Preventive Service Planning
Abstract
This document details the file indexing and restore requirements for IBM Spectrum Protect Plus Version 10.1.6.
Content
This document is divided into linked sections for ease of navigation. Use the following links to jump to the section of the document that you require:
General
- For hypervisor operations, IBM Spectrum Protect Plus supports only the operating systems that are available to your hypervisors. For information about supported operating systems, review the hypervisor documentation.
- IBM Spectrum Protect Plus can protect and restore virtual machines (VMs) with file systems that are not listed in this documentation, but only the listed file systems are eligible for file indexing and restore operations.
- Internet Small Computer Interface (iSCSI) disks that are directly mapped to the guest operating system will not be indexed. Supported volumes include virtual machine disk (VMDK) volumes that are mounted as specified by the configuration of the associated VM.
- The amount of free space that is required for the metadata in the catalog depends on the total number of files in the environment. To catalog 1 million files, the catalog volume in the IBM Spectrum Protect Plus virtual appliance requires roughly 350 MB of free space per retained version. The space used by file indexing metadata is reclaimed when the corresponding backup instances expire.
- File indexing and file restore are not supported from restore points that were copied to cloud resources or repository servers.
- A file can be restored to an alternate location only if credentials were established for the alternate virtual machine through the Guest OS Username/Password option in the backup job definition.
VMware requirements
- Ensure that the most recent version of VMware Tools is installed on VMware VMs.
- In the VM settings under Advanced Configuration, the
disk.EnableUUID
parameter must be set to true.
Hyper-V requirements
- Ensure that the most recent version Hyper-V Integration Services is installed on your Hyper-V VMs.
- File indexing and restore operations support Small Computer System Interface (SCSI) disks in a Hyper-V environment:
- Only volumes on SCSI disks are eligible for file cataloging and file restore.
- Integrated Drive Electronics (IDE) disks are not supported.
Windows requirements
IBM Spectrum Protect Plus | Windows Server 2008 R2* Standard and Datacenter editions | Windows Server 2012 R2 and Windows Server 2012R2 core* Standard and Datacenter editions | Windows Server 2016 and Windows Server 2016 core* Standard and Datacenter editions | Windows Server 2019 and Windows Server 2019 core* Standard and Datacenter editions |
V10.1.0 | ![]() | ![]() | ![]() | -- |
V10.1.1 | ![]() | ![]() | ![]() | -- |
V10.1.2 | ![]() | ![]() | ![]() | -- |
V10.1.3 | ![]() | ![]() | ![]() | ![]() (Windows Server 2019 core only) |
V10.1.4 | ![]() | ![]() | ![]() | ![]() |
V10.1.5 | ![]() | ![]() | ![]() | ![]() |
V10.1.6 | ![]() | ![]() | ![]() | ![]() |
* The base release and later maintenance levels are supported.
Supported file systems |
|
Supported disk storage types | Basic disks with the following partitions:
|
Restrictions
- Windows Remote Shell (WinRM) must be enabled.
- Important: IBM Spectrum Protect Plus can protect and restore VMs with file systems that are not listed in this document, but only the listed file systems are eligible for file indexing and restore.
- When files are indexed in a Windows environment, the following directories on the resource are skipped:
\Program Files
\Program Files (x86)
\Windows
\winnt
Files within these directories are not added to the IBM Spectrum Protect Plus inventory and are not available for file recovery. - File indexing and file restore of a Windows VM require that the Windows PowerShell binary path is set in the %PATH% environment variable.
- Encrypted Windows file systems are not supported for file cataloging or file restore.
- Ensure that the 64-bit Microsoft Visual C++ 2008 SP1 Redistributable Package is installed on the VM guest machine, before you start restore operation from a backup image.
- When restoring files in a Resilient File System (ReFS) environment, restore jobs from newer versions of Windows Server to earlier versions are not supported. For example, you can not restore a file from Windows Server 2016 to Windows Server 2012.
- File cataloging, backup, point-in-time restores, and other operations that start the Windows agent fail if a non-default local administrator is entered as the Guest OS username when defining a backup job. A non-default local administrator is any user that is created in the guest OS and is granted the administrator role.
This failure occurs if the registry keyLocalAccountTokenFilterPolicy
in[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
is set to 0 or not set. If the parameter is set to 0 or not set, a local non-default administrator cannot interact with WinRM, which is the protocol that IBM Spectrum Protect Plus uses to install the Windows agent for file cataloging, send commands to this agent, and get results from it.
