This article provides information about Cohesity Platform for Data Protection of VMware Cloud on AWS.
Disclaimer: The partner solution referenced in this article is a solution that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see
https://www.cohesity.com.
This section includes summary of target data protection:
Use cases
Cohesity provides a policy driven approach for data protection of VMs in VMware Cloud on AWS. The use cases covered in this section are:
- Data Protection in VMC
- Extended Retention
- VM level Recovery
- Granular File & Folder Recovery
Solution Architecture
Cohesity provides end-to-end data protection for application-driven modern infrastructure that spans from core to the cloud and edge. Customers benefit from the same user-friendly interface for managing backup of VMware environments, both on-premises and in VMware Cloud on AWS.
This section focuses on Cohesity Platform for protection of workloads in VMware Cloud on AWS (VMC) Platform. Cohesity Data Protection solution can be deployed in two form factors to protect VMC workloads, either as a VMware VM deployed inside VMC SDDC (called Cohesity Virtual Edition) or running on Amazon EC2 instances in the regular AWS account (called Cohesity Cloud Edition).
Cohesity Virtual Edition deployment is suitable for protecting small VMC environments and Cloud Edition for medium-large VMC environments.
The illustration below shows Cohesity Virtual Edition (VE) deployed in VMC SDDC to protect VMC VMs and optionally store the backups in AWS S3 or S3 Glacier for long term retention.
Fig:
VMC Data Protection using Cohesity Virtual EditionCohesity Cloud Edition (CE) is an Amazon EC2 instance-based deployment of Cohesity Platform. It is deployed in the customer AWS account. Cohesity Cloud edition communicates with VMware SDDC via proxy VM(s) called Hybrid Extenders (HyX) which are installed within VMC SDDC.
The picture below shows Cohesity Cloud Edition deployment in AWS account for VMC data protection with Proxy VMs running inside SDDC. All the vSphere APIs and the VDDK calls are routed through the HyX VM(s). VM backups are performed using hotadd transport mode via the HyX VM(s). VM recovery is done by creating a VM with empty disks and using hotadd transport mode to copy over the data via HyX VM.
Fig:
VMC Data Protection using Cohesity Cloud Edition
Solution Components
Cohesity Platform leverages the
vSphere Storage APIs – Data Protection (VADP) and the
Virtual Disk Development Kit (VDDK) to integrate with vSphere & vSAN in VMC to provide extremely efficient virtual machine image level data protection with best in class global deduplication, data resiliency with strict consistency and software-based encryption using the AES-256 standard, with optional FIPS certification for data encryption in-flight and at rest. An easy to manage UI and policy-based management allow customers to achieve strict business SLAs.
Cohesity Virtual Edition based solution provides data protection in VMC through the deployment of Cohesity Virtual Appliance in VMC SDDC. More information on the Virtual Edition specifications can be found at
https://www.cohesity.com/products/dataplatform-virtual-edition/.
Cohesity Cloud Edition based solution provides VMC Data protection through the deployment of Cohesity Cloud Edition in the AWS account. It uses proxy VM(s) called “Hybrid Extender” to communicate with VMC vCenter & ESXi hosts for backup and recovery. More information on the Cloud Edition specifications can be found at
https://www.cohesity.com/products/cloud-edition/
Operational Overview
The following concepts and activities are part of knowledge transfer for enterprise customers deploying Cohesity Platform for VMC Data protection.
1. Initial Setup and ConfigurationCohesity VE DeploymentDeploy and configure Cohesity Virtual Edition OVA in VMC SDDC. Steps to download, install and setup Cohesity Virtual Edition can be found in Cohesity Virtual Edition Setup Guide available at
https://docs.cohesity.com/Setup/PDFs/SetupGuideVirtualEditionVMware.pdfCohesity CE Deployment:
- Deploy Cohesity Cloud edition (CE) in AWS either via GUI over CLI. GUI based installation is available for Cohesity’s SaaS Management Platform (Helios).
- Deploy Hybrid extender (HyX) proxy VMs on VMC SDDC and configure HyX with the CE using steps below:
- Download HyX OVA and HyX configuration file from Cohesity UI
- Deploy the OVA to VMC SDDC
- After the OVA has been deployed, upload the HyX configuration file to the HyX VM
- URL: http://[HyX ip-address]:29994/upload
- Check the HyX status on Cohesity UI shows as “Connected”
Fig: Download HyX OVA from Cohesity Platform
Fig: Deploy the Hybrid Extender in the SDDC
Fig: Upload the Hybrid Extender configuration files
Fig: Hybrid Extender(s) will show as “Connected”
2. Register vCenter as Data SourceAdd SDDC vCenter as a data source in Cohesity platform to discover the VMs running on VMC.
3. Register S3 bucket for Extended Retention (Optional) Create an S3 bucket in your AWS account and register it as an External Target on Cohesity Platform. This step is required to store backups outside of the Cohesity platform for long term retention.
4. Create Protection Policies and Protection GroupsA Protection Policy defines periodicity and retention of backup, and their archival and replication. A Projection Job defines which objects are backed up. A Protection Policy can be used for many Protection Groups.
For example, the screenshot above shows a Protection Policy called “Archive Group C” which does the following:
- Take a Snapshot every 4 hours and retain it for 1 week on Cohesity Platform
- Retry capturing Snapshots 3 times 5 minutes apart before reporting an error
- Send a copy of Snapshot to AWS S3 bucket and retain it for 2 weeks.
A Protection Group specifies Source, Objects to be backed up from that source and a Policy to be used for the backups. The screenshot above shows a new Protection Group being created to backup a few VMs from vCenter in SDDC and using a Policy called “Archive - GroupC”.
Auto-Protect FeatureWhile creating Protection Group, you can optionally choose Automatic protection at any hierarchical level e.g. a folder level. Every time a new VM is added to the folder, the VM is automatically protected with the previously defined policy and job. This enables the administrator to be hands off for VM data protection while still ensuring that data protection SLAs are met.
Fig:
Cohesity Auto-Protect FeatureFig:
Protection Groups on Cohesity Platform 5. VM level RecoveryCohesity provides the ability to recover Protected Objects (such as VMs) from a Snapshot created earlier by a Protection Group. You can choose a snapshot on Cohesity Platform stored either locally or on AWS S3 external target for recovery. You can recover VMs to the same Logical network in VMC or a different logical network.
Recover task extracts the VM files (such as the VMDK files) stored in Snapshots and creates new instances of the VMs in their original locations or in a new location depending on the options you choose during recovery:
- Recover to Original Location—Recover the VM(s) to their original Resource Pool, datastores, VM folder and logical network in VMC
- Recover to New Location—Recover the VM(s) to an alternate resource pool, datastore, VM folder or logical network in VMC.
- Cohesity provides an intuitive user interface for recovery workflows. Screenshot above shows how users can initiate recovery by searching for the objects to recover. Object names or Protection Group names can be used for search filters.
6. File and Folder RecoveryCohesity Platform provides the ability to recover files and folders from a Snapshot created earlier by a Protection Group. Files and folders can be recovered to the original VM or a different VM. You can choose to retain the recovered files' and folders' original (at the time of the backup) permissions and attributes. You can also download files and folders from selected Snapshots. However, only items that were
indexed when the Snapshot was created can be downloaded.
Recover task extracts the files stored in Snapshots and creates new instances of them in the original VM or a different VM depending on the options you choose during recovery. You can also choose to download files and folders.
Fig:
Granular Search for File & Folder level RecoveryRecover Files or Folders—Recover files or folders to the original location or to a new location.
Download a File or Folder—Download files or folders from an existing Snapshot.
VM Backup FlowVM backup is done using hotadd transport mode and although high-level steps are the same, it varies slightly for Virtual Edition and Cloud Edition. For Cloud Edition all the vSphere related control calls and the data calls to pull the data go via HyX. Cohesity performs steps below during the VM backup workflow:
- Cohesity software takes a snapshot of the VM
- The VMDKs associated with the snapshot is opened using VDDK library via HotAdd transport mode.
- CBT is leveraged to perform incremental backups.
- Once all the data is copied, VM snapshot is released.
- VM backup on Cohesity is readily available for recovery from the fully hydrated Cohesity snapshots.
Fig: VM Backup Flow in Cohesity Virtual Edition Deployment
Fig: VM Backup Flow in Cohesity Cloud Edition Deployment
VM Recovery FlowVM recovery is done using hotadd transport mode and although high-level steps are the same, it varies slightly for Virtual Edition and Cloud Edition. For Cloud Edition all the vSphere related control calls and the data calls to pull the data go via HyX. Cohesity performs steps below during the VM recovery workflow:
- Cohesity software clones the VM files (such as the VMDK files) stored in Snapshots to a temporary Cohesity View. A View is a Cohesity representation of a datastore.
- Cohesity software creates the target VM(s) with blank disks on the VMC SDDC vCenter based on VM configuration associated with the selected snapshot.
- Data is copied from VMDK files from the cloned view to the VMDKs attached with the recovered target VM.
- Recovered VM is powered ON or left powered off based on user selection.
Fig: VM Recovery Flow in Cohesity Virtual Edition Deployment
Fig: VM Backup Flow in Cohesity Cloud Edition Deployment