- Storage Spaces Direct
- Windows Volume Mgmt.
- Windows File Systems
- Volume Shadowcopy Services
- Storage Replica
Volume Shadow Copy Service (VSS), often called Volume Snapshot Service, was introduced in Windows 2003. It is used in co-ordination with applications to provide point-in-time copies of single or multiple volumes. There are two types of shadow copy providers: hardware-based providers and software-based providers. There is also a system provider, which is a software provider that is built in to the Windows operating system.
A hardware-based provider uses VSS to determine the point in time of the copy, to synchronise the data, flush buffers and manage the copy, but it passes this data to the underlying hardware, and the actual snapshot is performed by the storage array.
A software-based provider creates the copies at software level, not hardware, and so uses operating system resources to maintain the shadow copy. The advantage is that it can work with basic disks or logical volumes equally well, whereas a hardware implementation will just work with physical disks. The native Windows system provider is one example of this. For the system provider, the shadow copy storage area must be on an NTFS volume. The volume to be shadow copied does not need to be an NTFS volume, but at least one volume mounted on the system must be an NTFS volume
Both hardware and software shadow copy providers create shadow copies by using one of the following methods:
A complete copy is usually created by making either a 'split mirror'; Copy-on-write, where the original data is copied to a different area when changes are made; or Redirect-on-write, where changed data is redirected to a different volume. This lot is explained in full in this link.
For the last two methods, VSS works by making a block-level copy of any changes that have occurred to files since the last shadow copy. Only the changes are copied, not the entire file. VSS backups will not require the same size disk space as the original data, unless all the files are completely overwritten. However the amount of disk space used for changes can vary, depending on whether the application rewrites the entire file when a change is made, or just changes parts of the existing file
VSS is normally used in two different ways;
It is invoked by applications to take a snapshot of data, so processing can happen on a consistent set of data taken at a particular point of time. These applications include backup and recovery products, data archive products with a requirement to take a copy of data frozen at a point in time and data mining applications.
VSS can be used to take regular snapshots of a disk, say every three hours, so that files can be easily wound back to previous states, should they become corrupted or deleted. This previous versions feature was removed in Windows 2012, but re-instated in Windows 2016.
The VSS freeze function can be used to take instant, and consistent backups, but for it to work effectively it needs to work with VSS aware applications and backup utilities. If an application is VSS aware, then the backup utilities will be able to process open files. A working VSS system has four basic components, some of which can be provided by third party vendors.
The process basically works like this
This process works fine, providing all the applications are VSS aware. If some applications are not VSS aware, then their IO will not be frozen, and you will not be able to guarantee data integrity at the snapshot time, and open files may be skipped. You will need to take a view on how important this is. 'Thick' Client-Server applications will always be a problem, as the data is stored on the server, but processed on the client. Database applications that are not VSS aware will be a problem too, as you could backup corrupt data from partially completed transactions. Windows features and applications that use VSS include the following: Windows Server Backup, Shadow Copies of Shared Folders, System Center Data Protection Manager, System Restore
In a NAS/SAN environment, once a shadow copy is taken of a disk on ServerA, that disk can be quickly made available to ServerB with appropriate LUN masking.
If Shadow Copies for Shared Folders (SCSF) is enabled, then users can recover their own files of folder from a VSS backup, without any need to involve support staff.
There are three major reasons why data would need to be recovered -
Shadow Copy can be used for the third type of recovery, but not the other two, so it will not completely replace backup or remote mirroring solutions, nor is it intended to be used for long term archives. When storage area limits are reached, the oldest shadow copy will be deleted to make room for more shadow copies to be created. Also, there is a limit of 64 shadow copies per volume that can be stored. When this limit is reached, the oldest shadow copy will be deleted and once a shadow copy is deleted, it cannot be retrieved.
VSS works at volume level, not file or directory, and works on NTFS volumes, not FAT volumes. Microsoft recommend that its used for general purpose volumes that hold user files, documents, spreadsheets or databases. Home directories would be ideal.
Users must use shared folders to access shadow copies and administrators on the local server must also specify the \\servername\sharename path to access shadow copies.
A proportion of the disk is set aside to be used for VSS, and when that space fills up, VSS deletes older copies to make room. The default space is 10% of the size of the volume being backed up. If the rate of data change is high, then this proportion will be too low, and older backups will be deleted too quickly. If VSS cannot fit an amount of changed data into a backup space, even after all old backups have been cleared out, then it will not create any shadow copy. This means it is important to get the size of the backup volume correct.
You need to consider two factors -
You need to discuss and agree the first factor with your users, then publicise the agreement.
The second factor is a bit difficult, as it is not the number and size of files which are changing, but the number of changed blocks within the files. Microsoft provides tools to assist you with this. This number will also be affected by the timing between Shadow Copies. If you take a Shadow copy every hour, say, then you would expect to see a lot less changed data than if you took a shadow copy every day. However, remember the 64 copy limit. If you do take a copy every hour, you will only be able to recover data back less than three days. Shadow Copy is volume based, not policy based. You are not keeping 64 copies of a file, but 64 copies of changed data on a disk.
To enable Shadow copies on Windows Server 2016 work through the following tasks.
To enable Shadow copies on Windows Server 2008 R2 or Windows Server 2012 work through the following tasks.
Shadow Copies is still an all or nothing function at a volume basis, that is you cannot select specific files or folders. By default, a schedule task will run at 7:00 A.M. and a default storage area of 10 percent of the available space will be created on the same volume.
