Summary:

In this article we will learn about “How Volume Shadow Copy Service (VSS)co–ordinates with Writers and Provider to create consistent shadow copy of volume“

Prerequisite

Applies to Windows Operating System on physical servers and virtual machines

Volume Shadow Copy Service (VSS)co–ordinates with Writers and Provider to create consistent shadow copy of volume

1. Requester sends GatherWriterMetadat call to VSS, generating VSS Identify event. In response, Writers create it metadata document

2. Writers add components information: Selectable and Non-Selectable files and Explicit Included, Restore method for all the components

Example of Writer Metadata

---
DISKSHADOW> list writers detailed
Listing the writer metadata ...

	* WRITER "System Writer"
		- Writer ID   = {e8132975-6f93-4464-a53e-1050253ae220}
		- Writer instance ID = {d0018183-3f2b-4395-aa49-fa2fd4132736}
		- Supports restore events = FALSE
		- Writer restore conditions = VSS_WRE_NEVER
		- Restore method = VSS_RME_RESTORE_AT_REBOOT_IF_CANNOT_REPLACE
		- Requires reboot after restore = TRUE
		- Excluded files:
		+ Component "System Writer:\System Files"
			- Name: System Files
			- Logical path: 
			- Full path: \System Files
			- Caption: System Files
			- Type: VSS_CT_FILEGROUP [2]
			- Is selectable: TRUE
			- Is top level: TRUE
			- Notify on backup complete: FALSE
			- Components:
			- File List: Path = C:\Windows\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}, Filespec = *
			- File List: Path = C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}, Filespec = *
			- File List: Path = C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}, Filespec = *
			- File List: Path = C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}, Filespec = *
			- File List: Path = %systemroot%\winsxs, Filespec = *.*
			- File List: Path = %systemroot%\servicing\packages, Filespec = *.*
			- File List: Path = %systemroot%\servicing\Version, Filespec = *.*
			
	.
	.
	.
	.
	.
	.
	.
	.
	
	
	Number of writers listed: 9
	

3. Requester reviews the Metadata information to examine what application are running and which volumes will take part in shadow copy to get complete backup

4. VSS Notify writers to prepare for a backup operation. On receiving PrepareForBackup Writer performs component-by-component operation (adding partial file (only portions of a given file are to be backed up and which portions those are), setting any private metadata that the writer will need to handle restore, Make possible changes for Incremental and differential backup, Synchronize data across all Disks

5. Writer should hold all writes and keep the data in an absolute consistent state before Freeze else queuing incoming I/O requests or generating a duplicate set of files in an alternate path to be used as the source of a backup. Writer Freeze defaults 60 seconds. Writers can override to +20 seconds

6. Volume Shadow Copy service flushes the file system before volume shadow Copy occurs to ensure that the Files System is consistent.

7. Provider initiate snapshot of volumes. Once the Snapshot is completes (Snapshot is consistent for backup), share the snapshot information to VSS. The shadow copy creation defaults 10 seconds

8. The Volume Shadow Copy Service releases file system write I/O requests.

9. Once the shadow copy operation is completed, writers returns to a pre-freeze state. It is generally possible for a writer to resume normal operation following a Thaw event

The shadow copy creation can be aborted if the writers are kept in the freeze state for longer than 60 seconds or if the providers take longer than 10 seconds to commit the shadow copy.

10. VSS enables a requester to access the shadow copy of volumes containing data for backup and to copy data to backup media

Shadow Copy Process with pinch of VSS Methods/Functions

VSS co-ordinates with Writers and Providers through multiple phases to create consistent shadow copy of volumes.

Initialization Phase

1. Requester sends GatherWriterMetadata call to VSS, generating VSS Identify event. In response, Writers create it metadata document

2. Writers add components information: Selectable and Non-Selectable files and Explicit Included, Restore method for all the components

Discovery Phase

3. Requester reviews the Metadata information to examine what application are running and which volumes will take part in shadow copy to get complete backup

  a. Retrieve Writer Metadata Documents

  b. Use the list of components and their file sets, as well as excluded files, to obtain a list of volumes and files involved in the backup

  c. Choose which components in the writer’s Writer Metadata Document to back up. Call IVssBackupComponents::AddComponent for each component to add it to the Backup Components Document

  d.Initialize the shadow copy set, context and check for supported volumes

Pre-Backup Tasks

4. Pre-backup tasks under VSS are focused on creating a shadow copy of the volumes containing data for backup. The backup application will save data from the shadow copy, not the actual volume.

