Disaster Recovery in Windows
Lesson 2

UNDERSTANDING Shadow Copy Backups

By Sai Kurada
August 14, 2023
Shadow Copy, also known as Volume Shadow Copy Service (VSS), is a technology introduced by Microsoft to create point-in-time snapshots of files and volumes on Windows systems. These snapshots, known as shadow copies, enable users to recover previous versions of files and folders, offering an efficient data protection mechanism. Let's delve into the key aspects and benefits of Shadow Copy backups.
Key Features and Concepts:

Point-in-Time Snapshots:
  • Shadow copies capture the state of files and volumes at a specific moment in time, creating read-only copies of data.
Copy-on-Write Mechanism:
  • Shadow copies use a copy-on-write mechanism, ensuring that the original data remains untouched while changes are recorded in the snapshot.
Incremental Backups:
  • Shadow copies capture only changes made after the last snapshot, minimizing storage requirements and backup times.
Snapshot Providers:
  • VSS relies on snapshot providers (software or hardware) to manage the creation and maintenance of shadow copies.
Volume Shadow Copy Service (VSS):
  • VSS coordinates snapshot creation, ensuring applications and services are quiesced before capturing the snapshot.


Quick Data Recovery:
  • Shadow copies enable users to restore previous versions of files and folders without relying on traditional backups.
Efficient Storage:
  • Only incremental changes are stored in shadow copies, minimizing the storage space required.
Low Impact on Performance:
  • The copy-on-write mechanism has minimal impact on system performance during snapshot creation.
User-Friendly Recovery:
  • Users can restore files and folders on their own, eliminating the need for IT intervention in many cases.

Use Cases:

Accidental File Deletion:
  • Users can restore files they've accidentally deleted or modified incorrectly.
File Version Recovery:
  • Restore previous versions of files if they've been overwritten or modified in an undesirable way.
Data Corruption:
  • In case of data corruption, shadow copies can provide clean copies of files before the corruption occurred.
Quick File Retrieval:
  • Users can retrieve files without relying on IT personnel or complex backup restores.

Setting Up Shadow Copies:

Enable Shadow Copies:
  • Navigate to the properties of a volume and enable shadow copies in the "Shadow Copies" tab.
Schedule and Storage:
  • Configure the schedule for creating shadow copies and specify the maximum storage space they can occupy.
Recovery and Access:
  • Users can access previous versions of files by right-clicking a file, selecting "Properties," and navigating to the "Previous Versions" tab.


Storage Requirements:
  • While shadow copies are more storage-efficient than traditional backups, they still consume disk space over time.
Retention Policies:
  • Regularly manage shadow copy retention settings to prevent excessive storage consumption.

How Volume Shadow Copy Service Works

A complete VSS solution requires all the following basic parts:

1. VSS service: Part of the Windows operating system that ensures the other components can communicate with each other properly and work together.

2. VSS requester: The software that requests the actual creation of shadow copies (or other high-level operations like importing or deleting them). Typically, this is the backup application. The Windows Server Backup utility and the System Center Data Protection Manager application are VSS requesters. Non-Microsoft® VSS requesters include nearly all backup software that runs on Windows.

3. VSS writer: The component that guarantees we have a consistent data set to back up. This is typically provided as part of a line-of-business application, such as SQL Server® or Exchange Server. VSS writers for various Windows components, such as the registry, are included with the Windows operating system. Non-Microsoft VSS writers are included with many applications for Windows that need to guarantee data consistency during back up.

4. VSS provider: The component that creates and maintains the shadow copies. This can occur in the software or in the hardware. The Windows operating system includes a VSS provider that uses copy-on-write. If you use a storage area network (SAN), it is important that you install the VSS hardware provider for the SAN, if one is provided. A hardware provider offloads the task of creating and maintaining a shadow copy from the host operating system.

How a Shadow Copy Is Created

This section puts the various roles of the requester, writer, and provider into context by listing the steps that need to be taken to create a shadow copy. The following diagram shows how the Volume Shadow Copy Service controls the overall coordination of the requester, writer, and provider.
To create a shadow copy, the requester, writer, and provider perform the following actions:

1.    The requester asks the Volume Shadow Copy Service to enumerate the writers, gather the writer metadata, and prepare for shadow copy creation.
2.    Each writer creates an XML description of the components and data stores that need to be backed up and provides it to the Volume Shadow Copy Service. The writer also defines a restore method, which is used for all components. The Volume Shadow Copy Service provides the writer's description to the requester, which selects the components that will be backed up.
3.    The Volume Shadow Copy Service notifies all the writers to prepare their data for making a shadow copy.
4.    Each writer prepares the data as appropriate, such as completing all open transactions, rolling transaction logs, and flushing caches. When the data is ready to be shadow copied, the writer notifies the Volume Shadow Copy Service.
5.    The Volume Shadow Copy Service tells the writers to temporarily freeze application write I/O requests (read I/O requests are still possible) for the few seconds that are required to create the shadow copy of the volume or volumes. The application freeze is not allowed to take longer than 60 seconds. The Volume Shadow Copy Service flushes the file system buffers and then freezes the file system, which ensures that the file system metadata is recorded correctly and the data to be shadow copied is written in a consistent order.
6.    The Volume Shadow Copy Service tells the provider to create the shadow copy. The shadow copy creation period lasts no more than 10 seconds, during which all write I/O requests to the file system remain frozen.
7.    The Volume Shadow Copy Service releases file system write I/O requests.
8.    VSS tells the writers to thaw application write I/O requests. At this point applications are free to resume writing data to the disk that is being shadow copied.
Note: The shadow copy creation can be aborted if the writers are kept in   the freeze state for longer than 60 seconds or if the providers take longer than 10 seconds to commit the shadow copy.
9.    The requester can retry the process (go back to step 1) or notify the administrator to retry later.
10. If the shadow copy is successfully created, the Volume Shadow Copy Service returns the location information for the shadow copy to the requester. In some cases, the shadow copy can be temporarily made available as a read-write volume so that VSS and one or more applications can alter the contents of the shadow copy before the shadow copy is finished. After VSS and the applications make their alterations, the shadow copy is made read-only. This phase is called Auto-recovery, and it is used to undo any filesystem or application transactions on the shadow copy volume that were not completed before the shadow copy was created.

Shadow Copy backups provide an effective and user-friendly method for data protection and recovery. By creating point-in-time snapshots of files and volumes, users gain the ability to recover previous versions of their data quickly and efficiently. This technology strikes a balance between data protection, storage efficiency, and user empowerment, making it a valuable tool in maintaining data integrity and accessibility.