Export (0) Print
Expand All

Protect Hyper-V virtual machines

Updated: November 1, 2013

Applies To: System Center 2012 R2 Data Protection Manager, System Center 2012 SP1 - Data Protection Manager

Data Protection Manager (DPM) in System Center 2012 provides continuous data protection for virtual machines that are hosted on servers that run Microsoft Hyper-V. This section provides an overview of DPM scenarios for Hyper-V protection and instructions to set up protection.

System Center 2012 SP1 improvements

System Center 2012 Service Pack 1 (SP1) provides a number of new features to improve the DPM backup experience of servers that run Hyper-V and host virtual machines:

  • Improvements for backup of virtual machines by using Cluster Shared Volume (CSV) storage:

    • Support for Cluster Shared Volumes (CSV) 2.0 that results in a 90 percent improvement in the performance by extending the express full backup to CSV clusters and improved cluster query performance.

    • Parallel backups are supported. This feature eliminates the requirement to disable parallel backup and serialize the guests on multiple CSVs.

    • No performance difference between backups from CSV owner and non-owner nodes.

  • Improvements in scale of DPM:

    • Increased scale that allows protection of up to 800 virtual machines of 100 GB each on one DPM server and allows multiple DPM servers that support larger clusters.

    • Better storage savings by excluding the page file from incremental backups to improve virtual machine backup performance.

  • Improvements in deduplicated volumes backup:

    • Data deduplication finds and removes duplication within data without compromising its fidelity or integrity.

    • DPM allows optimized backup of deduplicated volumes, both locally and over the network.

  • Backup post VM migration—You can move virtual machines from one location to another while the virtual machines sustain connections and with no noticeable drop time-based on these improvements, live migration provides uninterrupted data protection. Live migration can transfer virtual machines between two stand-alone servers, within a cluster or between stand-alone and cluster nodes. DPM can be used to back up data of virtual machines that are configured for live migration.

  • Improvements in online backup—You can use DPM to back up virtual machines by backup vaults in Windows Azure Backup.

  • Improvements for backup of virtual machines by using SMB 3.0 storage—Windows Server 2012 supports the use of server message block (SMB) 3.0 file shares as remote storage, which allows Hyper-V to store configuration files, virtual hard disk (VHD) files, and snapshots on SMB file shares. SMB support provides the following benefits for DPM backup:

    • More efficient express full backups.

    • Continued protection even after live migration.

    • Support for SMB shares on a stand-alone file server or on a cluster of file servers.

DPM protection overview

DPM protection supports the following scenarios:

  • Protects virtual machines that are hosted on stand-alone servers that run Hyper-V and that use local or directly attached storage.

  • Protects virtual machines that run on a cluster. The cluster uses Cluster Shared Volumes (CSV) storage.

  • Protects virtual machines that run on a stand-alone server or cluster and that use SMB 3.0 file server storage.

  • Protects virtual machines that are running during a live migration.

Protection for virtual machines on a stand-alone server that is running Hyper-V

Hyper-V on Standalone

This configuration protects one or more virtual machines on a stand-alone host computer. Storage can be local on the host server, or directly attached to it, for example a hard drive, a storage area network (SAN) device, or a network attached storage (NAS) device. Alternatively, the host server might use SMB 3.0 storage on an alternate file server. The DPM protection agent must be installed on all hosts and on the file server if storage is hosted by using SMB 3.0.

Protection for virtual machines in a cluster of servers that run Hyper-V

Protecting Hyper-V on clustered host

This configuration protects virtual machines that are located on servers that run Hyper-V and that run in a failover cluster. Storage can be deployed on Cluster Shared Volumes (CSV) or on a separate SMB 3.0 file server. The DPM protection agent must be installed on all host computers in the cluster, and on the file server where storage is hosted by using SMB 3.0.If you use a clustered host for your virtual machines, you must install the DPM protection agent on all the computers in the cluster. For more information, see Protecting virtual machines in clusters with CSV storage.

Protection for virtual machines by using SMB 3.0 storage

Hyper-V using SMB

If the stand-alone server that is running Hyper-V or the Hyper-V cluster use an external SMB 3.0 file server for storage, the DPM protection agent must be installed on the file server. If the storage server is clustered, the DPM protection agent must be installed on each cluster node. Note that full-share and folder-level permissions are required for the machine$ account of the application server on the SMB share. For more information, see Protecting virtual machines with SMB storage.

Protection of virtual machines post migration

Hyper-V with Live Migration

Live migration enables you to migrate virtual machines from one location to another with no noticeable downtime for users or network applications. You can perform live migration between two stand-alone servers that are running Hyper-V, or between two nodes in the same or different Hyper-V failover clusters. You can also perform a live migration of virtual machine storage so that virtual machines can be moved to new storage locations while they continue to run. The process of running multiple live migrations concurrently is supported.

Migration is often performed independently of backup procedures and can lead to backup failures if not coordinated. DPM addresses this issue by detecting live migration of virtual machines and automatically optimizing backups.

  • Live migration within a cluster— When a virtual machine is migrated within a cluster, DPM detects the migration, and backs up the virtual machine from the new cluster node without any requirement for user intervention. Because the storage location has not changed, DPM continues with express full backups. In a scaled scenario with two DPM servers to protect the cluster, a virtual machine that is protected by DPM1 continues to be protected by DPM1, no matter where the virtual machine is migrated.

