This article provides an overview of Datto's agentless backup solution. See this article to learn about the differences between agent-based and agentless backup solutions.
- Datto SIRIS
- Agentless backups
- Protected Machine Compatibility
- Hypervisor Compatibility
- System Requirements
- Pairing a Target Machine for Agentless Backups
- Backup Process
- Frequently-Asked Questions
- Additional Resources
Physical and virtual Datto SIRIS appliances can take agentless backups of virtual machines running VMware vSphere. Agentless backups use the host hypervisor's capabilities to take a snapshot of the production VM (even when shut down).
You do not need to install a backup agent on the target machine for agentless backups to communicate with the Datto appliance. See the Backup Process section of this article for a technical overview of how agentless backups work.
Communication from VM targets to Datto appliances is quicker and easier.
Backups, done through VMware's data storage API (VADP) (external link) are more efficient.
Agentless backups work on both Windows and Linux virtual machines.
You can run a backup even when a VM is powered off.
Other common SIRIS functions remain the same.
If you prefer, you can still back up your machines using an agent-based solution. (see this article for crucial agent-based deployment considerations).
- Agentless backups do not work on encrypted VMs
- Agentless backup support is unavailable for:
- spanned volumes
- ESXi shared volumes
- multiple volumes using the same GUID
- volumes formatted using Microsoft's ReFS.Dynamic Disk Technology
- hosts using Logical Volume Management (LVM); if your protected system leverages this technology, Datto recommends that you use the Datto Linux Agent
Agentless backups from a Physical Device (and failover for Virtual SIRIS) operate through the Network Block Driver Transport Method, which restricts their operating speed to a maximum of 40% of the management network interface speed.
If you add a new volume to a protected agentless system after it has already been backed up by the Datto solution, you must reboot the protected host before the new volume can begin backups. For more information, see this article.
- Getting Started with the Datto Windows Agent: Compatibility
- Getting Started with the Datto Linux Agent: Compatibility
Agentless backups run on physical SIRIS and Virtual SIRIS powered by vSphere versions 5.5, 6.0, 6.5, and 6.7
- vSphere Essentials
- vSphere Essentials Plus
- vSphere Standard
- vSphere Enterprise
- vSphere Enterprise Plus
Target virtual machines must run virtual machine hardware version 7 or higher. See VMware's Virtual machine hardware versions (external link) article for help determining if your virtual machine's hardware profile is up-to-date.
Virtual Machine Requirements
Windows backups: VMware Tools must be present on the target VM.
Linux backups: install open-vm-tools-lts-trusty. This package includes the necessary VMware Snapshot Provider service.
Linux agentless backups support the following file systems:
The host hypervisor and protected virtual machines must be in a healthy, stable state. For more information see Agentless Backups: Best Practices.
The networking environment of the Datto appliance and the hypervisor must meet these requirements.
Pairing a Target Machine for Agentless Backup
See the Pairing a Target System for Agentless Backups article for instructions.
Before a Datto appliance can take an agentless backup, it needs to be connected to your hypervisor. For hypervisor connection steps, see the article Connecting A Datto Appliance To A VMware Hypervisor.
Unlike agent-based backups, which are VSS-dependent, in an agentless backup, the Datto appliance interacts directly with your hypervisor to snapshot and back up a virtual machine. It does so by taking the following steps:
- The Datto uses the hypervisor connection to connect to the vSphere environment.
- It uses the VMware snapshot provider (part of VMware tools), to take a snapshot of the VM.
The first two steps also occur when the Datto pairs with the target VM.
- If the Datto device is a virtual appliance, it can use hot add (through vddk-fuse) to directly attach the VMDK from the VMware snapshot to itself. Using hotadd, the backup data is transferred over the vSphere management network. As a failover, or if the Datto device is a physical appliance, it connects to the VMDK from the VMware snapshot using the Network Block Device (NBD) protocol. With this type of connection, the backup data is transferred over the VM network.
- The Datto appliance uses libguestfs to analyze the disk image to get necessary information about the disk structure and the file system(s) on it.
- The appliance transfers the backup data from the VMware snapshot of the VMDK to itself, and takes a ZFS snapshot of the disk images in the live dataset, just like an agent-based backup.
Are the backups saved on the Datto device thin or thick provisioned?
Agentless backups transfer to the Datto appliance as a sparse image. This type of disk image file is similar to a thin-provisioned VMDK; it takes up only as much disk space as the size of its stored contents. Unlike a thick-provisioned VMDK, a sparse image file should not take up the full provisioned size of the virtual disk.
