Preventive Service Planning
Abstract
This document details the file indexing and restore requirements for IBM Spectrum Protect Plus V10.1.5.
Content
This document is divided into linked sections for ease of navigation. Use the following links to jump to the section of the document that you require:
General
-
iSCSI disks that are directly mapped to the guest operating system will not be indexed. Supported volumes include virtual machine disk (VMDK) or virtual machine disk (VMDK) volumes that are mounted through the configuration of the associated virtual machine.
-
The amount of free space required for the metadata in the catalog depends on the total number of files in the environment. To catalog 1 million files, the catalog volume in the IBM Spectrum Protect Plus appliance requires roughly 350 MB of free space per retained version. The space used by file indexing metadata is reclaimed when the corresponding backup instances expire.
VMware requirements
In the virtual machine settings under Advanced Configuration, the disk.EnableUUID
parameter must be set to true.
Windows requirements
Supported operating systems |
|
---|---|
Supported file systems |
|
Supported disk storage types | Basic disks with the following partitions:
|
- IBM Spectrum Protect Plus supports only the operating systems that are to your hypervisors. Review your hypervisor documentation for information about supported operating systems.
- File indexing and restore operations support SCSI disks in a Hyper-V environment. Integrated Drive Electronics (IDE) disks are not supported. Generation 1 virtual machines require IDE boot disks; however, if more SCSI disks are available, file indexing and restore operations are supported on those disks.
- Windows Remote Shell (WinRM) must be enabled.
Important: IBM Spectrum Protect Plus can protect and restore virtual machines with other file systems, but only the previously listed file systems are eligible for file indexing and restore. - When files are indexed in a Windows environment, the following directories on the resource are skipped:
\Program Files
\Program Files (x86)
\Windows
\winnt
Files within these directories are not added to the IBM Spectrum Protect Plus inventory and are not available for file recovery. - Ensure that the latest version of VMware Tools is installed on VMware virtual machines, and Hyper-V Integration Services is installed on your Hyper-V virtual machines.
- File indexing and file restore of a Windows VM require that the Windows Powershell binary path is set in the %PATH% environment variable.
- Encrypted Windows file systems are not supported for file cataloging or file restore.
- Ensure that the 64-bit Microsoft Visual C++ 2008 SP1 Redistributable Package is installed on the VM guest machine, before you start restore operation from a backup image.
- File indexing and file restore are not supported from restore points that were offloaded to cloud resources or repository servers.
- When restoring files in a Resilient File System (ReFS) environment, restores from newer versions of Windows Server to earlier versions are not supported. For example, restoring a file from Windows Server 2016 to Windows Server 2012.
- File cataloging, backup, point-in-time restores, and other operations that start the Windows agent fail if a non-default local administrator is entered as the Guest OS username when defining a backup job. A non-default local administrator is any user that has been created in the guest OS and has been granted the administrator role.
This occurs if the registry keyLocalAccountTokenFilterPolicy
in[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
is set to 0 or not set. If the parameter is set to 0 or not set, a local non-default administrator cannot interact with WinRM, which is the protocol IBM Spectrum Protect Plus uses to install the Windows agent for file cataloging, send commands to this agent, and get results from it.
Set theLocalAccountTokenFilterPolicy
registry key to 1 on the Windows guest that is being backed up with Catalog File Metadata enabled. If the key does not exist, navigate to[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
and add a DWord Registry key namedLocalAccountTokenFilterPolicy
with a value of 1.
Space requirements
- The
C:\
drive must have sufficient temporary space to save the file indexing results. - When file systems are indexed, temporary metadata files are generated under the
/tmp
directory and are deleted when the indexing is complete. The amount of free space required for the metadata depends on the total number of files in the system. Ensure that there is approximately 350 MB of free space per 1 million files.
Connectivity requirements
- The hostname of the IBM Spectrum Protect Plus appliance should be resolvable from the Windows virtual machine.
- The Internet Protocol (IP) address of the virtual machine selected for indexing must be visible to the vSphere client or Hyper-V Manager.
- The Windows virtual machine selected for indexing must allow outgoing connections to port 22 (SSH) on the IBM Spectrum Protect Plus appliance.
- All firewalls must be configured to allow IBM Spectrum Protect Plus to connect to the server through WinRM.
Authentication and privilege requirements
The credentials specified for the virtual machine must include a user with the following privileges:
- The user identity must have the "Log on as a service" right, which is assigned through the Administrative Tools control panel on the local server (
Local Security Policy > Local policies > User Rights Assignment > Log on as a service
).
