VSS backup and restore evaluation criteria
Published: July 16, 2012
Find evaluation criteria information for using VSS backup and restore to back up Exchange data.
Applies to: Exchange 2013 | Exchange Server 2003 | Exchange Server 2007 | Exchange Server 2010
In this article
Functional criteria for VSS backup and restore
Development criteria for VSS backup and restore
Security criteria for VSS backup and restore
Deployment criteria for VSS backup and restore
The Volume Shadow Copy Service (VSS) component of versions of the Windows operating system starting with Windows Server 2003 coordinates the activities of providers, writers, and requesters for applications that create and use shadow copies. You can use the VSS writer for Exchange Server 2010 and later versions to enable your applications to back up and restore Exchange mailbox databases that are stored on hardware that supports the VSS.
You can use VSS to back up and restore Exchange data at the individual database level only in versions of Exchange starting with Exchange 2010. Although you can use VSS to back up multiple Exchange databases in Exchange 2003 and Exchange 2007, you can only perform one backup at a time.
The following table lists and describes the functional criteria for VSS. For descriptions of the functional criteria, see Functional criteria in the Exchange development technology evaluation criteria descriptions article.
Applications use VSS to back up and restore Exchange 2003 and Exchange 2007 storage groups, and Exchange 2010 and Exchange 2013 databases.
VSS is a component of Windows Server 2003 and later versions of the operating system. The Exchange writers are installed when Exchange 2010 or later is installed on Windows Server 2008 or later operating systems. VSS is only applicable to Exchange on-premises.
Backup and restore applications that use VSS to back up Exchange databases typically consist of a background service that performs the backup, a scheduling service, and a Windows GUI application console that controls and configures the backup and restore system.
Applications that use VSS to back up Exchange servers must run on the Windows Server 2008 computer on which the Exchange store process is running. Because of the flexibility in large storage systems, the hardware hosting the storage volumes might not physically be part of the computer running Windows Server 2008.
Applications that use VSS to back up and restore whole storage volumes use COM objects and interfaces that include the following: IVssAsync, IVSSBackupComponents, IVssComponent, IVssCreateWriterMetadata, IVssEnumObject, IVssExamineWriterMetadata, IVssWMComponent, IVssWMDependency, IVssWMFiledesc, IVssWriterComponents, and IVssWriterComponentsExt.
Data access model
Whether you can access data in a VSS shadow copy depends on the hardware vendor's hard drive implementation. You should not use Exchange to directly access the storage group data inside the shadow copy. You must restore the data to its original location before Exchange can mount the storage group.
When an application uses VSS and the Exchange writer to back up or restore data, the code that accesses VSS and the writer should be single-threaded. Applications should not use multiple simultaneously executing threads to access the VSS COM objects.
Applications typically also use the CHKSGFILES API to verify the database snapshots before writing them to the backup media. The CHKSGFILES APIs can be used in multithreaded applications. For more information, see the Exchange Server 2010 Backup and Restore SDK.
Applications that use VSS to back up and restore Exchange servers do not support transactions.
Applications that use VSS can take advantage of the Windows Events and performance counters that VSS provides, the Exchange writer, and any performance counters that are provided by the VSS-compatible storage hardware vendor.
The following table lists and describes the development criteria for the Exchange Writers for Volume Shady Copy Service. For descriptions of the development criteria, see Development criteria in the Exchange development technology evaluation criteria descriptions article.
Languages and tools
VSS can be used in any COM-compatible language. It is most frequently used in applications written in C++. Because you have to take the Exchange store offline to create shadow copies, backup applications are typically time-sensitive, which in most cases makes using languages like Visual Basic or VBScript impractical.
The VSS APIs can be used in a managed code environment via a COM Interop Assembly.
Yes, but not recommended.
No special tools are required to debug applications that use the Windows VSS.
Developers who can effectively program VSS applications are available.
Refer to your Exchange and MSDN subscription licensing agreements to determine whether additional licenses are required for the Exchange servers that store the data backed up and restored by custom VSS applications.
The following table lists and describes the security criteria for the Exchange Writers for Volume Shady Copy Service. For descriptions of the security criteria, see Security criteria in the Exchange development technology evaluation criteria descriptions article.
The VSS infrastructure requires VSS requesters, such as backup applications, to be able to function both as COM clients and as a server. Requesters need to securely manage which COM clients are able to make incoming COM calls into its process. The requester-specific security settings must allow outgoing COM calls from the requester to the VSS service and writer processes.
You do not need any specific permissions to install applications that use VSS. Because the applications must run on the Exchange server, the account under which the application is installed must have sufficient permission to install software on that computer, and to make requests via the Exchange VSS writers.
The account that runs a VSS requester typically has to be a member of the Administrators built-in group or the Backup Operators group.
Built-in security features
VSS requester applications can use the CoInitializeSecurity function to set a process-wide permission check of default COM access. You can also set VSS writers to allow all processes access to call into the requester processes or to allow only specific processes access to call into the requester process. You can configure additional registry settings to allow access to specific applications.
Security monitoring features
VSS does not include any built-in security monitoring features.
The following table lists and describes the deployment criteria for the Exchange Writers for Volume Shady Copy Service. For descriptions of the deployment criteria, see Deployment criteria in the Exchange development technology evaluation criteria descriptions article.
Server platform requirements
The Exchange VSS writers are only available when versions of Exchange starting with Exchange 2010 are running on versions of the Windows Server operating system starting with Windows Server 2008.
Client platform requirements
There are no client requirements beyond the VSS core requirements.
You can use standard software distribution technologies to install VSS applications on servers.
July 16, 2012