Sparse images grow in size as the user adds data. Over time, as files are deleted or overwritten by the production VM, both a thin-provisioned disk and a sparse image file will grow because VMware cannot tell that these files have been removed or altered. Although these blocks are marked as free in the filesystem, they will copy into the backup image.
A 100 GB VMDK using 30 GB, but undergoing an additional 50 GB of disk change, could produce a backup of 80 GB. See VMware's article about Growing, thinning, and shrinking virtual disks for VMware ESXi and ESXi (external link) for information about resizing these types of disks.
Do agentless backups have any size limitations for the VMDK hosted on the hypervisor?
Virtual Datto SIRIS devices: When backing up a protected virtual machine, virtual Datto devices use a hot-add vddk protocol, which attaches the protected machine's disks directly to the Datto device. Virtual disk size is limited by the amount of free disk space on the appliance's array. Virtual Datto appliances will also failover to the NBD protocol if hot-add fails.
Physical Datto SIRIS devices: These devices use the NBD vddk protocol. With NBD, VMware recommends using virtual disks that are no larger than 1TB in size.
The VMkernel’s primary function is to orchestrate VM processes. While using the NBD protocol, the VMkernel will automatically cap each session for stability. This cap can result in lower backup throughput; this is so that NBD transfers do not bottleneck VM management and other VMkernel traffic.
To counteract bottlenecks, design your backup policies and job configurations to distribute the load over multiple ESXi hosts instead of running numerous backup jobs from the same ESXi host simultaneously.
How does the agentless solution take incremental backups without agent software running in the protected VM's guest OS?
Agentless backups use the VMware Changed Block Tracker (CBT), which keeps track of changed or newly-written blocks within a virtual machine. Every time a new backup task begins, the Datto solution uses the VMware CBT values to detect disk change and only back up the changed data.
If a virtual machine's hardware is version 6 or older, or the CBT is corrupt, every backup for that machine will be a full backup until you upgrade the hardware version or repair the CBT.
What else can cause a full backup on a virtual machine?
Code issues in unpatched versions of ESXi 5.5 can cause frequent full backups. Datto recommends keeping your hypervisor versions patched and up-to-date to help avoid these issues.
Third-party agentless solutions running alongside Datto's agentless solution on the same production machine can cause full backups by corrupting the CBT. Datto does not recommend running multiple agentless backup utilities on a production machine at the same time.
How does the agentless solution take application-aware backups without agent software installed in the protected virtual machine's guest OS?
The Datto solution uses the quiesced snapshots VMware feature. When taking a quiesced snapshot, VMware pauses, then writes to the virtual machine's virtual disk to achieve a consistent state.
The Datto solution uses the virtual production machine's VSS writers to back up a Windows guest OS. If a quiesced snapshot of a VM fails to complete, a backup job will not run.
Without quiescing, VMware snapshots are only crash-consistent.
I am trying to set up a hypervisor connection to my vSphere cluster from my SIRIS. Should I connect to an individual ESXi host or the vCenter Management Server?
VMware has two values that it uses to assign each Virtual Machine:
- a unique identifier (vmID). vmIDs are unique at the ESXi host level.
- the Managed Object Reference ID (MoRefID). MoRefIDs are unique across an entire vCenter cluster.
You can tell the difference between a MoRefID and a vmID by their format.
The prefix vm- will proceed a MoRefID. For example, vm-9463.
A vmID will not have this prefix. For example, 17.
If using a clustered environment: you must connect to the vCenter management server.
If using a standalone connection to an individual ESXi host: the vmID of any vMotioned virtual machine will change. Because the standalone connection only uses the vmID, backups will fail until you determine the replacement vmID value and reassociate the backup chain to it.
If you start agentless backups via a standalone connection, then switch to a vCenter cluster connection, you must change all vmIDs to MoRefIDs on the back-end of the device to get backups running again.
Are VMware snapshots a good backup strategy? Should I take some manually and keep them around just in case?
Snapshots are useful as a secondary backup method for short-term or ad-hoc backups.
While snapshots are growing in size, the entire LUN on which a VM resides will be locked by the Datto appliance, slowing down I/O performance for that VM and all other VMs sharing the same LUN.
Keeping snapshots for an extended period will impact the performance of your production VMs.
Consolidating a virtual disk that has long-term snapshots takes a very long time, and can impact the I/O performance of that VM.
By default, the snapshots Datto appliances take persist for only as long as it takes to back up any given target virtual machine.
- Virtual Disk Transport Methods (external link)
- Changed Block Tracking (CBT) on virtual machines (external link)
- Changed Block Tracking is reset after a storage vMotion operation in vSphere 5.x (external link)