What’s new with vSAN Data Protection (Snap Service Appliance)

In this blog I will be walking through the basics of vSAN Data Protection and its deployment.

With introduction of vSAN ESA 8.0 U3 VMware by Broadcom also announced  vSAN Data Protection. vSAN Data Protection is a feature which is deployed through an OVF appliance that gives you additional local protection to your virtual machines running on vSAN ESA clusters with the help of native snapshots which were already supported in vSAN ESA.

When a disaster is hit against your VMs running on your production vSAN clusters, you would like to have the VMs restored to its functional state as soon as possible. While restoring the affected from backup is an option or recovering the VMs to a different site with help of Site recovery manager + vSphere replication, you might wonder can this be done even faster.

vSAN Data Protection brings you this functionality of local protection within your vSAN ESA clusters, by allowing you to create Protection Groups (PGs) very similar to what you are used to in SRM where you add a group of VMs into it and configure vSAN Data protection.vSAN Data protection uses local snapshots (also can be configured as immutable) to allow users to perform following:

  • Revert existing VMs to one of the point in time (PIT) Snapshots on a given PG.
  • Clone a given snapshot to an instant clone VM to first check if the VM is functional and in an useful state before deciding to spin of the entire VM off that given snapshot
  • Restore a VM which is no longer available on your datastore which has been deleted.
  • Create immutable snapshots for VMs which can never be deleted.
  • Perform Ransomware recovery against affected VM on isolated network with use of VLCR with vSAN Data protection.

To deploy vSAN Data protection appliance (a.k.a SnapService Appliance) you will need to download the OVF from your Broadcom support portal under “My Downloads”, where you will find “VMware vSAN – VMware vSphere (vSAN Included) 8.0” see below Screenshot and have it accessible from your machine where you want to deploy it to the cluster.

Once the appliance is downloaded you can deploy it on to the cluster as shown in the video below:

When the appliance is deployed successfully, you will see plugin registration tasks on the vCenter server for SnapService. If you dont see plugins getting registered on the vCenter then your OVF properties during the deployment was incorrect.

If you dont understand what is entered incorrectly during the OVF deployment , please login into your appliance and check the health of the docker containers and relevant logs else contact VMware by Broadcom support for assistance with the issue.

vSAN Data Protection feature runs as docker services in the photon appliance, you can first check if all dockers are up and running by SSH to the vm.If any of the services were unhealthy or restarting continously you can refer to logs

root@snap docker ps
CONTAINER ID   IMAGE                                                                COMMAND                  CREATED       STATUS                 PORTS                                                                                                                          NAMES
93840b53eade   harbor-repo.vmware.com/snapservice/snapshot-service:8.0.3            "/snapshot-service -…"   7 hours ago   Up 7 hours (healthy)   0.0.0.0:8088-8089->8088-8089/tcp, :::8088-8089->8088-8089/tcp, 0.0.0.0:8098-8099->8098-8099/tcp, :::8098-8099->8098-8099/tcp   app-snapservice-1

daf5f1d83be8   harbor-repo.vmware.com/dockerhub-proxy-cache/library/postgres:14.2   "docker-entrypoint.s…"   7 hours ago   Up 7 hours (healthy)   5432/tcp, 0.0.0.0:5433->5433/tcp, :::5433->5433/tcp                                                                            
app-mock-db-1

7306b0a54936   harbor-repo.vmware.com/dockerhub-proxy-cache/library/postgres:14.2   "docker-entrypoint.s…"   7 hours ago   Up 7 hours (healthy)   0.0.0.0:5432->5432/tcp, :::5432->5432/tcp                                                                                      app-db-1

Logs to investigate

/var/log/vmware/snapservice/snap-service.log 
/var/log/vmware/snapservice/snap-service-panic.log

You may also collect support bundles from vSAN Data protection appliance using known command “vm-support” via SSH session , export it via SCP session.

Thanks for taking time to read this post, I will cover more information on vSAN Data Protection in my future blogs.

admin

Hareesh K G is a Site Reliability Engineer with VMware VSAN Engineering, his current focus is with VMware vSAN ® on-premises , his overall expertise is with Storage Availability Business Unit Products (VMware vSAN ®, VMware Site Recovery Manager® and vSphere Data Protection® ). Started his career with EMC support for Clariion and VNX block storage in 2012 and has been with VMware since 2015.