Component requirements
Ensure that you have the required system configuration and a supported browser to deploy and run IBM Spectrum Protect Plus.
To help ensure that backup and restore operations can be run successfully, your system must meet the hardware and software requirements. Use the following requirements as a starting point. For the most current requirements, which might include updates, see technote 2013790.
IBM Spectrum Protect Plus support for third-party platforms, applications, services, and hardware depend on the third-party vendors. When a third-party vendor product or version enters extended support, self-serve support, or end of life, IBM Spectrum Protect Plus supports the product or version at the same level as the vendor.
Virtual machine installation
IBM Spectrum Protect Plus is installed as a virtual appliance. Before you deploy IBM Spectrum Protect Plus to the host, ensure that one of the following requirements is met:
- vSphere 6.0, 6.5, or 6.7
- Microsoft Hyper-V 2016 or Microsoft Hyper-V 2019
- 64-bit 8-core machine
- 48 GB memory
- 536 GB disk storage for the virtual machine (VM)
Use a Network Time Protocol (NTP) server to synchronize the time zones across IBM Spectrum Protect Plus resources in your environment, such as the IBM Spectrum Protect Plus appliance, storage arrays, hypervisors, and application servers. If the clocks on the various systems are significantly out of sync, you might experience errors during application registration, metadata cataloging, inventory, backup, or file restore jobs. For more information about identifying and resolving timer drift, see the following VMware knowledge base article: Time in virtual machine drifts due to hardware timer drift
Browser support
- Firefox 55.0.3 and later
- Google Chrome 60.0.3112 and later
- Microsoft Edge 40.15063 or Microsoft EdgeHTML 15.15063 and later
If your screen resolution is lower than 1024 x 768, some items might not fit in the window. Enable pop-up windows in your browser to access the help system and some IBM Spectrum Protect Plus operations.
IBM Spectrum Protect requirements
If you plan to use IBM Spectrum Protect as a repository server for copying data to cloud storage, ensure that you are using IBM Spectrum Protect V8.1.9.
IBM Spectrum Protect Plus ports
IBM Spectrum Protect Plus and associated services use the following ports. The ports use secure connections (HTTPS or SSL).
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
22 | Transmission Control Protocol (TCP) | vSnap server | IBM Spectrum Protect Plus appliance | Provides access to troubleshoot and maintain tasks on the IBM Spectrum Protect Plus appliance by using the Secure Shell (SSH) protocol. |
443 | TCP | IBM Spectrum Protect Plus user interface | IBM Spectrum Protect Plus appliance | Provides web access by using the Hypertext Transfer Protocol Secure (HTTPS). This is the main entry point for client connections, which use the Secure Sockets Layer (SSL) protocol. |
5671 | TCP and Advanced Message Queuing Protocol (AMQP) | VMware vStorage API for Data Protection proxy (VADP proxy) host | IBM Spectrum Protect Plus appliance | Used to manage messages produced and consumed by the VADP proxy and VMware job management workers. This is a RabbitMQ message framework, which also facilitates job log management. |
8090 | TCP | Administrative console | IBM Spectrum Protect Plus appliance | Provides access for system administration. This extensible framework supports plugins that run operations such as system and network updates. |
8761 | TCP | VADP proxy host | IBM Spectrum Protect Plus appliance | Automatically discovers VADP proxies and is used by IBM Spectrum Protect Plus virtual machine (VM) backup operations. |
111 | TCP | vSnap server | IBM Spectrum Protect Plus appliance: Onboard vSnap server | Allows Open Network Computing (ONC) clients to discover ports for communicating with ONC servers. |
2049 | TCP | vSnap server | IBM Spectrum Protect Plus appliance: Onboard vSnap server | Used to transfer Network File System (NFS) file sharing by the vSnap server. |
3260 | TCP | vSnap server | IBM Spectrum Protect Plus appliance: Onboard vSnap server | Used for Internet Small Computer System Interface (iSCSI) data transfer by the vSnap server. |
20048 | TCP | vSnap server | IBM Spectrum Protect Plus appliance: Onboard vSnap server | Used for NFS data transfer by the vSnap server. |
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
22 | TCP | IBM Spectrum Protect Plus appliance | vSnap server or VADP proxy host | Provides access to troubleshoot and maintain tasks on remote vSnap servers and the VADP proxy by using Secure Shell (SSH) protocol. |