To enable and configure Shadow Copies of Shared Folders
Windows 2012 introduced the File Server Volume Copy Shadow Service (VSS) Agent Service. Applications can store files on local disks, and on remote SMB File Shares. Windows 7/ 2008 Server only supported VSS on local drives, so you could not get a consistent backup of all the data if some data was stored on SMB shares. Windows Server 2012 supports VSS for SMB File Shares by introducing a VSS Agent on the remote file server. The local server contains the VSS provider, and it talks to the agent using the new File Server Remote VSS protocol. This means that the local providor can manage VSS snapshots on the remote server and take shadow copies of the data.
You can use the DiskShadow utility to manage all the hardware and software snapshots on Windows Server operating systems. It is not available on PC and Laptop versions. DiskShadow includes commands such as the following:
Create works on the volumes that are currently 'in the environment'. To find out what they are, use the 'add' command without any parametes. If you want to add more volumes to the list, use the add volume command to select the volume to be copied. Once you are happy with your list, use the 'create' command with no parameters to create a copy
You can use the expose command to access a persistent shadow copy. Options are expose Shadowid, then Drive: to acccess the shadow from a drive lettter; Share to acccess the shadow from a share (for example, Share \\ShadowName); MountPoint to acccess the shadow from a mount point (for example, MountPoint C:\shadowcopy).
revert ShadowCopyID will revert or backlevel a volume back to the time the specified shadow copy happened. This command obviously should be used with care and after careful consultation of the Microsoft documentation.
You can use the VssAdmin utility on both servers and PCs. VssAdmin can only be used to administer shadow copies that are created by the system software provider. It has similar fuctions to DiskShadow, and it can also be used to resize the shadow copy storage area. VssAdmin includes commands such as the following:
Microsoft has removed the VSS dialogs from Windows 10, which makes it harder to set VSS up, but it is still possible. While Microsoft has not explained why it has made it harder to configure such a useful product, there is a suspicion that customers thought that VSS was a replacement for backup, which is definitely not the case, as if you get a hardware problem you will lose your primary data and your VSS backups. However, it is an easy way to backlevel a file that you have trashed.
To enable Shadow copies on Windows 10 work through the following tasks.
wmic shadowcopy call create Volume=c:\
Once you run a manual copy, you won't see any backups until you modify a files. Then if you right click on that file you will see an entry under 'Previous Versions'. You could right click on the c: under explorer and check out the properties tag. There you will be able to see data under the Previous Versions tab and you can browse the entire drive as it was at the time of the copy.
Use a separate volume on another disk as the storage area for shadow copies.
Select a storage area on a disk that is not being shadow copied. Using a separate volume on another disk eliminates the possibility that high I/O load will cause shadow copies to be deleted and provides better performance. This is the recommended configuration for heavily used file servers. For failover clusters, this configuration also requires that the original volume and storage volume belong to the same cluster resource group.
If you are using failover clusters, two volumes on the same disk cannot be associated for diff area storage. This is because the cluster manages the disk for online and offline operations, but the Volume Shadow Copy Service (VSS) needs to have the diff area and original volumes brought offline or online in a specific order. Instead, the storage volume and the original volume need to be the same volume, or they need to be on separate physical disks.
Consider how your clients will use a shared resource before you enable Shadow Copies of Shared Folders and set scheduling options. Adjust the shadow copy schedule to fit the work patterns of your clients.
Do not enable shadow copies on volumes that use mount points. The mounted drive will not be included when shadow copies are created. Enable shadow copies only on volumes without mount points or when you do not want the shared resources on the mounted volume to be shadow copied. Alternatively, you can explicitly include the mounted volume in the schedule for shadow copy creation. (For previous versions of a file to be available, the volume must have a drive letter assigned.)
Perform regular backups of your file server. Shadow Copies of Shared Folders is not a replacement for performing regular backups. Use a backup utility, such as Windows Server Backup in Windows Server 2008 or Windows Server 2008 R2, in coordination with Shadow Copies of Shared Folders as your strategy for data protection.
Do not schedule copies to occur more often than once per hour. The default schedule for creating shadow copies is at 7:00 A.M., Monday through Friday. If you decide that you need copies to be created more often, verify that you have allotted enough storage space and that you do not create copies so often that server performance degrades. There is also an upper limit of 64 copies per volume that can be stored before the oldest copy is deleted. If shadow copies are created too often, this limit might be reached very quickly, and older copies could be lost at a rapid rate.
Before deleting a volume that is being shadow copied, delete the scheduled task for creating shadow copies. If the volume is deleted without deleting the shadow copy task, the scheduled task will fail and an Event ID: 7001 error will be written to the event log. Delete the task before deleting the volume to avoid filling the event log with these errors. To manually delete the scheduled task, click Start , point to Administrative Tools , and then click Task Scheduler . In Task Scheduler, click Task Scheduler Library , right-click the task to create shadow copies, and then click Delete .
Use an allocation unit size of 16 kilobytes (KB) or larger when formatting a source volume on which Shadow Copies of Shared Folders will be enabled. If you plan to defragment the source volume on which Shadow Copies of Shared Folders is enabled, we recommend that you set the cluster allocation unit size to be 16 KB or larger when you initially format the source volume. If you do not, the number of changes caused by defragmentation can cause previous versions of files to be deleted.
If you require NTFS file compression on the source volume, you cannot use an allocation unit size larger than 4 KB. In this case, when you defragment a volume that is very fragmented, you may lose older shadow copies faster than expected.
After backing up a volume that contains shadow copies, do not restore the volume to a different volume on the same computer
After backing up a volume that contains shadow copies, do not restore the volume to a different volume on the same computer as this will leave multiple snapshots with the same Snapshot ID on the system and will cause unpredictable results when performing a shadow copy revert.
You can restore the volume to the original volume on the same computer; you can restore the volume to a different volume on a different computer, or you can restore file and folders to any location on the same computer.
The recovery process is slightly different, depending on whether you want to recover a deleted file, and existing file or a folder. The three scenarios are described below.