends that will help you in capacity planning.
CONCLUSION
Tape is here to stay, because it offers affordable capacity and outstanding long-term vaulting capabilities. Being better in terms of price and capacity than traditional physical tapes, including modern high capacity SATA spindles, and able to last for decades, it’s often included into regulatory requirements for some companies.
StarWind VTL merges with existing infrastructure and fits the backup process into a much smaller backup window. Additionally, it creates a redundant snapshot copy and meets regulatory requirements with decreased backup cost and enhanced performance.
Backup and recovery have been a natural part of the business continuity plan for many years. By combining StarWind Virtual Tape Library and System Center Data Protection Manager 2016 you receive a unique opportunity to save on storage cost and protect your critical data against malware, ransomware, and intrusion attacks. With Azure, your data can be stored on 3 data centers (with GRS option) and will never be lost.
We hope this guide gave you a solid foundation on how to protect your data using System Center Data Protection Manager 2016, Azure and StarWind VTL.
We highly encourage you to deploy and evaluate the current release of DPM 2016 and StarWind VTL on Azure. We welcome your comments and feedback.