25 | TCP | IBM Spectrum Protect Plus appliance | Email server that can be accessed by using the Simple Mail Transfer Protocol (SMTP) | Provides access to an email service. |
389 | TCP | IBM Spectrum Protect Plus appliance | Lightweight Directory Access Protocol (LDAP) server | Provides access to Active Directory Services. |
443 | TCP | IBM Spectrum Protect Plus appliance | Hypervisor: VMware ESXi host and vCenter |
Provides access to ESXi and vCenter for managing operations. |
636 | TCP | IBM Spectrum Protect Plus appliance | LDAP server | Provides access to Active Directory Services by using the SSL protocol. |
902 | TCP | IBM Spectrum Protect Plus appliance | Hypervisor: VMware ESXi host | Used for the Network File Copy (NFC) protocol, which provides a file-type-aware File Transfer Protocol (FTP) service for vSphere components. By default, ESXi uses NFC for operations such as copying and moving data between datastores. |
5985 | TCP | IBM Spectrum Protect Plus appliance | Hypervisor: Hyper-V or agents that use the ISCSI initiator | Provides access to the Microsoft Windows Remote Management (WinRM) service for Windows-based servers. |
5986 | TCP | IBM Spectrum Protect Plus appliance | Hypervisor: Hyper-V or agents that use the ISCSI initiator | Provides access to the Secure WinRM service for Windows-based servers. |
8098 | TCP | IBM Spectrum Protect Plus appliance | VADP proxy host | Supports Representational State Transfer application programming interface (REST API) communications between the IBM Spectrum Protect Plus appliance and the VADP proxy by using the Transport Layer Security (TLS) protocol. |
8900 | TCP | IBM Spectrum Protect Plus appliance | vSnap server | Supports the Open Virtual Appliance (OVA) or Installer version of the intelligent storage framework that is used as a target for data protection operations. |
- The labeled resources in the gray background represent the core services of the IBM Spectrum Protect Plus virtual appliance.
- The colors of the various modules represent different types of services as defined by the key, which is below the diagram.
- The area that is labeled Firewall represents the network firewall.
- Services that appear in the Firewall area indicative of the ports that are open on the firewall.
- Dashed arrows represent communication among resources and services.
- The arrow flows TOWARD the listening port.
- The port numbers that need to be open are indicated by the LISTENING port. For example, the vSnap service is represented as being external to the IBM Spectrum Protect Plus virtual appliance. It is listening on port 8900 as well as other ports.
- A component in the virtual appliance establishes a communication path with a connection to the vSnap service at port 8900.
1. The following agents use an iSCSI initiator: Microsoft SQL Server and Microsoft Exchange.
2. The following agents use an NFS client: VMware, Microsoft Hyper-V, Db2®, Oracle, MongoDB, Kubernetes, and Office 365.
vSnap server requirements
A vSnap server is the primary backup destination for IBM Spectrum Protect
Plus. In either a VMware or Hyper-V environment, one
vSnap server with the name localhost
is automatically installed when theIBM Spectrum Protect
Plus appliance is initially deployed. In larger
backup enterprise environments, more vSnap servers might be required.
Allocate memory based on backup capacity for more efficient data deduplication. For more information about how to build an IBM Spectrum Protect Plus solution, see the IBM Spectrum Protect Plus Blueprints.
- 64-bit 8-core processor
- 32 GB memory
- 16 GB free space on root file system
- 128 GB free space in a separate file system mounted at /opt/vsnap-data
The Linux Network Management service must be installed and running.
- To improve backup performance, configure the pool to use one or more log devices that are backed up to an SSD. Specify at least two log devices to create a mirrored log for better redundancy.
- To improve restore performance, configure the pool to use a cache device that is backed up to an SSD.
vSnap server VM installation requirements
Before you deploy the vSnap server to the host, ensure that one of the following requirements is met:
- vSphere 6.0, 6.5. or 6.7
- Microsoft Hyper-V 2016 or Microsoft Hyper-V 2019.
vSnap server physical installation requirements
Beginning with V10.1.3, IBM Spectrum Protect Plus provides new functions that requires the kernel levels that are supported in Red Hat Enterprise Linux (RHEL) 7.5 and CentOS 7.5. If you must use operating systems earlier than RHEL 7.5 and CentOS 7.5, use IBM Spectrum Protect Plus for physical vSnap V10.1.2 installations.
