vSphere storage APIs - Data protection

Transport modes

Any data protection solution that uses the vSphere Storage APIs for Data Protection must choose from a collection of data transport mechanisms that specifically define how to copy the VM files from the running shared storage to the backup target.

Storage area network (SAN) transport mode - A data mover server mounts the running shared storage volume as a logical unit number (LUN). This mode is only relevant in an iSCSI or Fibre Channel based SAN environment. VM files are backed up by the data mover over the SAN fabric directly.
Network block device (NBD) transport mode - Each vSphere host has at least one VMkernel IP interface enabled for management traffic. This IP is used by vCenter to control individual vSphere hosts within a cluster, and also provides an interface for an administrator to connect directly to on a host for setup and troubleshooting.

The NBD transport modes use this management interface to copy the VM disk files across the network to the backup target. If more than one VMkernel interface is enabled for management traffic on the host, it will use the one that has a preferred route to the target IP address.
NBD secure sockets layer (NBDSSL) transport mode - NBDSSL is simply an SSL-encrypted version of NBD. It is the default used by ESXi 6.5 and later.

While encrypting the backup traffic from the vSphere host to the data mover of choice is generally desirable, consider the following when choosing between NBD and NBDSSL:
- Traffic from the data mover to Amazon S3 is always TLS-encrypted.
- The CPU overhead incurred on each vSphere host results in up to 30% less throughput. For instance, a backup job that takes 15 hours to complete over NBDSSL might take as few as 12 hours using unencrypted NBD.
HotAdd transport mode - This transport mode uses a backup proxy that is itself a virtual machine running within the same vSphere environment. The backup process is multi-stage and proceeds as follows:
1. Snapshots of the live VM’s virtual disks are taken and mounted to the backup proxy as if they were normal virtual disks.
2. Depending on the vendor implementation, VSS or other freeze/thaw mechanisms might be invoked by using VMware tools to quiesce at the application or volume level when the snapshot is created.
3. The data protection solution then copies the contents of these snapshot-based virtual disks to the backup target across the virtual network interface of the backup proxy VM.
4. When the backup is complete, the snapshot is deleted.
HotAdd Transport Mode

Normally the HotAdd Backup Proxy mounts multiple snapshots simultaneously. This allows it to back up several VMs in parallel.

Changed block tracking

Changed Block Tracking (CBT) is an optional feature offered by VADP that helps vendor solutions to easily conduct incremental backups of virtual disk files. CBT tracks block-level changes to the virtual disk files between backups. The backup solution is then aware of what specific blocks are different from the last time it backed up that VM.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Appendix - Terms and definitions

Data protection solution components