Hyper-V Server 2008 R2 is a free virtualisation platform from Microsoft and an excellent bargain; I guess it is something Microsoft feels it has to do in order to compete with VMWare’s vSphere Hypervisor (ESXi) which is also free. Of course Microsoft still gets your money if you run Windows Server on the VMs, in either case. Hyper-V Server is in essence Windows Server Core with just the Hyper-V Role enabled, which means there is no full GUI, just a command window and a few odd GUI apps like Task Manager, Notepad and Registry Editor which Microsoft decided we cannot live without.
So what happens if you want to backup Hyper-V Server with built-in tools? Windows Server Backup is not available, first because it is a GUI application, and second because it is not installed.
There is a way. Windows Server Backup has a command-line version called Wbadmin. In some ways it is better, because you can script it, schedule it, and easily configure it through command-line arguments. It is not installed by default on Hyper-V Server or Server Core, but you can add it:
ocsetup WindowsServerBackup
Aside: If you want to see what else you can install with ocsetup, try oclist. You can install all sorts of things on Hyper-V Server, using this and third-party software, but note the terms of the EULA:
2(b). The instance of the server software running in the physical operating system environment may be used only to:
· provide hardware virtualization services, and/or
· run software to manage and service operating system environments on the licensed server.
Backup comes into that category in my opinion, but there could be areas of uncertainty. Using Hyper-V Server as a general-purpose file server would be a breach of the license, but using a file share on Hyper-V Server to copy some utilities which which to manage the server should be OK. I think – consult your lawyer.
Once you have Wbadmin installed you can backup the server. Attach an external hard drive, say to drive E, and run:
wbadmin start backup -backupTarget:e: -include:c:,d: -quiet
Actually that is not quite right, though it was my first effort. If you run this, even on a system with only C and D drives, you will get a warning:
Note: The list of volumes included for backup does not include all the volumes that contain operating system components. This backup cannot be used to perform a system recovery. However, you can recover other items if the destination media type supports it.
The reason for this is that current versions of Windows use a hidden system partition by default. This partition does not have a drive letter, but is needed for system recovery. In order to include it, add the –allCritical argument:
wbadmin start backup -backupTarget:e: -include:c:,d -quiet -allCritical
This will add the hidden partition to the backup, and enable system recovery, where you can restore the OS and all its data in once operation.
Another important argument is –vssFull. This switch in effect tells the operating system it has been backed up. The archive bit on changed files is flipped. You want this to happen if this is your only backup, but you don’t want this to happen if you are also using another type of backup.
Note that you can quit the backup with Ctrl-C but in fact it continues running. If you quit and then want to check the status, type:
wbadmin get status
and if you really want to quit:
wbadmin stop job
Backing up running VMs
Now the interesting bit. Can we backup VMs while they are running?
It should be possible, though Microsoft does not make it easy. The idea is that the backup saves the state of the VM in a snapshot, and backs up the snapshot. This means it should start cleanly on restore. But there are several tricky points.
First, if you want to backup VMs from the host, you need to set a registry key – see the following article. I would like to know why this is not set by default – it must be deliberate, since the requirement has stayed the same in Server 2008 and Server 2008 R2.
Second, there are actually two different snapshot mechanisms, one operating entirely on the host called “saved state”, and one operating in conjunction with integration services in the VM, called “Child VM snapshot”, according to the most detailed official article on the subject. This feature is shown in Hyper-V settings as Backup integration. For the Child VM Snapshot to work, there is a further limitation, that:
The Snapshot File Location for the VM is set to be the same volume in the host operating system as the VHD files for the VM.
I am not sure what happens if you have VHDs in several locations, as you might do if you wanted to optimize performance by having VHDs on different physical disks. [Update – apparently in Windows Server 2002 R2 the .AVHD snapshot files are always in the same location as their parent VHD, and this is on a per-VHD basis, so it should not be a problem in R2].
Third, there is a question mark about whether either method works for VMs running Active Directory:
Active Directory does not support any method that restores a snapshot of the operating system or the volume the operating system resides on. This kind of method causes an update sequence number (USN) rollback. When a USN rollback occurs, the replication partners of the incorrectly restored domain controller may have inconsistent objects in their Active Directory databases. In this situation, you cannot make these objects consistent.
I am also not clear whether archive bits are flipped in the child VM, if you use –vssfull along with the Child VM snapshot. If so, you should definitely not use –vssFull in the host if you are also backing up from the guest. I am trying to get clarification on these points.
These are more questions than I would like for something as critical as backup and restore of VMs. For peace of mind you should either shut them down first, which is unacceptable in most production environments, or else backup from the guest instead of, or in addition to, backing them up from the host. I’ll update this post when I get further information.
Data Protection Manager
Finally, note that in grown-up Microsoft environments you are meant to use Data Protection Manager (DPM) rather than fiddling around with wbadmin. There is even a white paper on how this integrates with Hyper-V. Ultimately though this is also based on VSS so some of the same issues may apply. However, if you are using the free Hyper-V Server 2008 R2, you are probably not in the market for DPM and its additional hardware, software and licensing requirements.