Ontrack Data Recovery

Data Recovery Resources > Virtualization - VMware Recovery

Virtualization - VMware Recovery

 

Kroll Ontrack offers a wide range of data recovery services and data recovery software and is one of the only companies able to offer virtual drives recovery for machines running VMware software.

Virtualization is becoming more and more topical in the computer trade magazines. In some articles, virtualization has been hailed as the next frontier of computing. What is computer virtualization and how can you or your clients benefit from it?

Virtualization provides a layer of abstraction between computing, storage and networking hardware, and the applications running on it.
By running software such as VMware it is possible to transform or “virtualize” the hardware resources of a computer - including the CPU, RAM, hard disk and network controller - to create a fully functional virtual machine.

A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual machine behaves exactly like a physical computer and contains it own virtual (ie, software-based) CPU, RAM, hard disk and network interface card (NIC).

There are two different approaches to virtualization called Hosted and Hypervisor.

  • A Hosted approach provides services on top of a standard operating system, and example of this would be VMware Workstation or VMware server running on a Windows or Linux system on top of which one or more virtual machines are running.
  • In contrast, a Hypervisor architecture is the first layer of software installed on a clean x86-based system, sometimes referred to as a “bare metal” approach, as it would be in the case of a computer running VMware ESX server on top of which there maybe one or more virtual machines running.

Hosted Approach

Hypervisor Approach

(source: www.vmware.com)

VMware Hosted virtualization recovery

Hosted virtualization is used by VMware Server and VMware Workstation on Windows or Linux systems.
Guest operating systems can reside in virtual disk files or on physical (raw) disk partitions.

Virtual Disks:

  • Virtual Machines (VMs) can be configured with virtual disks; a virtual disk is made up of one or more .vmdk files. If you specify to split the virtual disk into 2GB files, the number of .vmdk files depends on the size of the virtual disk. Every VM has one first small .vmdk which has pointers to a -flat.vmdk file which will be the actual data from the VM.
  • VMware will pre-allocate the space for the virtual disk by default, it takes longer to create the file this way but it improves performance and avoids fragmentation. When this option is not selected the virtual disk file will grow in size as we add data to it, as you can imagine this causes a lot of fragmentation and overhead since the host operating system will have to grow the file before the guest operating system can write anything to it.
  • Recovering data from a VMware Server machine is as difficult as recovering data from the host operating system. The virtual disk files are normal files to the host operating system’s file system and so they are treated the same way as any other file.
  • The possibility of recovery will vary depending on how the file was lost and on the operating system and file system where the virtual disk was located, i.e.: recovering a deleted .vmdk file from a FAT32 partition will not be the same as recovering the same deleted file from a NTFS or EXT3 partition.
  • There are times when the host operating system structures become so damaged that the structures pointing to the virtual disk file are lost. In those cases we are still able to recover the data from the virtual disk by focusing on the virtual disk’s logical structures, we can put together the fragments that make up the virtual disk in order to extract the data. Recovery in these circumstances is more difficult and the less fragmented the file –flat.vmdk is, the better the chances of recovery.
  • We can also perform recoveries inside the virtual disk, for example if a virtual machine disk has been reformatted or some data has been deleted by using the virtual machine it is still possible for us to recover the data
  • The size of the virtual disk can be increased if desired. There is more than one way to do it depending on the guest operating system and the procedures can sometimes be complicated. VMware has its own tool called Virtual Disk Manager which can be used to create, manage and modify virtual disks.

Physical Disks or Partitions:

  • It is possible to install the guest operating system directly on a physical disk or partition, also known as a raw disk.
  • VMware Server supports booting from physical disk partitions only on IDE drives so care has to be taken when working with SATA drives.
  • You cannot use a physical disk that is stored on a SAN. You must use a disk or a partition on the VMware Server host. According to VMware there’s almost no gain in performance with this setup and there’s much more complications to it that makes it the least preferred option at the moment.
  • Corruption is possible if you allow the virtual machine to modify a partition that is simultaneously mounted under Windows. Since the virtual machine and guest operating system access a physical disk partition while the host continues to run Windows, it is critical that you not allow the virtual machine to modify any partition mounted by the host or in use by another virtual machine. To safeguard against this problem, be sure the physical disk partition you use for the virtual machine is not in use by the host, one way to do this is to remove the drive letter from Windows before using the drive for VMware.
  • Recovery in this type of disk or partition does not vary from a normal recovery.

Virtualization with a Hypervisor

VMWARE ESX Server uses a Hypervisor approach to virtualization.
It runs on x86 hardware platforms as the first layer of software and on top of it the virtual machines are installed.

ESX Server 3 supports local or networked storage devices depending what the volume is used for. ESX server boot volume requires at least three partitions:

  • /boot (ext3): Stores information required to boot the ESX Server host system. For example, this is where the grub and LILO boot loaders reside. The boot drive usually defaults to the specified /boot partition
  • Swap: Allows ESX Server to use disk space when more memory is needed than the physical RAM allows.
  • / (ext3): Contains the ESX Server operating system and services, accessible through the service console.

In addition to these a local or networked VMFS partition is needed to store the Virtual Machine, and a vmkcore partition is required to provide core dumps for technical support.
VMware also recommends creating a separate partition for /var/log (which is created by default when installing ESX server).

  • VMFS3: Used to store virtual machine virtual disks, VMFS partitions can be located on a local SCSI volume, a networked SCSI volume or a SAN
  • Vmkcore: required for each ESX Server host. It can be located on a local SCSI volume, a networked SCSI volume, or a SAN but it cannot be located on a software iSCSI volume. It is used to store core dumps for debugging and technical support.
  • /var/log (ext3): Used to store log files (Optional).

Learn more:

www.wmware.com
Virtualised Tape Library – The Silver Bullet of Business Continuity?
Wikipedia - Virtualization