Windows Bare Metal Recovery on Rubrik’s Andes 5.0

Rubrik Andes 5.0 is out! There are so many features that have been added and improved upon. One of the many things that has me excited is Bare Metal Recovery. While virtualization has pretty much taken over the enterprise world, there are still reasons to have physical machines. Whether a workload is unable to be virtualized or its presence on a physical machine is a business requirement, there still exists a need for physical protection. So I wanted to do a quick walkthrough to share how Rubrik has improved its ability to perform bare metal recovery (And to go through it myself!).  I won’t go into how to create, or what SLA policies mean here, since there are plenty of good resources ( https://tinyurl.com/yb9k63ax)  Lets get started!

In order to create the PE boot disk, you will need to download the ADK from Windows. This will download the PE environment. What is needed is a boot cd that gives you a PowerShell prompt and network access. You can download the Microsoft ADK from this page: https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install or the download link here: https://go.microsoft.com/fwlink/?linkid=2026036 What you are downloading here is the setup file that will then download everything else. All the files downloaded will probably be around 7GB. I believe you should be able to use a Windows Server Install CD and go into recovery mode. I have not tested this yet, however.

Once you download the ADK and install that, you will need to download Rubrik’s PE install tool. This is a PowerShell script that will aggregate the files needed and compile them into an ISO that can then be used on a USB key etc.

Download the PE install from Rubrik’s Support site: https://www.rubrik.com/support/

(If you don’t already have one, you will need a username and password to log in)

Once downloaded, you need to unzip the files directly on your C drive.

Those two folders will be created.

Now open a Admin PowerShell prompt and run the following – You may need to adjust the beginning to account for where the .ps1 file is.

.\CreateWinPEImage.ps1 -version 10 -isopath C:\WinPEISO -utilitiespath C:\BMR

It will then begin running the ISO creation process.

At the end of this a bootable ISO will be created in the location shown in the figure (you specified in the PowerShell command above C:\WinPEISO).

You will use this CD to boot the machine to restore the physical machine later on.

Normally the next parts would already be done, since you are interested in the restore. I put this in though, since I was creating everything as I was writing this post and someone out there might not be aware of how to protect the machine in preparation for BMR.

After the machine has been installed with Windows and any other software needed, you should install the Rubrik Connector on the machine and add it to the Rubrik Cluster. To do that you need to log into the Rubrik cluster GUI and click on Windows Hosts and then, Add Windows Hosts, as shown here in the picture

You are then presented with a popup window where you can download the Rubrik Connector and install it. After it is installed, click “Add”

The next step is install the Volume Filter Driver. You can do that by clicking on the checkbox in front of the machine and then clicking on the ellipsis in the top right corner. To be clear, you don’t “need” the Volume Filter Driver for this to work, but it does a better job in keeping track of the changes and should allow you to take faster incrementals. It performs the same job as RCT in Windows or CBT in VMware. 

Click on the checkbox in front of the machine. Then click on the ellipsis, and click on “Install VFD”

The host will need to be restarted (as you can see in the picture on the right side. It is really easy to tell if the VFD is installed with the column on the right. It may take a few minutes for Rubrik to update to the fact you rebooted). Once the host is restarted, you will need to take a snapshot of the machine. You can do this by clicking on the Windows Host name itself and clicking the “Take On Demand Snapshot”.

This will launch a short wizard to take the snapshot

I’m going to click on Volumes and then the ‘C’ drive. The next screen is to add the machine to an SLA protection policy. You don’t have to, but you should. This will keep it continually protected according to the SLA you choose. Click on “Finish” and watch the magic occur.

So in case you were wondering….my first error above was because the machine was not part of a domain. Some of the permissions required, need the machine to be part of a domain.

Once the backup has been completed, you will see a dot on the calendar telling you that a snapshot exists on that day.

In order to restore this, click on that dot. You will then see the snapshots available, shown. At the end of the line you have an ellipsis you can click on to take action on it.

Now you CAN choose individual files with the “Recover Files” option but that won’t help you perform a Bare Metal Restore. The option you are looking for is “Mount”. When you do choose “Mount” you will get a new popup. This will show the drives available. When you click on the C: drive and any other one you need, click on “Next”. The next window gives you more options. You can either mount the snapshot on a host (If you are doing just a volume that needs to be restored) or, since we are doing a bare metal restore, click on No Host on the bottom to expose an SMB share with the VHDX file.

In order to preserve security around the share, you will need to enter who is allowed to access the share. You do that by entering in an IP address. ONLY the IP Addresses you input will be able to access the share.. You probably don’t know what IP address you need to put in here yet, so start your physical machine up with the PE CD and then use ipconfig in the open command line window to find the IP to use.