Set theLocalAccountTokenFilterPolicy
registry key to 1 on the Windows guest that is being backed up with catalog file metadata enabled. If the key does not exist, navigate to[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
and add a DWord Registry key namedLocalAccountTokenFilterPolicy
with a value of 1.
Space requirements
- The
C:\
drive must have sufficient temporary space to save the file indexing results. - When file systems are indexed, temporary metadata files are generated under the
/tmp
directory and are deleted when the indexing is complete. The amount of free space required for the metadata depends on the total number of files in the system. Ensure that approximately 350 MB of free space is available per 1 million files.
Connectivity requirements
- The hostname of the IBM Spectrum Protect Plus virtual appliance should be resolvable from the Windows VM.
- The Internet Protocol (IP) address of the VM that is selected for indexing must be visible to the vSphere client or Hyper-V Manager.
- The Windows VM that is selected for indexing must support outgoing connections to port 22, which uses the Secure Shell (SSH) protocol, on the IBM Spectrum Protect Plus virtual appliance.
- The Microsoft ® Windows Remote Management (WinRM) service must be running.
- Firewalls must be configured to enable IBM Spectrum Protect Plus to connect to the server by using WinRM.
-
The IP address of the machine that you register must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server. Both servers must have a WinRM service that is listening on port 5985.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment can be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus virtual appliance server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
Authentication and privilege requirements
The credentials that are specified for a VM must include a user with the following privileges:
- The user identity must have the "Log on as a service" right, which is assigned through the Administrative Tools control panel on the local server (
Local Security Policy > Local policies > User Rights Assignment > Log on as a service
).
For more information about the "Log on as a service" right, see Add the Log on as a service Right to an Account - The default security policy uses the Windows Challenge/Response (NTLM) protocol, and the user identity follows the default
domain\Name
format if the Hyper-V VM is attached to a domain. The formatlocal administrator
is used if the user is a local administrator. Credentials must be established for the associated VM by using theGuest OS user name
andGuest OS password
option within the associated backup job definition. - The system login credentials must have the permissions of the local administrator.
Kerberos requirements
- Kerberos-based authentication can be enabled through a configuration file on the IBM Spectrum Protect Plus virtual appliance. This setting overrides the default Windows NTLM protocol. Kerberos does not support the use of local user accounts and is suitable only for environments in which all VMs are on a single domain.
- For Kerberos-based authentication only, the user identity must be specified in the
username@FQDN
format. The specified user must be able to authenticate by using the registered password to obtain a ticket-granting ticket (TGT) from the key distribution center (KDC) on the domain that is specified by the fully qualified domain name. - Kerberos authentication also requires that the clock skew between the domain controller and the IBM Spectrum Protect Plus virtual appliance is less than 5 minutes. The default Windows NTLM protocol is not time-dependent.
Group Policy Object requirements
You can specify the Group Policy Object (GPO) setting by navigating to:
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Incoming NTLM
traffic.
Or
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLM
traffic.
and choose one of the following options:
Allow all
Allow all accounts
Linux requirements
IBM Spectrum Protect Plus | RHEL 6.4* | RHEL 7.0* | RHEL 8.0* | CentOS 6.4* | CentOS 7.0* | CentOS 8.0* | SLES 12.0* | SLES 15.0* |
V10.1.0 | ![]() | ![]() | -- | ![]() | ![]() | -- | ![]() | -- |
V10.1.1 | ![]() | ![]() | -- | ![]() | ![]() | -- | ![]() | -- |
V10.1.2 | ![]() | ![]() | -- | ![]() | ![]() | -- | ![]() | -- |
V10.1.3 | ![]() | ![]() | -- | ![]() | ![]() | -- | ![]() | -- |
V10.1.4 | ![]() | ![]() | -- | ![]() | ![]() | -- | ![]() | -- |
V10.1.5 | ![]() | ![]() | -- | ![]() | ![]() | -- | ![]() | -- |
V10.1.6 | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() |
Table 4. Coverage matrix for supported file systems
Supported file systems |
|
Restrictions
- A file system that was created on a newer kernel version might not be mountable on a system with a previous kernel version. In this case, restoring files from the newer to the previus system is not supported.