The following Linux operating systems are supported for IBM Spectrum Protect Plus V10.1.5 physical vSnap server installations:
- CentOS 7.1804 (7.5) (x86_64)
- CentOS 7.1810 (7.6) (x86_64)
- RHEL 7.5 (x86_64)
- RHEL 7.6 (x86_64)
If you are using the following operating systems, use IBM Spectrum Protect Plus for physical vSnap server V10.1.2 installations:
- CentOS 7.3.1611 (x86_64)
- CentOS 7.4.1708 (x86_64)
- RHEL 7.3 (x86_64)
- RHEL 7.4 (x86_64)
vSnap server ports
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
22 | TCP | IBM Spectrum Protect Plus appliance, hypervisors or agents that use NFS client | vSnap server | Provides access to troubleshoot and maintain tasks on vSnap servers by using Secure Shell (SSH) protocol. |
111 | TCP | vSnap server, VADP proxy or agents that use the NFS client | vSnap server | Allows Open Network Computing (ONC) clients to discover ports for communicating with ONC servers. |
137 | UDP | vSnap server or agents that use the ISCSI initiator | vSnap server | Provides a target port that is used by the vSnap Server Message Block (SMB) or the Common Internet File System (CIFS) to mount file system shares for transaction log backup and recovery operations. |
138 | UDP | vSnap server or agents that use the ISCSI initiator | vSnap server | Provides a target port that is used by the vSnap SMB or the CIFS to mount file system shares for transaction log backup and recovery operations. |
139 | TCP | vSnap server or agents that use the ISCSI initiator | vSnap server | Provides a target port that is used by the vSnap SMB or the CIFS to mount file system shares for transaction log backup and recovery operations. |
445 | TCP | vSnap server or agents that use the ISCSI initiator | vSnap server | Provides a target port that is used by the vSnap SMB or the CIFS to mount file system shares for transaction log backup and recovery operations. |
2049 | TCP | vSnap server, VADP proxy host or agents that use NFS client | vSnap server | Used to transfer Network File System (NFS) file sharing by the vSnap server. |
3260 | TCP | vSnap server or agents that use NFS client | vSnap server | Used for iSCSI data transfer by the vSnap servers. |
8900 | TCP | IBM Spectrum Protect Plus appliance | vSnap server | Supports the Open Virtual Appliance (OVA) or Installer version of the intelligent storage framework that is used as a target for data protection operations. |
20048 | TCP | vSnap server, VADP proxy host or agents that use NFS client | vSnap server | Mounts vSnap file systems on clients such as the VADP proxy, application servers, and virtualization data stores. This port is also used for NFS data transfer to vSnap servers. |
VADP proxy requirements
In IBM Spectrum Protect Plus, running VM backup jobs through VADP requires significant system resources. By creating VADP backup job proxies, you enable load sharing and load balancing for your IBM Spectrum Protect Plus backup jobs. If proxies exist, the entire processing load is shifted from the IBM Spectrum Protect Plus appliance onto the proxies.
VADP proxies support the following VMware transport modes: File, SAN, HotAdd, NBDSSL, and NBD. For more information about VMware transport modes, see Virtual Disk Transport Methods.
This feature is supported only in 64-bit quad core or higher configurations with a minimum kernel version of 2.6.32 in the following Linux environments:
- CentOS 6.5 and later maintenance and modification levels (beginning with 10.1.1 patch 1)
- CentOS 7.0 and later maintenance and modification levels (beginning with 10.1.1 patch 1)
- RHEL 6, Fix pack 4 and later maintenance and modification levels
- RHEL 7 and later maintenance and modification levels
- SUSE Linux Enterprise Server 12 and later maintenance and modification levels
For more information about how to build an IBM Spectrum Protect Plus solution, IBM Spectrum Protect Plus Blueprints.
For initial deployment of a VADP proxy server, ensure that your Linux server meets the following minimum requirements:
- 64-bit quad core processor
- 8 GB random access memory (RAM) required, 16 GB preferred
- 60 GB free disk space
Because of increased CPU usage and concurrency on the VADP proxy server, the memory that is allocated on the proxy server must be increased. The proxy must be able to mount NFS file systems, which in many cases require an NFS client package to be installed. The package details vary based on the distribution.
Each proxy must have a fully qualified domain name and must be able to resolve and reach the vCenter. The vSnap servers must be reachable from the proxy.
Port 8098 on the VADP proxy server must be open when the proxy server firewall is enabled.
VADP proxy ports
The following ports are used by VADP proxies. The ports use secure connections (HTTPS or SSL).