After the drive in Rubrik is mounted, you can find it by going to the Live Mount menu on the side and selecting Windows Volumes. When you hover over the name, it will give you the option of copying the SMB share to your clipboard. When you move your mouse down to the Path all you need to do is click on it to add to your Clipboard.

The bottom image is what the share will show in case you’re curious.

Since your machine has already been started with the PE ISO, the next step is to run the PowerShell command to begin the restoration process. The PowerShell command is shown to you in the window shown above, but here is an example of what you might use:

powershell -executionpolicy bypass -file \\192.168.2.52\xm5fuc\without_layout\RubrikBMR.ps1
				

The part in blue will be just for that mount and need to be changed. Once you hit enter, a flurry of activity will happen and you will see it copying the data over. Grab a coffee or nice single malt scotch – either will do depending on the time of day. I have a video below of what happened after I clicked enter. It restored 22 GB of files on the C:\ drive in about 15 min. This is over a 1Gb Ethernet connection and using a single virtual node. In closing I love this as a feature and feel it is a great feature with the additional refinements made on this version.

Don’t Backup. Go Forward.

Objective 6.1: Configure and Administer a vSphere Backups/Restore/Replication Solution

Welcome back to another version of Mike’s VMware show! Up for today, we are going to discuss Backups and Replication. In specific, the topics we are going to cover are:

  • Identify snapshot requirements
  • Identify VMware Data Protection requirements
  • Explain VMware Data Protection sizing Guidelines
  • Identify VMware Data Protection version offerings
  • Describe vSphere Replication architecture
  • Create/Delete/Consolidate virtual machine snapshots
  • Install and Configure VMware Data Protection
  • Create a backup job with VMware Data Protection
  • Install/Configure/Upgrade vSphere Replication
  • Configure VMware Certificate Authority (VMCA) integration with vSphere Replication
  • Configure Replication for Single/Multiple VMs
  • Identify vSphere Replication compression methods
  • Recover a VM using vSphere Replication
  • Perform a failback operation using vSphere Replication
  • Determine appropriate backup solution for a given vSphere implementation

Identify snapshot requirements

So as we are all aware, snapshots are not backups and have no place in being used as such. So why would we put that in this objective? Well because most of our backup programs do use the snapshot mechanism to take a picture point in time of a VM. We can also use this mechanism to take a crash and application consistent snapshot that will allow us to reboot the VM and still be able to have our programs work properly. So first, what options can I specify when I create a snapshot?

  • Name: This is used to identify the snapshot
  • Description: Give it a wordier description of the snapshot
  • Memory – We can select whether or not we are including the memory of the VM when taking a snapshot. This will take longer but allows us to revert to a running VM vs a just booted machine. If this option is selected, the machine will be stunned (paused briefly) while the snapshot is being taken.
  • Quiesce: VMware tools must be installed in order to use this option. This option will flush all the buffers from the OS to make sure that the disk is in a state fully suitable for backups

When a snapshot is created, it is comprised of the following files:

  • <vm><number>.vmdk and <vm><number>-delta.vmdk
  • <vm>.vmsd : this is a database of the virtual machine’s snapshot information and the primary source of information for the snapshot manager. This file contains line entries which define the relationships between snapshots as well as the child disks for each snapshot
  • <vm>snapshot<number>.vmsn : Current configuration and optionally the active state of the virtual machine.

Some of the products which use snapshots are:

  • VMware Data Recovery
  • VMware Lab Manager (now vCloud Director)
  • Storage vMotion
  • VDP and VDPA

This is why we are going over this a bit. It is also important to note that it uses a Copy on Write (COW) mechanism in which the virtual disk contains no data until copied there by a write. The other thing I think it is important to note is space. While you have a Snapshot, the total disk space used is the original base disk + any changes made to it after the snapshot is done. Feasibly, the child disk could be as large as the parent disk.

Identify VMware Data Protection Requirements

So there are a number of different types of requirements for VMware Data Protection. We should really start off first though with an explanation of what VMware Data Protection is. You might remember it by its acronym, VDP and VDPA (‘A’ being for Advanced). VMware Data Protection is a robust, simple to deploy, disk based backup and recovery solution powered by EMC. The product they are referring to is EMC’s Avamar. Now the Requirements.

Capacity Requirements depend on a number of things including:

  • Number of VMs protected
  • Amount of data contained in each protected machine
  • Types of data being backed up
  • Backup retention policy
  • Data retention rates

As far as software requirements go, VDP 6.0 requires at least vCenter 5.1 with 5.5 or later recommended. If for some reason the VM of VDP was migrated to a vSphere host with 5.1 or earlier, it wouldn’t be functional.

