Protecting user data in a virtual desktop environment

Protecting virtual desktops is different from protecting virtual servers or traditional desktops. Industry expert Brian Madden digs in to what you need to know.

Brian Madden

Desktop virtualization is white-hot as more and more companies migrate their traditional desktop computers to virtual desktops. But this new focus on the desktop requires companies to think about how these newly virtualized desktops will be protected. What happens if a data center goes down? Does this mean that no one can do any work?

Unfortunately, the issue is more complex than traditional desktop backup and data protection problems. In this article, independent industry expert Brian Madden digs into what you need to know.


Learn more about the challenges of protecting virtual desktop user data in this videocast.


 Why is desktop virtualization different than traditional desktops when it comes to data protection? In the traditional desktop world, the words "backup" and "desktops" were rarely used in the same sentence. The general sentiment was "We don't back up desktops. If users want their data to be safe, they should store it on the network." The backup strategy for laptops was typically even worse, along the lines of "We don't back up laptops. If a user is storing stuff locally on their laptop and it's stolen, that's too bad!"

When it comes to desktop virtualization, most companies end up formalizing their management policies around the machines they're virtualizing, and that includes data protection and backup. Unfortunately, since many virtual desktop environments have end-user desktops running in the data center, many companies unwisely apply the default policy of "All data in the data center is backed up."

 Is backing up everything bad?
Not necessarily, but it's important to understand that if you just do full backups of each of your desktops, you will have a lot of redundant data in your backup library. For example, if each one of 1,000 users has 40 GB of desktop images, you're talking about 40 TB of backup data. But what is that 40 TB really? Probably 1,000 copies of Windows, 1,000 copies of Office, 1,000 copies of Acrobat Reader, etc. But in practical terms, you probably really need to back up only the user data. This is easy with traditional desktops -- since users just store their data on file servers -- but for virtual desktops, it can be tricky to find it.

 So backing up full images is not smart?
That's also not necessarily true. The nice thing about backing up full images is that they're easy to restore. If you lose a site or a server, you can just click and be done with the restore of that image, and the user is back up and running fast.

On the other hand, if you back up only the data, you'll have to figure out how to get the user up and running on a desktop with all the apps first before you can restore the data.

So which is better? It depends on what's most important to you.

 What's the difference between agent-based and storage-based backups?
As you design data protection for your virtual desktops, you also need to decide how the actual backup process takes place. Some solutions are agent-based, which means a small software agent runs in each desktop virtual machine (VM). Others are agentless, meaning that they back up everything from the outside and don't have any additional software in the VM.

 At first glance, you might think that agentless is better because there's nothing extra running in your VMs. But in reality, having a backup agent in each VM allows the backup software to do some very cool things.

First off, an in-guest agent allows you to back up only the important stuff that matters (i.e., "data") and ignore the stuff that doesn't (i.e., "OS files"). External solutions that merely take snapshots of the entire disk image don't have this file-level granularity.

Second, and perhaps more important, in-guest, agent-based data protection can offer other cool features, like continuous data protection (CDP). Rather than running backups on a periodic schedule, CDP-based software backs up data continuously as it changes. Not only can a system be restored to the exact moment before disaster strikes; users also have a sort of undo protection. For example, if a user just deleted an important file, he can go to the CDP interface to restore it to the latest -- or even earlier -- version.

 What do you need to figure out before you start designing your data protection solution?
If backing up user data in virtual desktop environments is important to you, there are a few things you should ask yourself before you get started.

First, figure out why you're backing up your environment. Do you want to protect against a total site failure, or are you concerned about single server failure? Maybe you want to make sure a lost laptop doesn't result in lost data, or maybe you just want to protect against user error.

Next, think about your recovery window. If a loss occurs, do you need to get the users up and running again instantly, or is it OK if it takes a few hours or days to recover everything?

Finally, it's important to understand the capabilities of your data protection vendor. Remember that protecting virtualized desktops is different than protecting typical servers. So it's important to find out if your vendor has a virtual desktop-specific product and if it has a clue about the desktop market. If a vendor's representatives say something like, "Why does it matter? Data is data!" then it's time to run away and find a new vendor.


So you can see that while protecting virtual desktops is different than protecting virtual servers or traditional desktops, if you frame your needs properly and do your research, it's possible to come up with a cost-effective design that ensures that your new virtual desktop environment won't collapse at the first hiccup.

This was last published in October 2010

Dig Deeper on Virtual desktop infrastructure and architecture



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.