For more information about the "Log on as a service" right, see Add the Log on as a service Right to an Account - The default security policy uses the Windows NTLM protocol, and the user identity follows the default
domain\Name
format if the Hyper-V virtual machine is attached to a domain. The formatlocal administrator
is used if the user is a local administrator. Credentials must be established for the associated virtual machine through theGuest OS user name
andGuest OS password
option within the associated backup job definition. - The system login credential must have the permissions of the local administrator.
Kerberos requirements
- Kerberos-based authentication can be enabled through a configuration file on the IBM Spectrum Protect Plus appliance. This setting overrides the default Windows NTLM protocol. Kerberos does not allow local user accounts to be used and is suitable only for environments in which all virtual machines are on a single domain.
- For Kerberos-based authentication only, the user identity must be specified in the
username@FQDN
format. The specified user must be able to authenticate by using the registered password to obtain a ticket-granting ticket (TGT) from the key distribution center (KDC) on the domain specified by the fully qualified domain name. - Kerberos authentication also requires that the clock skew between the Domain Controller and the IBM Spectrum Protect Plus appliance is less than 5 minutes. The default Windows NTLM protocol is not time-dependent.
Linux requirements
Supported operating systems |
|
---|---|
Supported file systems |
|
-
A file system created on a newer kernel version might not be mountable on a system with an older kernel, in which case restoring files from the newer to the older system is not supported.
-
IBM Spectrum Protect Plus supports only the operating systems available to your hypervisors. Review your hypervisor documentation for information about supported operating systems.
IBM Spectrum Protect Plus can protect and restore virtual machines with other file systems, but only the previously listed file systems are eligible for file indexing and restore operations. -
When file indexing is performed in a Linux environment, the following directories on the resource are skipped:
/tmp
/usr/bin
/Drivers
/bin
/sbin - Files in virtual file systems like
/proc
,/sys
, and/dev
are also skipped. Files within these directories are not added to the IBM Spectrum Protect Plus inventory and are not available for file recovery.
Space requirements
- The system disk must have sufficient temporary space to save the file indexing results.
- When file systems are indexed, temporary metadata files are generated under the
/tmp
directory and then deleted when the indexing is complete. The amount of free space required for the metadata depends on the total number of files in the system. Ensure that there is approximately 350 MB of free space is available per 1 million files.
Software requirements
- Red Hat Enterprise Linux / CentOS 6.x only:
Ensure that theutil-linux-ng
package is current by running the following command:
yum update util-linux-ng
- Depending on your version or distribution, the package might be named
util-linux
. - If data resides on LVM volumes, ensure that the LVM version is 2.0.2.118 or later.
Run thelvm version
command to check the version and run theyum update lvm2
to update the package if necessary. - If data resides on LVM volumes, the lvm2-lvmetad service must be disabled, as it can interfere with the ability of IBM Spectrum Protect Plus to mount and resignature volume group
snapshots and clones
. To disable the service, complete the following steps:- Run the following commands:
systemctl stop lvm2-lvmetad
systemctl disable lvm2-lvmetad
- Edit the
/etc/lvm/lvm.conf
and specify the following setting:use_lvmetad = 0
For more information, see The Metadata Daemon (lvmetad)
- Run the following commands:
- If data resides on XFS file systems and the version of xfsprogs is between 3.2.0 and 4.1.9, the file restore operation can fail due to a known issue in xfsprogs that causes corruption of a clone or snapshot file system when its UUID is modified. To resolve this issue, update xfsprogs to version 4.2.0 or later. For more information, see Debian Bug report logs
Connectivity requirements
The SSH service must be running on port 22 on the server, and any firewalls must be configured to allow IBM Spectrum Protect Plus to connect to the server through Secure Shell (SHH). The secure file transfer protocol (SFTP) subsystem for SSH must also be enabled.
Authentication and privilege requirements
The credentials specified for the virtual machine must specify a user that has the following sudo privileges:
- The
sudoers
configuration must allow the user to run commands without a password. - The
!requiretty
setting must be specified.
The recommended approach is to create a dedicated IBM Spectrum Protect Plus agent user with the following privileges. Sample configuration:
- Create user by using the command:
useradd -m sppagent
Wheresppagent
specifies the IBM Spectrum Protect Plus agent user - Set a password by using the command:
passwd <sppagent>
Place the following lines at the end of your sudoers
configuration file, typically: /etc/sudoers
.
If your existing sudoers
file is configured to import configurations from another directory (for example: /etc/sudoers.d
), you can also place the lines in a new file in that directory:
Defaults: sppagent !requiretty
sppagent ALL=(root) NOPASSWD:ALL
Related Information
Was this topic helpful?
Document Information
Modified date:
24 November 2020
UID
ibm11071902