Creating VSS snapshots on Windows 2003 Server.

January 15, 2009 at 4:36 pm (windows) (, , , )

At work, I recently was chosen to be the administrator for a new SAN system that we are purchasing.  I intend to do a full article at some point about this product once it is installed.  For now, I will just tell you that it runs on CentOS and is called FalconStor.  Anyhow, while I was in initial technical training on this system we began a discussion about how to correctly backup windows systems, especially servers.  The major issue with backing up MS OSes is how to acquiesce all applications running on the system.  What I mean by this, is making the system right all data that is in flight to the disk and freezing it.

Microsoft has created an interesting mechanism to make this task more managable.  It is called Volume Shadow Service.  I suggest reading theese two documents first to get an introduction to what the service is and how it works:

Essentially, when you create a a snapshot using VSS the following highly summarized steps occur:

  1. VSS sends a signal to all apps that have been registered as WritersWriters are applications that are writing data to disk in such a way that there might be in flight data.  Each of these writers have a different method of acquiescing it’s data.  For instance, the file system will flush all of it’s buffers to disk.  Another example of a writer is MS SQL server.
  2. Each writer will signal back to the VSS manager once it’s data is in a acquiesced state.
  3. Once all writers have checked in, a Copy on Write snapshot is created.  This snapshot is essentially a frozen image of the data.  This COW snapshot is only updated with differential data.
  4. The VSS manager will wait until it knows that the COW snapshot has successfully been created.
  5. Finally, the VSS manager will notify all writers that they can now un-acquiesce their data.  Essentially, this will thaw out the data and let whatever was being buffered, be written to disk.
  6. All operations have now been completed and a COW based snapshot now exists.

All applications written for the Microsoft platform are supposed to utilize the VSS sub-system for acquiesceing it’s data.  Therefore, the only way to acquiese data on a MS OS is to use VSS.  The reader of this article who has been paying attention will notice something at this time in relation to Microsoft backup software.  Many software companies that sell backup tools for the Microsoft platform also sell little applications called ‘Agents’.  Such as ‘Agent for Open Files’.  It should now be clear that the only way that these applications could be working, is by creating a VSS snapshot and then backing up from that.  Therefore, it would appear that you really don’t need these agents.  One could simply write some scripts that would be lauched using the pre and post script starters of your backup software that could handle this task.  The scripts would simply create the snapshots when needed and delete then when the backup is done.

How would one access the the snapshot though?  How do you actually get at that volume?  The VSS snapshot is not normally exposed as a drive.  However, you can install the tool vshadow.exe from the VSS SDK pack.  More information about this SDK can be found here.  This tool will allow you to create snapshots and manage them in a variety of ways.  One of the more useful functions of this tool, is that it will allow you to expose a VSS snapshot as either a drive letter or a mount point.  This is excellent for scripting, because now you can create a persistent VSS snapshot and mount it as a drive and copy things off of it…like perhaps a backup.

Lets do a few examples of this process.  Before you can try this out, you must install the VSS SDK as discussed above.

Now run:

vshadow.exe -p c:

This will create a persistent VSS snapshot of the C drive.  There are two types of VSS snapshots: 1) Persistent  2) Temporary.  The default type of snapshot to be created is temporary.  Windows XP is only capable of making temporary snapshots.  This means that an application can request that a snapshot be created.  Once it is created, the VSS system will notify the application of the Global Root ID of the snapshot volume.  The application will then access that volume and process it however it wanted to.  Once the application is done processing the data, it will then notify the VSS system it is done.  The VSS system will then stop holding open the snapshot and it will be destroyed.  In Windows 2003 the concept of a persistent snapshot was introduced.  This is where a snapshot can be requested and it will remain in existence, even when there is no application still attached to it.  We want a persistant snapshot, so we provide the -p argument.

You will now see some output that looks similar to this:

VSHADOW.EXE 2.2 - Volume Shadow Copy sample client
Copyright (C) 2005 Microsoft Corporation. All rights reserved.

(Option: Persistent shadow copy)
(Option: Create shadow copy set)
– Setting the VSS context to: 0x00000009
(Gathering writer metadata…)
(Waiting for the asynchronous operation to finish…)
Initialize writer metadata …
Discover directly excluded components …
– Excluding writer ‘MSDEWriter’ since it has no selected components for restore.

Discover components that reside outside the shadow set …
Discover all excluded components …
Discover excluded writers …
Discover explicitly included components …
Verifying explicitly specified writers/components …
Select explicitly included components …
* Writer ‘System Writer’:
– Add component \System Files
* Writer ‘Event Log Writer’:
– Add component \Event Logs
* Writer ‘Registry Writer’:
– Add component \Registry
* Writer ‘COM+ REGDB Writer’:
– Add component \COM+ REGDB
* Writer ‘WMI Writer’:
– Add component \WMI
Creating shadow set {97147285-295c-4112-ac7b-365a667c62e8} …
– Adding volume \\?\Volume{4910a320-7ecf-11db-8356-806e6f6e6963}\ [C:\] to the s
hadow set…
Preparing for backup …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)
Creating the shadow (DoSnapshotSet) …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)
Shadow copy set succesfully created.

List of created shadow copies:

Querying all shadow copies with the SnapshotSetID {97147285-295c-4112-ac7b-365a6
67c62e8} …

* SNAPSHOT ID = {647617de-d55b-45c5-a087-74f0143cbffa} …
– Shadow copy Set: {97147285-295c-4112-ac7b-365a667c62e8}
– Original count of shadow copies = 1
– Original Volume name: \\?\Volume{4910a320-7ecf-11db-8356-806e6f6e6963}\ [C:
\]
– Creation Time: 1/14/2009 1:52:16 PM
– Shadow copy device name: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5
– Originating machine: mymachine.mydomain.com
– Service machine: mymachine.mydomain.com
– Not Exposed
– Provider id: {b5946137-7b9f-4925-af80-51abd60b20d5}
– Attributes: No_Auto_Release Persistent Differential

– Mark all writers as succesfully backed up…
Completing the backup (BackupComplete) …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)

Snapshot creation done.

The important line to pay attention her is the one called SNAPSHOT ID.  This is the ID number of the snapshot that was just created.  You will need this to expose this volume as a drive letter or a mount point.

You can verify that that the snapshot has been created by running this command:
vshadow.exe -q

At this point you are ready to expose the snapshot as either a drive letter or a mount point.
vshadow.exe -el={18b93c57-ca61-467d-abc4-d4fa19559ded},m:\mypoint

This will expose the snapshot with the ID string that is in the braces on the mount point of M:\mypoint.  This command can also be used to just mount it on a drive letter that is currently not in use.  To do this, just put the drive letter of choice and colon as the second argument:
vshadow.exe -el={18b93c57-ca61-467d-abc4-d4fa19559ded},X:

Next, you might wonder how you can un-expose a snapshot volume from a drive letter or mount point.  I have not been able to find a way to do this, while keeping the snapshot in tact.  The only way that I have found to do this is to delete the snapshot itself.  If you can figure out a way to keep the snapshot while un-exposing it, please post the solution as a comment to this article.

This command will delete that snapshot volume and remove the drive letter or mount point:
vshadow.exe -ds={18b93c57-ca61-467d-abc4-d4fa19559ded}

That should be enough information to get you started with VSS snapshots.  This information should help the skilled SysAdmin take better control of backing up the Windows Server 2003 servers that he is tasked to work with.  There are many other features of VSS that seem like they would be interesting to explore, such as transportable snapshots, etc.  I hope to look more into it in the future.

Permalink 12 Comments