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
22 | TCP | IBM Spectrum Protect Plus appliance | VADP proxy host | Provides access to troubleshoot and maintain tasks on VADP proxy hosts by using the SSH protocol. |
8098 | TCP | IBM Spectrum Protect Plus appliance | VADP proxy host | Supports Representational State Transfer application programming interface (REST API) communications between the IBM Spectrum Protect Plus appliance and the VADP proxy by using the Transport Layer Security (TLS) protocol. |
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
111 | TCP | VADP proxy host | vSnap server | Allows Open Network Computing (ONC) clients to discover ports for communicating with ONC servers. |
443 | TCP | VADP proxy host | Hypervisor: VMware ESXi Host and vCenter | Provides access to ESXi and vCenter for managing operations. |
902 | TCP | VADP proxy host | Hypervisor: VMware ESXi Host | Used for the Network File Copy (NFC) protocol, which provides a file-type-aware File Transfer
Protocol (FTP) service for vSphere components. By default, ESXi uses NFC for operations such as copying and moving data between datastores. |
2049 | TCP | VADP proxy host | vSnap server | Used to transfer Network File System (NFS) file sharing by the vSnap server. |
5671 | TCP and AMQP | VADP proxy host | IBM Spectrum Protect Plus appliance | Used to manage messages produced and consumed by the VADP proxy and VMware job management workers. This is a RabbitMQ message framework, which also facilitates job log management. |
8761 | TCP | VADP proxy host | IBM Spectrum Protect Plus appliance | Automatically discovers VADP proxies and is used by IBM Spectrum Protect Plus virtual machine (VM) backup operations. |
20048 | TCP | VADP proxy host | vSnap server | Mounts vSnap file systems on clients such as the VADP proxy, application servers, and virtualization data stores. This port is also used for NFS data transfer to vSnap servers. |
If the firewall command script is not available on your system, edit the firewall manually to add necessary ports, and restart the firewall. For instructions about editing firewall ports, see Editing firewall ports.
VADP proxy on vSnap server requirements
VADP proxies can be installed on the vSnap servers in your IBM Spectrum Protect Plus environment. A combination VADP proxy and vSnap server must meet the minimum requirements of both devices. Consider the system requirements of both devices and add the core and RAM requirements together to identify the minimum requirements of the combination VADP proxy and vSnap server. Ensure that your combination VADP proxy and vSnap server meet the following minimum requirements, which are the sum of the requirements for each device.
Ensure that your combination VADP proxy and vSnap server meet the following minimum requirements, which are the sum of the requirements for each device.
- 64-bit 8-core processor
- 48 GB RAM
All required VADP proxy and vSnap server ports must be open on the combination VADP proxy and vSnap server. Review the VADP proxy and vSnap ports sections of the system requirements for more information.
Cloud requirements
To copy data to cloud storage, ensure that your IBM Spectrum Protect Plus and cloud environments meet the following requirements.
- Disk cache area
-
For all functions related to data copy and restore operations to and from cloud and archival targets, the vSnap server requires a disk cache area to be present on the vSnap server.
- During copy operations, this cache is used as a temporary staging area for objects that are pending upload to the cloud endpoint.
- During restore operations, the disk cache area is used to cache downloaded objects and to store any temporary data that might be written into the restore volume.
For instructions about sizing and installing the cache, see the IBM Spectrum Protect Plus Blueprints.
- Certificate requirements
-
- Self-signed certificates: If the cloud endpoint or repository server uses a self-signed certificate, you must specify certificate in Privacy Enhanced Mail (PEM) format when you register the cloud or repository server in the IBM Spectrum Protect Plus user interface.
- Certificates signed by private Certificate Authority: If the cloud endpoint or repository
server uses a certificate signed by a private certificate authority (CA), the endpoint certificate
must be specified (in PEM format) when you register the cloud or repository server in the IBM Spectrum Protect
Plus user interface. In addition, you must add the
root or intermediate certificate of the private CA to the system certificate store in each vSnap
server by using the following procedure:
- Log in to the vSnap server console as the
serveradmin
user and upload any private CA certificates (in PEM format) to a temporary location. - Copy each certificate file to the system certificate store directory (/etc/pki/ca
trust/source/anchors/) by running the following
command:
$ sudo cp /tmp/private-ca-cert.pem /etc/pki/ca-trust/source/anchors/
- To incorporate the newly added custom certificate and update the system certificate bundle, run
the following command:
$ sudo update-ca-trust
- Log in to the vSnap server console as the
- Certificates signed by public Certificate Authority: If the cloud endpoint uses a public CA-signed certificate, no special action is required. The vSnap server validates the certificate by using the default system certificate store.
