Identifying change to disk block level

windows disk-space-utilization block-level

Microsoft block tracking feature similar to VMware CBT mechanism should be available in Windows Server 2016. You could access this feature by using some public API's (like Veeam employs vSphere CBT). So I guess it may help you to track blocks of the data that have been changed. We are also running hyper-v using veeam and sitting on Starwind vSAN that works well with VSS. I know Nimble supports VSS/CBT too.


@batistuta09 mentioned Starwind https://www.starwindsoftware.com/starwind-virtual-san-free which is actually a virtual SAN and is free. It installs natively on Hyper-V and it has a journaling filesystem device called LSFS https://www.starwindsoftware.com/vm-centric-storage-lsfs that is VM oriented.

The nice thing about it that it generates new files (or chunks) sized AFAIK from 128MB to 512MB continuously when new data is written onto it. That might be sufficient for you to easily see how much "new" data is generated throughout a given period of time. The result might be not very precise though but probably will be good enough for your specific task and the installation and configuration is really simple.


I'm not going to get into too many specifics, and I realize this is a Windows Server question, but I'll point you in two directions I think may be viable for your purposes.

1) You could use a journaling file system, and capture the journal entries as they happen to produce a not perfect, but very close approximation of how many changes have been made in a particular time slice. Then you could use some math to determine block level changes to a decent level of accuracy.

Many journaling file systems allow you to place the journal itself on an entirely different piece of storage than the data, so you could conceivably do that (with XFS for example) onto a large piece of storage, and then analyse the journal over time slices with a separate tool or watcher.

Lots of possibilities with this approach I am not mentioning.. the sky's the limit.

2) If you require an actually accurate map on time slice (1) vs time slice (2) at the block level in terms of changed/not changed, I might think about using DRBD and two separate read only slaves (or software RAID 1, which would be easier, and possible on Windows Server, but more physically limiting).. one which is brought in at Time (a) and then disconnected. Then bring the second one in at time (b) and then disconnect it, and then do a static compare using any sort of tool you wish.. you just need to read in each block from both sources and do an XOR. If the result is greater then zero, it changed.

Related

Allow UFW access from IP wildcard
unmounted logical volume is "busy"?
How to disable all the admins accounts except built-in administrator on a domain?
EC2 - Hardware Failure
Is it possible to split an active subnet in aws?
what's the difference between '/etc/aliases' and /etc/postfix/aliases'
Munin : notification when everything is ok
LetsEncrypt certificate renewal failure
Is there any difference between load balancer url and the elastic beanstalk url?
How to inherit from Default Domain GPO?
How do you modify the existing access scope of a Google Cloud Platform service account?
Testing an SMTP server with SSL?