Summary
This blog explores using Pure Storage Protection Groups with VSS Snapshots, updated with new features like SafeMode™ for immutable snapshots, advanced PowerShell cmdlets, and Pure1® monitoring to strengthen data protection and recovery.
A common question I get about the Pure Storage Volume Shadow Copy Service (VSS) provider is; “How can I replicate VSS snapshots?” Our VSS provider takes FlashProtect snapshots of individual volumes but those volumes cannot be part of a Protection Group. The VSS provider does know about Protection Group and does not natively provide the ability to take an application-consistent snapshot and replicate to one or more other FlashArrays.
To address this limitation in the current implementation of our VSS provider (version 1.1) I have created the below sample script to perform the following:
- Create VSS snapshots using the PowerShell Toolkit.
- Retrieve the application-consistent snapshots (Eg. ‘*VSS*’) from the target volume.
- Create a new volume from the VSS snapshot.
- Create a new Protection Group and set the members and target FlashArray for replication.
- Grant the Protection Group on the target array to Allow replication.
- Replicate now on the source array.
This basic workflow provides the ability to replication application-consistent snapshots as soon as they are taken. I will be adding this to the PowerShell Toolkit as a wrapper to several PowerShell SDK cmdlets. In the below example there isn’t any clean-up of the work because I leave that up to the implementer using the sample script. I will add a clean-up on the cmdlet which will reverse the work and treat this as a dynamic operation.
Requirements:
- Install the latest VSS Provider (1.1) on the host(s). Download the installer from https://github.com/PureStorage-Connect/VSS-Provider.
- Configure the VSS Provider using PureProviderConfig.
- Example: C:Program FilesPure StorageVSSProviderPureProviderConfig add –url https://myarray –username pureuser –password <password> MyArray
- Install the PowerShell SDK (1.7.4.0) on the host(s). See instructions.
- Install the PowerShell Toolkit (3.3.224.0) on the host(s). See for instructions.
Sample PowerShell script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
New–VolumeShadowCopy –Volume D: –ScriptName VssReplication –MetadataFile VssReplcation –VerboseMode On $FlashArray = New–PfaArray –EndPoint 10.0.0.1–Credentials (Get–Credential) –IgnoreCertificateError Get–PfaVolume –Array $FlashArray –Name ‘boneyard3’ $VSSSnapshot = Get–PfaVolumeSnapshots –Array $FlashArray –VolumeName ‘boneyard3’ | ?{ $_.name –like ‘*VSS*’ } New–PfaVolume –Array $FlashArray –Source $VSSSnapshot.name –VolumeName ‘VssReplSnapshotVol’ $Target = Get–PfaArrayConnections –Array $FlashArray New–PfaProtectionGroup –Array $FlashArray –Name ‘VssRepl-PGroup’ –Volumes ‘VssReplSnapshotVol’ –Targets $Target.array_name $source = ‘solutions-lab-m20-c09-29:VssRepl-PGroup’ $FlashArrayRepl = New–PfaArray –EndPoint 10.0.0.2 –Credentials (Get–Credential) –IgnoreCertificateError Grant–PfaReplicationToTargetProtectionGroup –Array $FlashArrayRepl –Name $source New–PfaProtectionGroupSnapshot –Array $FlashArray –Protectiongroupname ‘VssRepl-PGroup’ –ReplicateNow |
Updated Best Practices for Using Protection Groups with VSS Snapshots
Since the original publication of this blog, Pure Storage has introduced new features and tools that enhance the use of Protection Groups with Volume Shadow Copy Service (VSS). Below are updated best practices and advancements to help you make the most of these capabilities.
1. Leveraging SafeMode™ for Immutable Snapshots
- What’s New: SafeMode™ snapshots provide immutable storage that cannot be deleted or altered, even by administrators. This feature is crucial for protecting against ransomware and other malicious attacks.
- How to Use:
- Enable SafeMode for your Protection Group in the FlashArray GUI or via PowerShell.
- Configure snapshot retention policies to meet your compliance and recovery needs.
- Use SafeMode snapshots for critical VSS-enabled applications to ensure secure and unalterable recovery points.
2. Advanced Automation with the PowerShell Toolkit
- What’s New: The latest Pure Storage PowerShell Toolkit includes enhanced cmdlets for managing VSS snapshots within Protection Groups.
- Key Cmdlets:
New-PfaProtectionGroupSnapshot: Create on-demand snapshots of a Protection Group.Restore-PfaVolumeSnapshot: Restore volumes directly from Protection Group snapshots with minimal downtime.
- Example Use:powershellCopyEdit
# Create a snapshot for a Protection Group New-PfaProtectionGroupSnapshot -Name "CriticalAppsGroup" -Array $FlashArray # Restore a specific volume from the snapshot Restore-PfaVolumeSnapshot -VolumeName "AppDatabase" -SnapshotName "CriticalAppsGroup_20250124"
3. Integrated Monitoring with Pure1®
- What’s New: Pure1® now includes enhanced monitoring and reporting for snapshots and Protection Groups, making it easier to track usage, compliance, and performance.
- How to Use:
- Use the Pure1® dashboard to monitor snapshot status and capacity usage for your Protection Groups.
- Set up alerts for snapshot success/failure or capacity thresholds to ensure proactive management.
4. Optimized Data Protection for Distributed Workloads
- What’s New: With advancements in hybrid and multi-cloud environments, Protection Groups now offer seamless integration with Pure Cloud Block Store™ for offsite replication and disaster recovery.
- Best Practices:
- Use Protection Groups to orchestrate VSS snapshots across distributed workloads, ensuring consistent recovery points for hybrid environments.
- Pair on-premises Protection Groups with Pure Cloud Block Store for offsite, cloud-based recovery options.
5. Enhanced Security and Compliance
- Protection Groups now support encryption at rest and role-based access controls (RBAC) to ensure that sensitive data remains secure and access is tightly controlled.
- Regularly review access permissions for Protection Groups to align with regulatory compliance requirements.
Conclusion
The combination of Pure Storage’s Protection Groups, VSS snapshots, and newer features like SafeMode™ and Pure1® monitoring provides a robust framework for data protection and recovery. By leveraging these advancements, organizations can secure their critical data, streamline recovery processes, and maintain compliance with modern security standards.
How Storage Plays a Role in Optimizing Database Environments
