It is no secret that VMware vSphere is one of the best enterprise virtualization solutions in today’s world. Thanks to an extensive list of advanced features, it provides powerful performance and high availability in hosting workloads.
Organizations running their virtual machines (VMs) on VMware continuously strive to ensure that their critical workloads are protected. An advanced backup solution can provide this peace of mind by leveraging native VMware backup functionality and at the same time allowing you to easily execute backups and recoveries.
This blog post lists the best practices that can help you guarantee the safety of your data. It is worth mentioning that almost all of these procedures are also applicable for other hypervisors and environments including Hyper-V, Nutanix AHV, cloud storage and physical machines.
1. Identify Critical VMs and Applications
Before carrying out any data protection activity, it is important to identify the critical data and machines for business continuity. Determine how significant each VM is in order to set the frequency of backups, retention policies, and recovery objectives. Your top priority should be to safeguard customer information, IT infrastructure, and financial data to avoid costly downtime or compliance issues in case of a disaster.
2. Invest in a Modern Data Protection Solution
Performing smart VMware VM backups reduces the chance of data loss, maintains uptime and ensures regulatory compliance. Ideally, you should combine VMware with a data protection solution to implement all of the best practices mentioned below and guarantee workload recoverability. Click here for more information on a universal solution that allows you to back up all your physical, virtual, cloud, and SaaS workloads.
3. Define RPOs and RTOs
Recovery Point Objective (RPO) and Recovery Time Objective (RTO) refer to the maximum amount of downtime and data loss that your business can bear. Now that you are perfectly aware of which data is the most critical for your business, you can adequately assign RPO and RTO for each type of machine.
Set up schedules and automatically create regular backups to meet RPOs. As for RTOs, you can maintain high availability and continuity by using instant recovery options.
4. Develop an Effective Retention Policy
Most backup solutions support hierarchical recovery points and allow you to store backups for an extended period. Make sure you create a retention policy that suits your organization’s needs. It would be a good idea to consider the following practices:
- Store incremental backups to save on storage space.
- Ensure that the latest backups are easily accessible.
- Develop a recovery plan.
- Choose the number of versions you want to store.
- Create a retention strategy that adheres to your industry’s regulatory requirements.
You can use the stored backups to roll back and recover the data version you need. It is also possible to schedule VMware vSphere backups outside of working hours to reduce bandwidth consumption.
5. Implement the 3-2-1 Backup Rule
This is the golden rule for backups. The 3-2-1 rule mandates that, for optimal recovery, you should have at least three (3) copies of your data; one primary and two copies. Store these copies on two (2) different types of storage media with one (1) copy kept offsite or on a public cloud. You can add an extra layer of protection by creating one (1) offline backup and making it ransomware-proof through immutability or air-gapping.
6. Choose the Optimal Data Transfer Mode
Modern backup solutions usually offer two transport modes for data which you can use to back up VMware VMs:
- LAN-Only Mode: this uses the hypervisor network and includes two methods:
- NBD: in case data encryption is disabled during transfer.
- NBDSSL: in case data encryption is enabled during transfer.
- LAN-Free Mode: boost speed and offload your network with this mode. This functionality also has two methods:
- Direct SAN Access: VMs should be located on a FibreChannel or iSCSI Storage Area Network (SAN).
- HotAdd: the backup solution reads data directly from VMware vSphere VM disks to accelerate data transfer.
7. Create Immutable VMware Backups
The only way you can fully protect your backup data from ransomware, alteration, or deletion is through immutability. Make sure you choose a backup solution that allows storing your backups in different storage media:
- Linux-based repositories: send and lock your VMware backups in immutable Linux-based storage.
- Public clouds: create and send backups to public clouds that offer immutability.
In case of a malware incident, these backups will serve as your last line of defense and guarantee recovery. Immutability cannot be lifted or shortened by any user within or outside your organization before the specified period expires.
8. Automate Data Protection Activities
Reduce time and manual effort by scheduling regular VMware VM backups, backup copies, and recoveries. This simplifies data protection tasks by using policy rules that will automatically add or remove VMware vSphere VMs matching the selected criteria to corresponding jobs.
You can also link jobs to configure a sequence of backup, backup copy, or recovery processes that are triggered one after another. This feature automates workflows and sends backup copies to different storage locations.
9. Verify VMware Backups and Test Recoveries
Backups can still be corrupted or unbootable, and this could spell disaster if your VMs are down and you cannot recover them. There are two solutions to prevent this issue:
- Instant Verification: set up automated verification and examine the recoverability of VMware VM backups and replicas. You can choose between Screenshot Verification and Boot Verification.
- Recovery Test: schedule tests for granular recoveries of specific files and applications or test restore entire VMs.
10. Reduce Backup Size
Advanced backup solutions provide several built-in data reduction techniques including:
- Incremental backups: the Changed Block Tracking (CBT) technology copies the changed data since the last backup job. Not only does this quicken the backup process but also results in storage space savings.
- Deduplication and Compression: optimize the use of storage space in which you back up your VMs.
- Swap files and partitions: store temporary data without affecting your RAM on Windows OS and Linux OS.
- Log truncation: remove transaction files of Microsoft Exchange and Microsoft SQL servers.
Additional Practices for VMware vSphere Backups
In addition to the previously mentioned best practices, data protection solutions provide other procedures that can further enhance VMware VM backups.
Create application-aware backups
Maintaining consistency when performing backups of Windows VMs can be done using guest OS quiescing that relies on Microsoft Volume Shadow Copy (VSS). This will help you avoid data corruption while also ensuring that you achieve application-aware backups of VMs running Microsoft Exchange, Active Directory, SQL Server, or other transactional applications such as databases.
Incorporate storage snapshots into backups
It is advisable to create VMware vSphere VM backups and replicas hosted on HPE 3PAR devices directly from storage snapshots instead of regular VM snapshots. This process reduces the impact of data protection activities on your production environment.
Prevent unauthorized access
You can implement multiple security measures to safeguard your VMware backups data by controlling and limiting user access:
- Two-Factor Authentication (2FA): configure the solution to require a one-time code generated via Google Authenticator or email verification when logging in.
- Role-Based Access Control (RBAC): the principle of least privilege (PoLP) can be used to assign and customize unique roles and permissions that restrict access to different tasks.
- AES 256 Encryption: transform your data into non-readable text, in-flight or at rest.
VMware vSphere VM Backup with NAKIVO Backup & Replication
All the practices detailed above can be found within NAKIVO Backup & Replication, an advanced backup solution that allows you to seamlessly conduct backups and recoveries of virtual machines running on VMware vSphere.
Use the latest versions of VMware vSphere and NAKIVO Backup & Replication
Make sure you stay up to date with the latest releases from both NAKIVO and VMware. New versions are frequently released and contain numerous improvements to existing features in addition to new functionalities that could highly improve your data protection processes. NAKIVO Backup & Replication continuously meet emerging challenges through simple administration, streamlined VMware backups, and reliable recoveries. Download the Free Edition and start backing up your data today – no credit card required.