How Virtual Machine Snapshots work in VMware

How Virtual Machine Snapshots work in VMware

In VMware a disk "snapshot" is a copy of the VM's disk file (.vmdk) captured at a certain point in time. This snapshot preserves the disk file system and the files stored on it which can be of any type (including all the operating system files). So if something goes wrong with your virtual machine, you can restore it to a snapshot which was working previously.

One can also create snapshots for different versions/service-packs on an OS.Hence snapshots can also be looked upon as version controlling mechanism at OS level. So if your computer was shut down abruptly or gets infected by virus, just revert to a snapshot.

So how do snapshots really work ? 
There's just one Thumb Rule to VMware's snapshot technology : "Snapshots only store the differences between the current state and the original state". It follows the copy-on-write scheme with every subsequent disk access. Lets try to understand what that means ...

Consider that you have a text file with the word "COMPUTING" stored in it.This file is a sparse in nature : which means it spans across multiple blocks on the disk.Step 1 below demonstrates this scenario. The black lines indicate the links on to the stored data. For demonstration purpose lets consider that each block on disk has only one character.

Note : The blocks shown above contain only one character and is purely for example purpose. In real the block size could be of say 1MB or a sector on disk.

Now when you take a snapshot another file named Snapshot1.vmdk will be created. When you create a snapshot, any changes made on the original virtual disk image are not made on the original disk, but they are written to a new (snapshot) disk file. This action is very fast as there is no need to copy whole virtual disk image.

Thumb Rule : "While saving changed data blocks in a snapshot, all modified block will be saved first , followed by blocks which were deleted as compared to base disk blocks." As seen in Step 2 , blue block is linked at the end of the snapshot1.vmdk

Lets suppose that you take a snapshot after you have saved the word "COMPUTING" in the file. After the snapshot you modify the file by changing its last two blocks (letters N and G circled above) and clear the letter I. The new changed word is "COMPUTER" as show in the Step 2. The blue block above is nothing but an empty block created by deleting letter I. The blocks in RED represents the new snapshot1.vmdk disk which contains only the changed characters.

Thumb Rule : "While reading any file in current state read only the data accessible by first level links, irrespective of number of snapshots and original data of the file."

Reading the first links of the "Current State" disk from Step 2 (Green blocks) , word "COMPUTER" is retrieved and the size of snapshot1.vmdk is 3 blocks (2 filled and one empty). However since its a differential snapshot file its size is much less than original base disk (9 blocks).  Snapshot image size grows as you continue to change more and more data from your original virtual disk image (which remains untouched from the moment you took the snapshot).

Thumb Rule : "Size of a snapshot will always be less than the base disk, but in worst case it will be exactly the same size if all blocks were to be changed."

As seen in Step 3 , we now take another snapshot after saving the word "COMPUTER" in the file. On making more changes after snapshot2 , similar process is followed to create snapshot2.vmdk file. The new changed word in the file is  "CONTAINER". As a result now neither snapshot 1 nor the base file are written two, but are still referenced. Snapshot 2 will store the new changes as compared to snapshot 1. If you read the first level links of the green blocks from top to bottom , the word "CONTAINER" is read with the fact that only 5 letters are stored in snapshot2.

Below are the list of changes made to the file

--------------------------------------------------------------------------

Step1 - Base Disk  = COMPUTING

Step2 - Snapshot1 = COMPUTER

Step3 - Snapshot2 = CONTAINER

From the above scenarios its clear that taking snapshots in VMware involves only writing the differences in files changed from the time of the snapshot, not the complete virtual machine disk. This mechanism is similar to taking diff and patch in Unix, but in a more sophisticated way that diffs on a binary level with the knowledge of how a VMFS ( Virtual Machine File System ) is structured.

Now we have a clear idea about the Copy-On-Write Protocol - Every time a block from the base disk or previous snapshot is changed , copy it to the current delta or snapshot file, which implies that when you perform a snapshot restoration, it only has to rewrite the sectors that were modified since you took the snapshot. As a result snapshot revert is also super fast.

But the Question is, What happens when you revert to an older snapshot? The VM software throws away the contents of snapshot2.vmdk and starts over with  reading contents from snapshot1.vmdk. During this all the Blue links in Step3 are replaced with Green Links. ( this is a similar strategy followed in deleting a node from a linklist ... Pure programming stuff ). Note : Links to Snapshot1 and Base are not changed.

There are two more important aspects of Snapshot management : Discarding a snapshot and Merging a snapshot (reverting to a non-immediate parent snapshot). I'll discuss it in my future articles.

A snapshot preserves the state and data of a virtual machine at a specific point in time.

• The state includes the virtual machine’s power state (for example, powered-on, powered-off, suspended).
• The data includes all of the files that make up the virtual machine. This includes disks, memory, and other devices, such as virtual network interface cards.

What is vCenter Single Sign-On?

