How to assure your vCenter is Protected?

As the vCenter server is becoming more and more business critical in many organizations the need for backup and restore capabilities as well as high availability are becoming very critical questions for many companies.

There are a few options that each has its advantages and disadvantages and I do not believe that there is a definitive answer on the best solution. I believe that all the options should be evaluated and considered.

Here are the main options in my opinion with notes on the upside and downside of each one.

Option 1 – Veeam backup:

up the VCSA with Veeam, it’s important to understand that Veeam does not directly support Postgres SQL (VMware’s embedded DB). Instead, it’s optimal to perform backup in 2 steps:

1. Image Level Backup with Veeam
2. Database backup via VMware Best Practice

Step 2 is not required but restoring the image-level backup ensures the same state the Database was in at the point in time of the backup.

VMware Best Practice shows to back up the database as regular maintenance. Then you would be able to restore the server from step 1, then restore the database to whichever point in time with the backup from step 2.

The following links can be of assistance in regard to this option:

https://kb.vmware.com/s/article/2091961

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-08A65FD6-FB9E-4969-AE37-1F209F272B77.html

https://kb.vmware.com/s/article/2091961

Pros:

1.  Utilizes Veeam backup which is used is many organizations already.
2. Allows for quick restore of the VC if you use Instant Recovery.

Cons:

1. Requires the use of 2 steps to backup according to best practices
2. Requires manually running the Python script on the VCSA or created a scheduled task but none the less is not ideal
3. The DB backup is performed to the VCSA itself and not to a remote location

Option 2 – vCenter HA:

1. This is an HA Option and not a backup
2. This is available from vSphere 6.5 and above
3. In this design 3 appliances are deployed (Active Passive and Witness)
4. Please see the following Document regarding requirements for this to work:

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.avail.doc/GUID-8FD87389-8CC9-4298-8B08-A1526FB44524.html

This is a good option for HA if you have multiple sites with less than 10ms latency between them. It can be implemented within the same site as well but the time it takes for the failover to happen is about the same as typical vSphere HA and the need for 3 appliances seems redundant if the single site is still a single point of failure.

Pros:

1. It is an official VMware solution which means it is fully supported
2. Does not require extra licensing

Cons:

1. It is unsupported to snapshot a VCHA VM which makes most backup solutions irrelevant. See KB – https://kb.vmware.com/s/article/2148003
2. Requires deploying 3 appliances which can waste valuable resources

Option 3 – vCenter File Based Backup:

1. This is an option as of 6.5 but is very strongly enhanced and is a very good option as of 6.7
2. This is a native File Based backup of the VC performed via the VAMI interface of the VCSA
3. In 6.5 this was manual and in 6.7 this can be scheduled, and a retention policy can be set as well as data encryption
4. The restore process is very simple:
   1. Mount the installation ISO of the VC build installed.
   2. Choose the restore option.
   3. Enter the backup file location via the wizard.
   4. Select the backup
   5. This will deploy a new VCSA and import the configuration of the original VC to it.
5. This option allows for you to choose what to back up:
   1. Only inventory and configuration
   2. Inventory, Configuration, Stats, Tasks and Events
6. This is also a native VMware solution that is a VMware best practice in regard to backing up the VC.
7. For this to work you must have a backup destination (FTP, FTPS, HTTP or HTTPS)
8. Please see below for limitations and considerations:
   https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vcenter.install.doc/GUID-AFF34FA6-B7CF-4AE0-9C12-C674F160682C.html

Pros:

1. This is a native VMware backup solution built for the purpose of backing up and restoring the VC.
2. This option allows you to choose what to backup.
3. This can be done on a VCHA setup as well which is a huge benefit over almost all other backup solutions

Cons:

1. The restore process is longer than the Veeam instant recovery option.
2. It deviates from the idea of a single program that would manage all your backups like Veeam can provide.

As you can see nothing is perfect and the mance.