- When files are indexed in a Linux environment, the following directories on the resource are skipped:
/tmp
/usr/bin
/Drivers
/bin
/sbin - Files in virtual file systems like
/proc
,/sys
, and/dev
are also skipped. Files within these directories are not added to the IBM Spectrum Protect Plus inventory and are not available for file recovery.
Space requirements
- The system disk must have sufficient temporary space to save the file indexing results.
- When file systems are indexed, temporary metadata files are generated under the
/tmp
directory and are then deleted when the indexing is complete. The amount of free space required for the metadata depends on the total number of files in the system. Ensure that approximately 350 MB of free space is available per 1 million files.
Software requirements
- The bash and sudo packages must be installed. Sudo must be at version 1.7.6p2 or later. Run
sudo -V
to check the version.
Tip: The required bash and sudo packages are included in the supported Linux 86_64 operating systems. - Ensure that the supported version of Linux x86_64 is installed.
- The International Components for Unicode (libicu) rpm-package that corresponds to the operating system must be installed.
- In a Linux environment, ensure that the Linux utility package
util-linux-ng
orutil-linux
package is current. - Ensure that the effective file size ulimit -f value for the IBM Spectrum Protect Plus agent user and the IBM Db2 instance user, is set to unlimited. Alternatively, set the value to a sufficiently high value to allow copying of the largest database files in your backup and restore jobs. If you change the ulimit setting, restart the Db2 instance to finalize the configuration.
- Red Hat Enterprise Linux and CentOS 6 users:
Ensure that theutil-linux-ng
package is current by running the following command:yum update util-linux-ng
util-linux
. - If data resides on Logical Volume manager (LVM) volumes, ensure that the LVM version is 2.0.2.118 or later.
Run thelvm version
command to check the version and run theyum update lvm2
to update the package if necessary. - If data resides on LVM volumes, the lvm2-lvmetad service must be disabled, as it can interfere with the ability of IBM Spectrum Protect Plus to mount and resignature volume group
snapshots and clones
. To disable the service, complete the following steps:- Run the following commands:
systemctl stop lvm2-lvmetad systemctl disable lvm2-lvmetad
- Edit the
/etc/lvm/lvm.conf
file and specify the following setting:use_lvmetad = 0
- Run the following commands:
- If data resides on XFS file systems and the version of the xfsprogs package is between 3.2.0 and 4.1.9, the file restore operation can fail due to a known issue in xfsprogs that causes corruption of a clone or snapshot file system when its Universally Unique Identifier (UUID) is modified. To resolve this issue, update xfsprogs to version 4.2.0 or later. For more information, see Debian Bug report logs
Connectivity requirements
- The secure file transfer protocol (SFTP) subsystem for SSH is enabled.
- The SSH service is running on port 22 on the proxy host server.
- Firewalls are configured to allow IBM Spectrum Protect Plus to connect to the proxy host server by using SSH.
- IBM Spectrum Protect Plus uses the Network File System (NFS) to mount storage volumes for backup and restore operations. On Linux, ensure that the native Linux NFS client is installed.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment can be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus virtual appliance server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
- If DNS is not available, you must add the server to the
/etc/hosts
file on the IBM Spectrum Protect Plus virtual appliance by using the command line.
Authentication and privilege requirements
IBM Spectrum Protect Plus requires root privileges by using sudo for various tasks such as discovering storage layouts, mounting and unmounting disks, and managing databases. The credentials for the VM must specify a user with the following sudo privileges:
- The
sudoers
configuration must allow the user to run commands without a password. - The
!requiretty
setting must be specified.
The recommended approach is to create a dedicated IBM Spectrum Protect Plus agent user with the privileges that are shown in the sample configuration:
- Create the user by using the command:
useradd -m sppagent
sppagent
specifies the IBM Spectrum Protect Plus agent user. - Set a password by using the command:
passwd sppagent_password
- To enable superuser privileges for the agent user, set the
!requiretty
setting. At the end of the/etc/sudoers
configuration file, add the following lines:Defaults: sppagent !requiretty sppagent ALL=(root) NOPASSWD:ALL
sudoers
file is configured to import configurations from another directory, for example/etc/sudoers.d
, you can add the lines in the appropriate file in that directory.
Related Information
Was this topic helpful?
Document Information
Modified date:
24 November 2020
UID
ibm12487591