Microsoft private cloud backup challenges

There are two major challenges that must be addressed when backing up a Microsoft private cloud: figuring out what needs protection and backing up virtual machines.

One of the big trends in IT is the move from relatively simple virtual server environments to private or hybrid clouds. As organizations contemplate such a transition, they must consider how a private cloud implementation will impact their backup process.

A Microsoft private cloud is built from the same basic components as a typical Hyper-V deployment: Hyper-V servers, System Center Virtual Machine Manager (SCVMM), and one or more Cluster Shared Volumes. If your organization uses Microsoft Hyper-V, you probably know how to back up these components.

When it comes to backing up a Microsoft private cloud environment, there are two challenges that must be addressed:

·         Ensuring everything necessary to rebuild the private cloud in the event of a failure is backed up.

·         The ability to back up virtual machines (VMs) residing on inaccessible virtual network segments.

What components require protection?

Every private cloud is different, so each organization's backup requirements will also vary. As a general rule, backing up a Microsoft private cloud environment requires backing up the Azure Pack server, all Hyper-V servers, and SCVMM and its underlying database.

Azure Pack is a Web application that provides tenant and administrative access to the private cloud environment. A server running Azure Pack requires IIS, the Virtual Machine Manager console, the Service Provider Foundation (part of System Center Orchestrator) and a few other miscellaneous components (such as the .NET Framework). Azure Pack also uses a SQL Server database of its own that will need to be backed up.

As you prepare to back up a Microsoft private cloud environment, it is extremely important to include Active Directory. Microsoft private clouds require several different service accounts to function. These service accounts exist within the Active Directory database.

Backing up virtual machines

When backing up private cloud environments, a critical factor is tenant isolation. Private cloud environments generally provide self-service VM creation and management capabilities to authorized users. Such users are able to use the Azure Pack Tenant portal to build VMs from predefined templates. Once a VM has been created, users can configure and use it as they see fit.

Tape backup, cloud-based backups make sense for your organization because users can do almost anything with the VMs they own, a private cloud environment must enforce tenant isolation. In doing so, the private cloud places each tenant's virtual machines onto a separate, isolated network segment. This isolation prevents any tenant from accessing (or even seeing) another tenant's VMs.

To put this concept into perspective, consider the way that public clouds such as Microsoft Azure or Amazon Web Services work. Public cloud providers have a number of different customers, each of whom creates their own VMs. A public cloud provider puts isolation boundaries into place to preserve each customer's security and privacy. These same boundaries also prevent the underlying cloud infrastructure from being exposed to customers. Microsoft private cloud environments use these same sorts of controls to provide tenant isolation.

So how can a backup administrator back up VMs that exist on a completely isolated network segment? There are two approaches that can be used.

·         Back up each Hyper-V server at the host level. This will cause all the VMs to be backed up. The virtual networks, tenants and permissions are configured through SCVMM and stored in an SQL Server database, so these components will also need to be backed up.

·         Perform a guest-level backup of VMs. Guest-level backups are generally discouraged in cloud-scale environments because they can be labor-intensive. Even so, there may be some situations in which host-level backups of specific VMs are problematic.

If you need to perform a guest-level backup of a tenant VM, you will have to do more than just install a backup agent into the virtual machine. Remember, virtual network isolation makes the VM invisible to the backup server. The solution is to handle the backup as if you were backing up a VM from across the Internet. In most cases, tenant VMs can access the Internet. As such, you may be able to set up a logical VPN connection that allows the backup server to communicate with VMs on an isolated network segment. Care must be taken to implement firewall rules that prevent anything other than backup traffic from passing across this link.

Backing up a Microsoft private cloud is not overly difficult, although guest-level VM backups can be challenging. As a best practice, you should avoid guest-level backups of tenant VMs unless absolutely necessary.

Courtesy: Brien Posey