I was until I dived in and found answers which I will do my best to explain here.

vCenter Single Sign-On is a new feature of vSphere 5.1 that is not just an authentication broker but also a security token exchange providing a more secure way of accessing your vSphere solutions. What that means is that when you previously logged into vCenter Server, you were authenticated with the provided username and password against the Active Directory configured for vCenter Server. With vSphere 5.1 and vCenter Single SIgn-On you no longer log directly into vCenter Server but with a security domain defined by your vSphere environment. When logging in to vSphere 5.1 you actually pass authentication to the  vCenter Single Sign-On server which can be configured with multiple identity sources like Active Directory and OpenLDAP and on successful authentication, your username and password is exchanged for a security token which is then used to access the vSphere components like vCenter Server and vCenter Orchestrator etc.

Although vCenter SIngle Sign-On is an additional component in the vSphere suite, a critical component that is required before any other vSphere 5.1 component is installed or upgraded, it actually doesn’t necessarily mean you need to re-architect your vSphere environment. You can use vSphere just as you have been from years past and vCenter Single Sign-On will fit right on in just as an additional service local too or separate from vCenter Server.

Where some of the confusion comes from I believe is with the added benefits that vCenter Single Sign-On can bring  when administering multiple vSphere environments. When installing vCenter Server you have the choice to specify or install a vCenter Single Sign-On server providing the ability to add multiple vCenter Servers and their components to a centralized vCenter Single Sign-On source. This provides a single pane of glass view across all vCenter servers, 5.0 and higher for administration as well as the ability to define queries that can be searched across multiple vCenter Servers without the requirement of Linked Mode used in the past.

Now this maybe seen as a single point of failure, a critical one at that when talking authentication but vCenter Single SIgn-On can be configured in a clustered or multisite deployment to help with availability.

Clustered deployments are with multiple instances of vCenter SIngle Sign-On are deployed, one is defined as a primary instance the remainder as slaves and all share a single database instance and placed behind a third party load balancer can provide redundancy or high availability of the vCenter Single Sing-On solution. This typically is local to a single site however if geographical sites are used with multiple vCenter servers, you can still utilize a central clustered environment, however a multisite configuration is recommended.

Multisite deployments are  where a local replica is maintained at remote sites of the primary vCenter Single SIgn-On instance. vCenter Servers are reconfigured to use the local vCenter SIngle SIgn-On service and reduce authentication requests across the WAN. Multisite deployments do drop the support of single pane of glass views unless Linked Mode is utilized and multisite deployments are actually required to maintain Linked Mode configurations where roles, permissions and licenses are replicated between linked vCenter servers. Linked mode will re-enable single pane of glass views across multisite instances.

VMware vSphere 4.1 to 5.1 Upgrade

VMware vSphere 4.1 to 5.1 Upgrade

1. Stop vCenter Services

2. Install vCenter 5.1

3. Install vCenter Update Manager

4. Install vSphere Client

5. Login to New vCenter 5.1 Console using vSphere Client

6. Install Update Manager Plugins

7  Upgrade ESXi Hosts using Update Manager

Whats new in VMware vSphere 5.5

1. Hot Pluggable SSD PCI Express (PCIe) Device

2. Support for Reliable Memory Technology (Some part of CPU will be allocated to ESXi Host to use HOSTD and WatchDog Process to avaoid memory crass)

3. Power Policy Setting for DPM (High Performance/Balanced/Low Power/Custom)

4. New SATA Controller

5. VM Hardware Version 10

6. Expanded vGPU Support (nVedia)

7. Graphic Acceleration for Linux Guests

8. Simplified SSO

9. vSphere Web Client Enhacement (Drag and Drop, Filters, Recent Items)

10. vSphere App HA : In earlier version you had the ability to monitor virtual machines heartbeat using VMware Tools. In Vsphere 5.5 you can leverage third party application monitoring agents or create their own agents using VMware vSphere Guest SDK. vSphere APP HAcan be configured to restart an application service when issue is detected. It is possible to protect several commonly used, off-the-shelf applications. vSphere HA can also     reset the virtual machine if the application fails to restart. Two Virtual Appliances per vCenter.

11. vSphere BIG Data Extension - It's a tool that enables administrators to deploy and manage Hadoop Clusters on vSphere from a Familiar vSphere Web Client interface. Support - Apache Pig, Apache Hive & Apache HBase. Hadoop Clusters can be protected easily using VMware vSphere HA and FT

12.  vSphere Storage Enhancement : 62 TB VMDK and 62 TB RDM

13. PDL Mode Auto Remove (Permanent Device Loss) - that can occur when a disk device either fails or removed from the vSphere host in an uncontrolled fashion. With vSphere 5.5 host can take necessary steps to prevent directing unnecessary IO to this device. This alleviates other conditions  that might arise on the host as a result of this unnecessary IO.

14. vSphere Flash Read Cache

15. Link Aggregation Control Protocol (LACP) now uses 22 new HASH Algorithms

16. Trafic Filtering - ACL

17. Quality of Service Tagging - Help to achieve end-to-end QoS

18. Enhanced Host Level Packet Capture

19. Support of 40GB NIC - This functionalities is delivered via Mellanox ConnextX-3 VPI Adapters configured in Ethernet Mode.