  • Live migration outside the cluster—When a virtual machine is migrated between stand-alone servers, different clusters, or between a stand-alone server and a cluster, DPM detects the migration, and can back up the virtual machine without user intervention.

For more information, see Protecting virtual machines during live migration.

Backup overview

DPM provides protection with online backups that do not affect the availability of protected virtual machines. Online backups are supported for servers that are running Hyper-V on the operating systems Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003.

By default, DPM backs up virtual machines in an online state. However, if any of the following conditions are true that are set by the Hyper-V writer, DPM performs backups in an offline state:

  • The Backup (Volume Snapshot) Integration Service is disabled or not installed.

  • A virtual machine has one or more dynamic disks.

  • A virtual machine has one or more volumes that are based on non-NTFS file systems.

  • In a cluster configuration, the virtual machine Cluster Resource Group is offline.

  • A virtual machine is not in a running state.

  • A Shadow Storage assignment of a volume inside the virtual machine is explicitly set to a different volume other than itself.

In these cases, the virtual machine is put in a saved state before a snapshot of host volumes are taken for a backup except when the virtual machine is turned off. The Hyper-V VSS writer adds the virtual machine in the following format: For offline backups: Backup that uses the saved state\<VMName>. In an online backup, the following format is used: Backup that uses the virtual machine snapshot\<VMName>

Note the following:

  • During offline backups and online backups, the name of the data source remains unchanged even if the virtual machine configuration changes to support online backups or to perform any additional backups.

  • DPM supports offline protection for guests that are running older operating systems such as Microsoft Windows NT 4.0 and Microsoft Windows Server 2000, and Linux. Offline backup requires DPM to pause a virtual server, take a snapshot of the server, bring the virtual server online again, and then back up the data on the snapshot.

Backup types

DPM can perform backups by using disk, tape, or cloud-based backups as follows:

  • Disk-Based backup—Disk-based protection allows for rapid backup and restore of protected data. This speed is critical in that the vast majority of restore operations occur within a relatively short period after a data backup.

  • Tape-based backup— Although protected data is not initially written to tape, the tape-based backup does have a place in a DPM data protection system. DPM allows backed-up data to be copied to tape to meet data retention and archiving requirements.

For more information, see Data storage overview.


DPM works seamlessly with Hyper-V VSS writer to ensure that consistent versions of virtual machines are captured and protected without affecting virtual machine access. The ability to back up open files is critical for business continuity, and Volume Shadow Copy Services (VSS) is a technology that creates frozen copies of open files. It ensures that virtual machines do not have to be put into hibernation or be shut down before a consistent backup can be made. VSS, DPM, and Hyper-V interact as follows:

  • The DPM block-based synchronization engine makes an initial copy of the protected virtual machine and ensures that the copy of the virtual machine is complete and consistent.

  • After the initial copy is made and verified, DPM captures backups by using the Hyper-V VSS writer. The VSS writer provides a data-consistent set of disk blocks that are synchronized with the DPM server. This approach provides the benefit of a "full backup" with the DPM server while it minimizes the amount of backup data that have to be transferred across the network.

  • The DPM protection agent on a server that is running Hyper-V uses the existing Hyper-V APIs to determine whether a protected virtual machine also supports VSS.

    • If a virtual machine is running guest operating systems beginning with Windows Server 2003, and has the Hyper-V integration services component installed, then the Hyper-V VSS writer recursively forwards the VSS request through to all VSS-aware processes on the virtual machine. This operation occurs without the DPM protection agent being installed on the virtual machine. This recursive VSS request allows the Hyper-V VSS writer to ensure that disk write operations are synchronized so that a VSS snapshot is captured without the loss of data.

    • The Hyper-V integration services component invokes the Hyper-V VSS writer in Volume Shadow Copy Services (VSS) on virtual machines to ensure that their application data is in a consistent state.

    • If the virtual machine does not support VSS, then DPM automatically uses the Hyper-V APIs to pause the virtual machine before they capture data files.

After the initial baseline copy of the virtual machine synchronizes with the DPM server, all changes that are made to the virtual machine resources are captured in a new recovery point. The recovery point represents the consistent state of the virtual machine at a specific time. Recovery point captures can occur at least one time a day. When a new recovery point is created, DPM uses block-level replication in conjunction with the Hyper-V VSS writer to determine which blocks have been altered on the server that is running Hyper-V after the last recovery point was created. These data blocks are then transferred to the DPM server and are applied to the replica of the protected data.

The DPM server uses VSS on the volumes that host recovery data so that multiple shadow copies are available. Each of these shadow copies provides a separate recovery. VSS recovery points are stored on the DPM server. The temporary copy that is made on the server that is running Hyper-V is only stored for the duration of the DPM synchronization.

In addition to protecting individual virtual machines that are hosted on a server that is running Hyper-V, DPM can also protect workloads that run on a virtual machine for an extra level of protection. This process is the only way in which you can protect data that is stored on pass-through disks. Pass-through disks allow the virtual machine direct access to the storage device and do not store virtual volume data within a VHD file.

For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft