Volume Shadow copy Service also known as Volume Snapshot Service is a framework developed by Microsoft which provides the ability to take crash consistent copies of data on selected volumes where the VSS Service is configured.
It is particularly indicated for Enterprise Applications which cannot or should not allow any interruption to the services offered. So the sheer number of Enterprise Services that can leverage this framework is remarkable. Services and Applications like Active Directory, Exchange, SharePoint and SQL are a few and excellent examples of how VSS framework can be beneficial for such Applications.
The purpose of this article is to offer an overview of this service and how it is used by third parties applications with regards to Data Protection scenarios for Enterprise Applications.
The VSS framework provides the technology for creating consistent point-in-time copies of data known as Shadow Copies. The VSS Service can produce consistent shadow copies by coordinating with various applications, file-system services, backup applications, fast-recovery solutions, and storage hardware.
There are two methods for creating shadow copies:
A complete copy (a full copy or clone)
A differential copy. Only the changes to the volume (a differential copy or copy-on-write)
It is important to note that each method essentially will result in 2 copies of the data. The original one and the one stored in the Shadow Storage Area. This is an important distinction as only the first one has full read/write access whereas the latter one has read only access to guarantee the shadow copy remains in a “good state” for point in time recovery. Eventually full access to the second copy is granted only to the owner of the shadow copy and typically the Backup Application requesting the creation of such copy. But what is it essentially the difference between the Full Copy and Differential Copy?
As the name implies this is simply a clone of the original data into the Shadows Storage Area. This clone can be created either by software or hardware Provider. The Provider it is responsible for maintaining the two copies in sync and effectively they can be considered as independent. So in case the original one is not available data can be restored from the cloned one in the Shadow Storage Area . Typically Storage vendors offer VSS Hardware Providers along with their applications to take snapshot on a “volume” level directly. The Full Copy is also referred to as Split Mirror Copy.
As per the Full Copy the differential onde is also creating a copy of the data in the Shadow Storage Area. This time a different technique is used and the Shadows Storage Area will be populated only from blocks that are new, changed or deleted from the original one. What it is crucial to mention here is that these “data block” activities are written to the Shadow Storage Area before the actual commit to the original one. This way only a small amounts of information will be written in the Shadow Storage Area resulting in quicker times to take the snapshot. Also this still gives to the VSS service to reconstruct the history of a file by taking a look at the base file plus the changes into the Shadows Storage Area. The major downside with this approach is that by losing the original file it will not be possible to restore data only from the delta stored in the Shadow Storage Area. That’s why Differential copy Snapshots cannot be considered as Backups! Definitely they can help to build more point in time restores and occupy lees data in the Shadow Storage Area. Differential copies are supported by both Software and Hardware Providers.
The VSS framework is consisting of the following main components:
This is typically the application requesting the backup of some particular data whist the enterprise application is still running. For example taking a backup of SharePoint (which includes amongst the other components the SQL databases associated with it) while it is still running.
It can be easily defined as the “brain” for the VSS operations as it includes all the information on how the shadow copies should be taken for the data pertinent to specific applications being backed up. In the case of SharePoint for example the SPF-VSS Writer includes all the information and details which will be passed to the Provider and back to the Requestor in order to take a crash consistent copy of the data. It is also responsible for requesting and releasing access to the File System to guarantee no changes occurred to the original copy during the creation of the snapshot.
If the Writer is the brain of VSS then the Provider is definitely the “brawn” helping coordinating VSS Snapshots to and from the Shadow Storage Area. It is essentially responsible for maintaining the two copies of the data (irrespective if Full or Differential Snapshot) and there are 3 types of Hardware Providers:
Hardware VSS Providers
Typically provided by HW vendors to increase the performances when taking a snapshot of a volume working together with the controller operating the drives on which that volume is mounted. They are very fast and suitable for large enterprises working with large data sets (league of Terabytes and more).
Full Copy Snapshots with HW VSS Providers can also be managed and moved to specific servers from which it is then possible to restore the data to the original server.
Software VSS Providers
Software based layer that intercepts the requests to the file system and sends them accordingly to the designed Shadow Storage Area.
Performance-wise are slower compared to HW based Providers but can offer extra instructions directly from application developers for crash consistent backup copies of the data.
System VSS Providers
Built-in into Windows OSes (starting from 2003) provide an alternative to HW and SW based VSS Providers and can only create Differential Snapshots.
Shadow Storage Area:
This is essentially the area where the detected “blocks” are stored. By default when enabling the VSS service for a specific volume the Shared Storage Area will be hosted into the same volume as an hidden area. In other terms will not be available to the standard File Explorer in Windows but only to specific tools and of course the Application Requestor itself 🙂
Another notable feature of the VSS snapshots is that they can be of two types. Persistent and not Persistent. But I would like to dedicate a separate article on this topic also showing the interaction with enterprise backup applications.
So what if I want to enable the VSS service on a specific volume and which tools are available out of the box in Windows?
Enabling Volume Shadow Copies:
Enabling VSS from both the GUI and the command line is a very easy task. From the GUI this can be accomplished by Configure the Shadow Copies option in the contextual menu of a mounted drive.
So for example let’s enable the Volume Shadow copy for the Q: Drive.
This is very important for application intensive R/W operations on specific drives. In this instance it is not our case so we can accept the default option and accept the configuration.
After enabling the VSS service for this drive a 64MB shadow has been created on the Q: dirve itself but would be hidden to the Windows File Explorer.
The settings are clearly self-explanatory. Ideally for very intensive applications the Shadow Copies could be created on mounted Drives with higher capacities and where no VSS service is in place. Let’s go with the default for now.
From the same contextual menu it is also possible to restore individual files from the snapshot.
Windows also offers buit-in command line to operate the Volume Shadow Copies through the VSSAdmin command. Just issue this command with local administrator privileges and there is a big number of operations that can be scripted with PowerShell to automate operations on several machines.
VSSAdmin list Providers will show all the available providers installed on the machines. For special uses they can be scripted and recognised through the ID number.
VSSAdmin list Writers shows all available VSS Writers that can be used by Application Requestors when invoking snapshot for intended applications.
VSSAdmin list ShadowStorage shows the existing Shadow Storage Areas (one per volume). In our case the one for the Q: drive is presented along with actual size of the used, allocated and maximum space. All these parameters can be changed of course.
And if we are curious about the shadows per Shadows Storage Area we can simply issue the command VSSAdmin list Shadows as per screenshot below for extra details.
This concludes an high level overview of the Volume Shadow copy Service. In a separate article I will cover how VSS framework is utilized to take crash consistent copies of enterprise applications like SharePoint.