It is deployed as a VM with a hardware version of 7 – Therefore if you are intending to backup a VM that is Flash Read Cache backed, it will use the network block device protocol instead of HotAdd affecting performance.

Also be aware that VDP does not support the following disk types:
– Independent
– RDM Independent – Virtual Compatibility Mode
– RDM Physical Compatibility Mode

VDP is available as a .5TB, 1TB, 2TB, 4TB, 6TB, 8TB configuration. You will need to follow the following table for hardware configurations (lifted from the vSphere guide)


You will also need your normal DNS and NTP settings setup.

Explain VMware Data Protection sizing Guidelines

So look to the table above for sizing Guidelines. Keep in mind that you can expand after its deployed if need be (this is different than the old VDP which required you to just deploy a new appliance. The old VDPA would allow you to expand though). One thing to also be aware of is VMware will try to Dedupe the drive, so try to group the same type of VMs together on the same appliance so that you can conserve more space.

Identify VMware Data Protection version offerings

There used to be two versions of VMware Data Protection. There was VDP and VDPA. But since 6.0 rolled out, VMware has decided to roll the features of the higher end product (VMware Data Protection Advanced) and just call it VDP. So among other things, VDP can support up to 400 virtual machines per appliance. You can also have up to 8TB of storage size for your backups. It supports File Level, Image Level, Individual disk backups, and even has support for guest level backups and restores of MS Exchange, SQL, and Sharepoint Servers.

Describe vSphere Replication architecture

So as far as vSphere Replication goes, you will need a few things which you more than likely already have. One is a vCenter Server – version 6.0 since Replication 6.0. Also you will need SSO. You can use SRM with it as well, but they will need to be the same versions.

vSphere Replication itself is deployed as one or more prebuilt, Linux-based, virtual appliances. A maximum of 10 can be deployed per vCenter server. Each appliance is deployed with 4GB of RAM and 2vCPUs for small environments or 4 vCPUs for larger environments. The appliance also has two VMDKs totaling 18GB in size.

One of the nice things about vSphere Replication is since it is host based, it is independent of the underlying storage. This means you can use a number of storage types or more than one. vCloud Air is also supported as a migration location.

Create/Delete/Consolidate virtual machine snapshots

We won’t spend too much time on snapshots since I figure most people already know about them. I will, however run through a quick demonstration of how you would do each of these.

First, you would right-click on whatever VM you are working with – you will be presented with a menu that looks like this


Next you are going to click on the snapshot option – you will have these options


You can click on Take Snapshot in order to create one. Depending on whether your machine is on, your options might be greyed out.


You will now need to give it a name and if you want, a description. You can also choose here to snapshot the virtual machines memory and whether you will quiesce the guest file system. It will point out that it needs VMware Tools installed in order to do this. Keep in mind that if you want to snapshot the memory, you will need to make sure you have enough disk space and also, realize it will take a little longer since you are going to write extra data to the disk. Once done, it will say the task is completed down in the Recent Tasks bar.

If we want to perform other tasks such as delete or consolidate we will go back to the same menu option, and choose our task there. If we are going to delete we will want to choose Manage Snapshots


This is now the screen that will come up.


We can revert back to a snapshot or delete one, or all of the snapshots we have. I am going to Delete All. Once done, I am now presented with a nice clean window.


And that is all there is to it.

Install and Configure VMware Data Protection

To install VMware Data Protection, just need to deploy the .ova. This is just like most other ova’s so I won’t bother you too much with the details of that. After you have finished that and turned it on, the console gives you nice helpful hints what to do next.


When we go to the above address we are given a nice gui wizard


Now we go through the setup and make sure that DNS is resolvable. One of the things I would like to call out here in this setup is the storage setup. We have a few different options available to us.


As mentioned before, this is not static but can be enlarged later, so for now, I am going to leave it at 500MB. I then have the option of putting it on a different datastore


The next screen will give you the vCPU and Memory requirements needed for the storage size that you have chosen.


You then have the opportunity to run a performance analysis on your storage configuration.

After that is done, it will restart the appliance.

Create a backup job with VMware Data Protection

So now the appliance is installed and you are ready to start protecting things… All sorts of things. You will need to make sure the plug-in is installed in the Web Client and you reload it. Once you do, you will see a new icon in the home screen.


When you click on it, you will be prompted to connect to an appliance.


Click on Connect and now you have a whole new world of options available to you. You can now create backups and restore and all sorts of things. In order to create a backup job, click on the Basic Tasks: Create a Backup Job, under the Getting Started page. Or go to the Backup tab, click on Backup job actions and click New. It will open a new window where the first screen is to ask you what type of Backup job you want to create.



Now choose your VM to protect


Choose your schedule


Retention Policy (How long to keep the backups)


Name the job


Click on Finish


You have now created your first job.

