What is Veeam Continuous Data Protection & How It Works
Go Back
IT Professionals

What is Veeam Continuous Data Protection & How It Works

When planning for Disaster Recovery (DR), Veeam customers have three options to achieve their desired Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). The three options are

  1. VMware based snapshot-based Replication
  1. Storage Snapshot Integrated Subsystem based replication
  1. Continuous Data Protection (CDP)

My focus in this blog will be the last option, CDP.  

What is Continuous Data Protection?

Veeam Continuous Data Protection (CDP) is a technology that helps you protect mission-critical VMware virtual machines. Continuous Data Protection (CDP) is built on-top of the vSphere APIs for I/Os and allows VMs to be replicated with near-zero RPOs.

For VMware snapshot-based replication, the RPO is generally set to 15 minutes and with CDP, the RPO could be set to seconds. This is possible because CDP is always on and does not create snapshots. It allows reaching a lower recovery point objective (RPO) compared to the snapshot-based replication — near-zero RPO which means almost no data loss.

How Storage Snapshot Integration is similar to Veeam Continuous Data Protection

For customers using Storage Snapshot Integration with a Veeam “Integrated” partner, CDP might not be necessary as they are using their Storage Sub-system resources to perform the snapshots.  

By delegating the replication task to the underlying storage hardware for snapshots, it reduces the VMware overhead and achieves near-zero RPOs. I would encourage Veeam customers to examine Veeam-Storage integration offers as they can benefit from:

  • Minimal impact on the virtual infrastructure during the replication process
  • RTO/RPO of less than 15 minutes
  • Verified recoverability  
  • Hyper-Visor Agnostic
  • OS Agnostic
  • Block level Replication  

Why Veeam Continuous Data Protection is Optimal

With the release of CDP in Veeam B&R v11, Veeam customers are now able to get near-zero RPO without any additional Capex expenditure and/or vendor lock-in.  

Veeam CDP can help better protect the Tier One workloads running on VMware vSphere.


We also need to keep in mind that different applications carry different levels of criticality and not all workloads need to be protected in the same way.  

It is important to work with the business to categorize the workloads that best match their level of criticality.

Here is an example of how to categorize workloads:

How to Achieve Desired RTO & RPO with Veeam CDP

Veeam CDP is intercepting I/Os as they happen at a pre-defined policy internal and sending them from a source to a target vSphere Host as a VM replica.  The VAIO mechanism allows those lower RPOs than what you get in traditional snapshot-based replication.  

For many customers using Veeam Backup & Replication there are additional backup infrastructure components are required for CDP.  

Deep Dive into How CDP Works

Note: Information below can be found on the Veeam’s Help Center

“The following backup infrastructure components are required for CDP:

  • Backup server
  • Source and target hosts
  • VMware CDP proxies

Backup Server

The backup server is the configuration, administration and management core of the backup infrastructure. The backup server runs the Veeam CDP Coordinator Service. This service coordinates replication and data transfer tasks, and controls resource allocation. When planning for DR with a 2nd site, we recommend installing the backup server in the target site. In the event of a disaster, the Backup server would be available to preform the actions required to re-establish the services.

Source and Target Hosts

When planning for DR there is a concept of a Primary and Secondary site. The Primary Site (source) and the Secondary Site (target) hosts are points between which replicated VM data is moved. The source and target hosts must be a part of the same cluster or two different clusters. In turn, clusters must be managed by the same vCenter Server or two different vCenter Servers connected to the same backup server. For more information on requirements to the hosts and how to add vCenter Servers to the backup infrastructure, see the Requirements and Limitations and Adding VMware vSphere Servers sections.

The source and target hosts perform the following tasks:

  • The source host reads VM disk data, reads and processess I/O operations and sends data to source proxies. The data is sent uncompressed.
  • The target host receives data from target proxies and saves this data to VM replicas on the datastore. Also, the target host manages VM replicas: creates replicas, retains restore points and so on.

I/O Filter on Hosts

Unlike snapshot-based replication, to able to use hosts for CDP, you must install the I/O filter on each cluster where hosts reside. After you install the I/O filter on the clusters, Veeam Backup & Replication automatically installs the filter on all hosts added to the clusters. For more information on how to install the filter, see Installing I/O Filter.

It is the I/O filter that reads and processes I/O operations in transit between the protected VMs and their underlining datastore and that sends/receives data to/from VMware CDP proxies. Also, the filter communicates with the Veeam CDP Coordinator Service on the backup server and notifies the service that the backup infrastructure must be reconfigured if any proxy becomes unavailable. This I/O filter is built on the basis of vSphere API for I/O filtering (VAIO) and provides the capabilities to be able to achieve near-zero RPO.

VMware CDP Proxies

If you have worked with Veeam in the past, you are familiar with the Proxy Component. For CDP, VMware CDP proxy is a component that operates as a data mover and transfers data between the source and target hosts. We recommend you configure at least two VMware CDP proxies: one (source proxy) in the production site and one (target proxy) in the disaster recovery site.

The source and target VMware CDP proxies perform the following tasks:

  • The source proxy prepares data for short-term restore points from data received from the source host, compresses and encrypts the data (if encryption is enabled in the network traffic rules). Then sends it to the target proxy.
  • The target proxy receives the data, decompresses and decrypts it, and then sends to the target host.

For more information on VMware CDP proxies, their requirements, limitations, and deployment, see VMware CDP Proxy.”

I had a chance to chat about CDP with Veeam’s Sean Simpson and Marty Williams. Interested in learning more, feel free to watch the video.

Featured Posts
Cyber Talk

Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.