  5. VSS Notify writers to prepare for a backup operation. On receiving PrepareForBackup Writer performs component-by-component operation (adding partial file (only portions of a given file are to be backed up and which portions those are), setting any private metadata that the writer will need to handle restore, Make possible changes for Incremental and differential backup, Synchronize data across all Disks)

6. Requester call DoSnapshotSet, initiate the shadow copy and generate Writers to handle following events (PrepareForSnapshot, Freeze, Thraw, PostSnapshot)

  OnPrepareSnapshot: Shut down process, create temporary files and drain IO queue

Note: Writer should hold all writes and keep the data in an absolute consistent state before Freeze else queuing incoming I/O requests or generating a duplicate set of files in an alternate path to be used as the source of a backup

    a. OnFreeze verify that the CVssWriter::OnPrepareSnapshot left I/O in the correct state, and that any asynchronous tasks started by CVssWriter::OnPrepareBackup completed. This method is a writer’s last chance to veto a shadow copy if there are problems

  b. Volume Shadow Copy service sent IOCTL_Volosnap_Flush_And_Hold_Writes to File System (NTFS) to flush the file system before volume shadow Copy occurs. Once the NTFS has put the file system in such state, it must pass the IRP with IOCTL_Volosnap_Flush_And_Hold_Writes down to the stack to next driver while continuing to keep the file system in such read-only mountable state until below drivers completes the IRP

  c. Provider initiate snapshot of volumes. Once the Snapshot is completes (Snapshot is consistent for backup), share the snapshot information to VSS.

  d. OnThaw is used by writers to return to a pre-freeze state. It is generally possible for a writer to resume normal operation following a Thaw event

  e. OnPostSnapshot for this sort of cleanup

7. VSS enables a requester to access the shadow copy of volumes containing data for backup and to copy data to backup media.

Actual Backup Of Files

8. During this phase, Requestor refer device object and the paths in the Writer Metadata Document specifications to obtain components list that are used to select files for backup

NOTE: Files included in the backup list depends on the type of backup, component selectability and logical path structure of the writer

9. After a backup is completed, requester will generate BackupComplete event, VSS will call each writer’s CVssWriter::OnBackupComplete method

10. The writer will then determine success or failure of the backup by calling IVssComponent:GetBackupSucceeded. The value returned by IVssComponent:GetBackupSucceeded will be TRUE only if all explicitly included files in the component and all implicitly included of any of its subcomponents have been successfully backed up.

11. When the call to CVssWriter::OnBackupComplete has completed, the requester should call IVssBackupComponents::GatherWriterStatus and IVssBackupComponents::GetWriterStatus (for each writer) one last time.

12. The writer session state memory is a limited resource and writers must eventually reuse session states. This step marks the writer’s backup session state as completed and notifies VSS that this backup session slot can be reused by a subsequent backup operation.

Backup Termination

13. The requester terminates the shadow copy by releasing the IVssBackupComponents interface or by calling IVssBackupComponents::DeleteSnapshots

14. The writer handles the event with CVssWriter::OnBackupShutdown, which allows it to clean up any state related to the shadow copy set.

Note: There is no reason to call IVssBackupComponents::DeleteSnapshots. This method is designed to be used in conjunction with error handling and aborting backups

Additional Information

Writer Errors and Vetoes

A writer can fail for numerous programmatic reasons. When this happens,

• It should veto the ongoing backup, restore, or shadow copy operation by calling the CVssWriter::SetWriterFailure method in one of its handler methods (for example, CVssWriter::OnFreeze or CVssWriter::OnPreRestore) and returning TRUE.

• It can also optionally set an error message string in response to a failure condition in certain handler methods with the IVssComponentEx::SetPrepareForBackupFailureMsg, IVssComponentEx::SetPostSnapshotFailureMsg, IVssComponent::SetPreRestoreFailureMsg, and IVssComponent::SetPostRestoreFailureMsg methods.

• The requester can accept the veto or continue with the backup, ignoring the veto.

• The following writers are hosted in the VSS service: Registry Writer, COM+ Class Registration Database Writer, Shadow Copy Optimization Writer, and Automated System Recovery (ASR) writer.

• Depending on which writer and which components generate them, it is not always necessary for a backup application to abort following a veto or error.

For example, a requester may decide that the intent of the shadow copy is to backup application A and the veto has been received from the writer for backup application B. In this case, it is perfectly acceptable to continue to back up application A while ignoring the veto received from writer for application B

Volsnap Flush and Hold

• Volume Shadow Copy service sent IOCTL_Volosnap_Flush_And_Hold_Writes to File System (NTFS) to flush the file system before volume shadow Copy occurs

• IOCTL_Volosnap_Flush_And_Hold_Writes is issued as a IRP_MJ_DEVICE_Control request that is sent only to volume device object of a local file system and to the file system filter driver that may have attached to that volume

• When NTFS receives IOCTL_Volosnap_Flush_And_Hold_Writes,  the files system flush the volume to the disk, forcing the disk structure of the file system into consistent and up-to-date state

• The file system should lock the File system in the read-only mountable state, blocking any new file system changes to prevent disk cached pages from becoming dirty

• Once the NTFS has put the file system in such state, it must pass the IRP with IOCTL_Volosnap_Flush_And_Hold_Writes down to the stack to next driver while continuing to keep the file system in such read-only mountable state until below drivers completes the IRP.

• When the IRP completes or cancelled, the file system then re-enable I/O on the volume

The Volume Shadow Copy driver, volsnap.sys, is a storage filter driver that loads on the top of the storage stack below file system

Reference: