Protection Group Setup
The very first step you need to do is to create a Protection Group on the Pure Storage array. Well, actually, this step is optional as we will see later that PGs can be automatically created too. The PG creation section is found in the Storage section of the UI for managing the array. When the Protection Group is created, there is an option to schedule both snapshots and replication. Both options are initially disabled.
To enable a snapshot schedule, simply select the snapshot schedule edit, and enable it. You can also change the frequency and retention times of the snapshots. The default is to snapshot every hour, and keep all snapshots for 1 day. This information about frequency and retention needs to be noted as it will form the basis of our VVol policy on vSphere, which we will do next.
Create a Snapshot Policy on vSphere
The policy will be created in the VM Storage Policies section. The snapshot policies for the Pure array are found under the replication tab once the Pure provider is selected. Here is a sample policy taken from my lab setup. Note that on this occasion I did not specify a name for the replication group, I simply specified that I needed a Local Snapshot Policy Capable array alongside the snapshot interval and retention entries.
The Pure array virtual volume datastore will show as being compliant with this policy.
However when a new VM is deployed with this policy, there is no prompt for a Protection Group name. What happens is that a brand new Protection Group is automatically instantiated on the array, and the newly created VM is placed in this automatically created Protection Group. Note the auto-generated name of the Protection Group below – vp-auto-rg-xxxxx. snap2-test is the name of my VM and you can see the Config-VVol and VMDK/Data VVol are members.
The same behaviour will take place for every VM deployed with this policy – a new protection group will be automatically created.
If we want to deploy a VM to a particular Protection Group, what we need to do is to provide the name of a Protection Group when we create the policy. However, in the policy, the Protection Group is referred to as a Consistency Group. If we add a Consistency Group Name, the policy would look something like this:
Of course, I also have to a consistency group called Snaps on the array, or else the virtual Volume datastore would not appear as compliant. Now when I deploy a VM with this policy, there is a change in the workflow. When the policy is selected during provisioning, I am prompted to select the Protection Group (although in this case it is called a replication group). Note however that only a single replication group is displayed which matches the name we placed in the policy earlier: Snaps.
The preceding tag pure-01 is the name of the array so that groups with the same name on different arrays can be identified. Once the replication group is chosen, the policy should turn compliant and you can continue to deploy the VM as normal. When the VM has been successfully provisioned, you should see the VM (Config and Data VVols) in the Protection Group back on the array. In this example, my VM should be placed in the Snaps Protection Group.
Apply a new policy to an existing VVol based VM
In this final test, I wanted to see the effect of applying a new policy which contains a snapshot requirement to a VM. The VM was already deployed on the array. However, it does not matter if the VM current policy has a snapshot requirement or not, or whether the policy has a Protection Group set, you still have to select the appropriate Protection Group each time you change the policy. The difference is that if you have a Protection Group selected in the new policy, then that is the only one you can choose when applying that policy (but you still have to choose it manually). If you choose a policy that does not have the Protection Group specifically set, then you can choose any of the Protection Groups when you change to the new policy (so long as the other attributed like retention and frequency match).
Here are the results of selecting a VM which originally had no snapshot protection with a policy that has a snapshot policy but the new policy did not specify a Protection Group. I changed the policy from vvol-datastore which has no snapshot requirements to VVols+Snapshots, which does have a snapshot requirement – it does not specify a Protection Group (or as it is called here, replication group). Now I need to select Configure to pick a Protection Group for the snapshots.
After clicking Configure, I now have a choice of Protection Groups to choose from, as all of these have matching retention (1 day) and frequency (1 hour) policies.
After selecting the correct Protection Group, and completing the change policy wizard, the VVols belonging to this VM (Config-VVol, Data VVol) are placed in the selected Protection Group and the VM is shown as Compliant.
That completes the post. I will admit that the use of multiple names (replication group, consistency group, protection group) threw me a little bit at first. This is partly to do with the VVol spec wanting certain naming conventions and partly to do with Pure adding some future-proofing for some new features. However, once I realized that they were all the same thing, it was plain sailing after that and it becomes quite intuitive.
Shameless plug
If you are planning to attend VMworld 2018, I’ll be running a whole breakout session on Storage Policy Based Management with my good buddy Duncan Epping. In this session (HCI1270BU), we’ll be looking at The Power of SPBM, Storage Policy Based Management. This takes place on Tuesday, Aug 28 from 12:30 p.m. to 1:30 p.m. This will cover vSAN, Virtual Volumes, some I/O Filters and how this can all be orchestrated from the likes of vRealize Automation (which now has an SPBM plugin). If this is something you are interested in, we’d love to see you at our session.