Protecting application data in virtual machines (VMs) is a key requirement for business critical applications running on Google Cloud VMware Engine. You can continue to use the same backup tools that you use on-premises to back up your VMware VM and data in VMware Engine. This page explains how to use backup infrastructure to protect VMs and data in VMware Engine.
Supported backup solutions
Third-party backup solutions that can interoperate with VMware Engine must comply with the VMware vStorage API for Data Protection (VADP) protocol standard and be certified by VMware for vSAN.
- Actifio Sky (validated)
- Cohesity DataPlatform (validated)
- Dell EMC Data Protection Solution (validated)
- Veeam Backup & Replication (validated)
- Commvault Backup & Recovery (validation in progress)
- Rubrik Cloud Data Management (validation in progress)
Third-party agent-based backup solutions can interoperate with VMware Engine if they provide application-level backups and are certified by application vendors (for example, RMAN for Oracle).
Backup solution considerations
Consider the following questions before you design your backup solution and implement a deployment model in VMware Engine.
Which backup technology to use?
You can use either an agent-based or a VADP-based backup approach. We recommend using a VADP-based approach when migrating workloads from on-premises environments because it requires fewer changes. It also provides flexibility in the choice of location for backup repositories.
An agent-based backup approach for migrated VMs requires additional configuration if a Layer-2 network is stretched from an on-premises environment to VMware Engine or if you want to change the location of the primary backup repository during migration.
How many copies of data to store?
You must assess the overall backup requirements, objectives, and your enterprise policies. Include the requirements for storing backups in specific locations like on premises, off premises, your recovery time objective (RTO), and recovery point objective (RPO).
Where to store backup data?
There are several choices of locations for storing backup data (backup repository):
- In a different cluster within the same private cloud or in a different private cloud in VMware Engine
- Using persistent disks on Compute Engine instances
- Using Filestore
- Using Cloud Storage
- On-premises storage
Each location offers a different combination of storage cost, RTO, number of copies, and network egress charges. You must choose the best choice based on the application requirements, costs, and capabilities of your backup software.
Using a different cluster on the same private cloud or a different private cloud in VMware Engine provides the lowest RTO, but it can potentially have high storage costs. Cloud Storage offers higher RTO at a lower price than using different clusters. Compute Engine with persistent disk and Filestore provides an RTO and costs that are between the two options. On-premises storage incurs network egress charges, but it preserves existing backup storage.
Backup repository storage
There are several options for storing backups of VMs and data. Consider the following main choices and their key aspects relevant for backup:
Persistent Disk. You can use persistent disks as backend storage of a Compute Engine instance. The Compute Engine instance exports an NFS mount to the backup server. A benefit of this approach is that the persistent disks are regional and can also be replicated across regions.
Filestore. You can use Filestore to export NFS volumes for use as backup repositories. This approach provides lower management overhead because Filestore instances are managed instances. It also delivers a consistent performance. Filestore instances are zonal, and data is not replicated across zones or regions.
NetApp Cloud Volumes Service for Google Cloud. You can export NFS and SMB volumes to be used as backup repositories from NetApp Cloud Volumes Service for Google Cloud. This fully managed service eliminates operational overhead of NAS similar to Filestore. The performance tiers of Cloud Volumes Service are dynamic and a volume can be upgraded to a higher tier during recovery to meet your RTO and then changed to a lower tier to optimize costs. Cloud Volumes Service volumes are regional and data is not replicated across zones or regions. For more information, see Regions where Cloud Volumes Service is currently available.
Cloud Storage. You can also use Cloud Storage to store backup files in a fast, low-cost, and durable storage, and replicate data across zones and regions for higher redundancy. Data is stored and moved between storage tiers based on user-defined triggers and can be used to optimize costs by keeping frequently used data in faster storage tiers and older data in lower-cost storage tiers. Refer to your backup solution vendor documentation for Cloud Storage integration.
IAM and vSphere permissions
Backup administrators and users must have required permissions to deploy Compute Engine instances in a project and VPC, connect Virtual Private Cloud (VPC) to VMware Engine, and configure firewall rules on the VPC. For more information about roles and permissions, see IAM.
vSphere users with the default CloudOwner role have required privileges to deploy backup solution components (virtual machines and appliances) in VMware Engine. If a backup software component requires additional vCenter privileges that are not available to the default CloudOwner role, you can elevate your privilege from the VMware Engine console and create service accounts in vCenter with the required permissions. Such service accounts can be subsequently used by backup software components when communicating with vCenter.