Install/Configure/Upgrade vSphere Replication

That was so much fun, let’s do it with Replication. Once again deploying the ovf (comes to you in a zip or ISO) is old hat so we won’t cover that. So after you install the ovf, the next thing you will need to do is configure it to work with the vCenter. You will need to go to the appliances address with :5480 on the end. When you get there and logon, you will need to go to the VR tab and then Configuration. There you will add in the user name and password and double check the rest of the information. Then click on Save and Restart Service.


Accept the cert. After a few minutes it will start up the service and save the configuration. You then can go back to your web client and make sure the plugin is enabled for replication. Once it is, you will see a new option called vSphere Replication. And when you click on it you will see something that looks like this.


There are a couple of different ways to replicate. You can replicate between different vCenters, sites, or even hosts. There is an option to replicate to a cloud provider as well. Since I am just a poor education consultant, I am just going to do an intra-site replication.

First I will need to right click on the VM I want to replicate


The first one is what I am going to choose. This can be to the same vCenter or a separate vCenter. Next window I will choose which vCenter.


Next window I can allow it to auto-assign a replication server, or I can manually choose one. I will let it auto-regulate.


The next window, I will tell it where I want it to replicate to. In this case, I am choosing a local datastore of one of my ESXi servers.


I am now presented with a few options of quiescing and network compression. I am going to choose network compression to save bandwidth at the expense of CPU power. (It will consume additional CPU cycles to compress) Now I click Next.


I now have the option of choosing my Recover Point Objective. This is where I want to be able to recover to if I have an issue. This is not the same as the Recovery Time Objective. This is basically saying that wherever I set this, it will try to have a backup of a point in time of every N hours. It will try to start the backup before to try to meet it. But be aware that if you don’t plan for how much data you will be moving you can easily overlap. Don’t get caught by that!! The other option is Point in Time Instances. After the primary copy, each additional copy is a snapshot. This is how many of those deltas you are willing to keep. I am not really worried about this VM and am only creating this for the sake of this lab, so I will leave defaults.


Summary… Here we go. One other thing to note…. Replication will not work unless ——– the machine is turned on! If it isn’t important enough to have turned on, then do you really need to replicate it? J

You can check status of the machine by going to replication and then Monitor


Finally, to upgrade your replication. Back to the appliance at :5480 (or you can update via Update Manager) This is the page to update. It is relatively straightforward.


Configure VMware Certificate Authority (VMCA) integration with vSphere Replication

By default, Replication uses a self-signed cert. In order to use one from the vCenter’s CA its rather easy. Just log back into the appliance’s config page and click on the SSL Certificate Policy – Accept only SSL certificates signed by a trusted Certificate Authority. Then Save and Restart. That’s it. Here is where it is….


Configure Replication for Single/Multiple VMs

I won’t go over this again since I already did above. The only difference is you highlight multiple VMs instead of just one.

Identify vSphere Replication compression methods

So this is basically a simple table.

Source ESXi Host        ESXi that manages the Target Datastore        Supports

Earlier than 6.0            Any Supported Version                Nope no compression
6.0                Earlier than 6.0                    Looks for a ESXi 6.0 host to do work. Else the Replication App. does the work
6.0                6.0                        Full speed ahead!!!

Recover a VM using vSphere Replication

This is relatively simple as well. Just go to the Replication section, and choose monitor. After you are there, choose Incoming Replication and choose the VM / VMs you wish to recover and right click and choose Recover. You are given three options to choose from now.

  1. Synchronize recent changes – The VM will need to be off, but it will try to sync to that VM before it restores. Use this if the VM is available and you can get at it. If not….Then
  2. Use latest available data – This will use the replicated info and copy back over.
  3. Point in Time – This is only available if you chose it when you configured the replication.

Next screen, choose the Folder in your environment to restore to.

And then choose the target compute/datastore resource.

Summary and Voila, restore

Perform a failback operation using vSphere Replication

Just going to tell you what the guide says on this one. ”

Failback of virtual machines between vCenter Server sites is a manual task in vSphere Replication.

Automated failback is not available.

After performing a successful recovery on the target vCenter Server site, you can perform failback. You log

in to the target site and manually configure a new replication in the reverse direction, from the target site to

the source site. The disks on the source site are used as replication seeds, so that vSphere Replication only
synchronizes the changes made to the disk files on the target site.”

Determine appropriate backup solution for a given vSphere implementation

This one is all you. You will need to figure out depending on customer’s requirements and the capabilities of the equipment you have and might be able to purchase. You will also need to find (ask the customer) how much risk they are willing to assume. Keep in mind that the less risk they assume, the more the cost will be.

Happy VM’ing and remember if women don’t find you handsome, they should at least find you handy.