- Network requirements
-
The following ports are used for communication between the vSnap servers and cloud or repository server endpoints.
Table 6. Communication ports when the target is a cloud server or repository server endpoint Port Protocol Initiator Target Description 443 TCP vSnap server Cloud server endpoints Allows the vSnap to communicate with Amazon Simple Storage Service (S3), Microsoft Azure, or IBM Cloud® Object Storage endpoints. 9000 TCP vSnap server Repository server endpoints Allows the vSnap to communicate with IBM Spectrum Protect (repository server) endpoints. Any firewalls or network proxies that perform SSL Interception or Deep Packet Inspection for traffic between the vSnap servers and cloud endpoints might interfere with SSL certificate validation on vSnap servers. This interference can also cause cloud copy job failures. To prevent this interference, the vSnap servers must be exempted from SSL interception and inspection in the firewall or proxy configuration.
- Cloud provider requirements for standard and archive object storage
-
Native life-cycle management is not supported. IBM Spectrum Protect Pluss manages the life-cycle of uploaded objects automatically by using an incremental-forever approach where older objects can still be used by newer snapshots. Automatic or manual expiration of objects outside of IBM Spectrum Protect Plus leads to data corruption.
If the cloud provider uses an SSL certificate that is self-signed or signed by a private certificate authority, see Certificate requirements.
- Amazon S3 cloud requirements
-
- Standard Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket in one of the supported storage tiers must be specified: S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access.
- Archive Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket in one of the supported storage tiers must be specified: S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access. IBM Spectrum Protect Plus directly uploads data files to the Glacier tier. Some small metadata files are stored in the default tier for the bucket. A copy of these metadata files is also placed into the Glacier tier for disaster recovery purposes.
- IBM Cloud Object Storage requirements
-
- Standard Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket must be specified. If the specified bucket has a WORM policy that locks objects for a certain time period, IBM Spectrum Protect Plus automatically detects the configuration and deletes snapshots after the WORM policy removes the lock. The bucket must have the Name Index setting enabled.
- Archive Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket must be specified. If the specified bucket has a WORM policy that locks objects for a certain time period, IBM Spectrum Protect Plus automatically detects the configuration and deletes snapshots after the WORM policy removes the lock. IBM Spectrum Protect Plus creates a single life-cycle management rule on the bucket to migrate data files to the archive tier. The bucket must have the Name Index setting enabled.
- Microsoft Azure requirements
-
- Standard Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing container in a hot or cool storage account must be specified.
- Archive Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing container in a hot or cool storage account must be specified. IBM Spectrum Protect Plus moves files between tiers on demand. Data files are immediately moved to the archive tier and temporarily returned to the hot tier only during restore operations. Some small metadata files are stored in the default tier for the container. A copy of these metadata files is also placed in the archive tier for disaster recovery purposes.
- IBM Spectrum Protect (repository server) requirements
-
- Standard Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, you cannot use an existing bucket. IBM Spectrum Protect Plus creates a uniquely named bucket for its own use.
- Archive Object Storage: When the cloud provider is registered in IBM Spectrum Protect Plus, you cannot use an existing bucket. IBM Spectrum Protect Plus creates a uniquely named bucket for its own use. IBM Spectrum Protect Plus directly uploads data files to IBM Spectrum Protect tape storage. Some small metadata files are stored in IBM Spectrum Protect object storage. A copy of these metadata files is also placed on IIBM Spectrum Protect tape storage for disaster recovery purposes.
Table 7. Copy and archive copy requirements for cloud providers Operation Provider Requirements Copy Amazon S3 An existing bucket must be specified from one of the supported storage tiers. Copy IBM Cloud Object Storage An existing bucket must be specified. The bucket must have the Name Index setting enabled. Copy Microsoft Azure An existing container must be specified from a hot or cool storage tier. Copy IBM Spectrum Protect IBM Spectrum Protect Plus creates its own unique bucket. Archive copy Amazon S3 vSnap server must be able to communicate with IBM Spectrum Protect (repository server) endpoints. Archive copy IBM Cloud Object Storage An existing bucket must be specified from the archive tier. The bucket must have the Name Index
setting enabled.Archive copy Microsoft Azure An existing container must be specified from the hot storage tier and archive tier. Archive copy IBM Spectrum Protect IBM Spectrum Protect Plus creates its own unique bucket to be copied to IBM Spectrum Protect tape. For more information about how to set up and copy data to specific cloud providers, see Data offload to cloud object storage with IBM Spectrum Protect Plus.