Preventive Service Planning
Abstract
This document details the system requirements for IBM® Spectrum Protect™ Plus V10.1.1.
Content
Ensure that you have the required system configuration and browser to deploy and run IBM Spectrum Protect™ Plus.
This document is divided into linked sections for ease of navigation. You may use the links below to jump to the section of the document you need.
Contents
General
Virtual machine installation
Browser support
IBM storage requirements
Hyper-V requirements
VMware requirements
IBM Spectrum Protect Plus Ports
vSnap requirements
VADP Proxy requirements
VADP Proxy on vSnap server requirements
General
IBM Spectrum Protect Plus support for third-party platforms, applications, services, and hardware parallels that of the third-party vendors. Once a third-party vendor product or version enters extended support, self-serve support, or end-of-life, IBM Spectrum Protect Plus will support it at the same level.
Virtual machine installation
IBM Spectrum Protect Plus is installed as a virtual appliance. Before deploying to the host, ensure you have the following requirements in place:
-
The correct VMware or Microsoft Hyper-V template
-
vSphere 5.5, 6.0, or 6.5 or Microsoft Hyper-V Server 2016
Note: For later versions of vSphere, the vSphere Web Client may be required to deploy IBM Spectrum Protect Plus appliances. -
Network information and VMware host information
-
Either an available static IP address to use or access to DHCP
For initial deployment, configure your virtual appliance to meet the following recommended minimum requirements:
-
64-bit dual core machine
-
32 GB memory
The IBM Spectrum Protect Plus appliance has five virtual disks that total 370 GB of storage.
Use an NTP server to synchronize the time zones across IBM Spectrum Protect Plus resources in your environment, such as the IBM Spectrum Protect Plus appliance, storage arrays, hypervisors and application servers. If the clocks on the various systems are significantly out of sync, you may experience errors during application registration, metadata cataloging, Inventory, Backup, or Restore/File Restore jobs. For more information about identifying and resolving timer drift, see the following VMware knowledge base article: Time in virtual machine drifts due to hardware timer drift
Browser support
Run IBM Spectrum Protect Plus from a computer that has access to the installed virtual appliance.
IBM Spectrum Protect Plus was tested and certified against the following web browsers. Note that newer versions might also be supported.
-
Firefox 55.0.3
-
Google Chrome 60.0.3112
-
Microsoft Edge 40.15063
If your resolution is below 1024 x 768, some items may not fit on the window. Pop-up windows must be enabled in your browser to access the Help system and some IBM Spectrum Protect Plus operations.
IBM storage requirements
-
IBM Spectrum Protect Version 8.1.0 and later
Hyper-V requirements
-
Microsoft Hyper-V Server 2016
-
150 GB+ of drive space if Disk Type is set to Fixed Size during the installation procedure
-
16 GB memory
Backup and restore operations are only supported for virtual hard disks (VHDX), see also Known Issues and Limitations: IBM Spectrum Protect Plus V10.1.1.x
Note as per APAR IT30988 (1/10/20): indicated that shared virtual hard disks (shared VHDX) are not supported. However, beside shared VHDX, also virtual hard disks (VHD) are not supported.
All Hyper-V servers, including cluster nodes, must have the Microsoft iSCSI initiator Service running in their Services list. Set the service to Automatic so that it is available when the machine boots.
Hyper-V servers can be registered using a DNS name or IP address. DNS names must be resolvable by IBM Spectrum Protect Plus. If the Hyper-V server is part of a cluster, all nodes in the cluster must be resolvable via DNS. If DNS is not available, the server must be added to the /etc/hosts file on the IBM Spectrum Protect Plus appliance via command line. If more than one Hyper-V server is set up in a cluster environment, all of the servers must be added to /etc/hosts. When registering the cluster in IBM Spectrum Protect Plus, register the Failover Cluster Manager.
VMware requirements
-
vSphere 5.5 and later
-
vSphere 6.0 and later
-
vSphere 6.5 and later
Ensure the latest version of VMware Tools is installed in your environment. IBM Spectrum Protect Plus was tested against VMware Tools 9.10.0.
Physical RDM (pRDM) LUNs are not supported for virtual machine backup and restore operations that involve VMWare snapshot technology.
In some cases, VMware Backup jobs fail with "failed to mount" errors. To resolve, increase the maximum number of NFS mounts to at least 64 through the NFS.MaxVolumes (vSphere 5.5 and later) and NFS41.MaxVolumes (vSphere 6.0 and later) values, as described in the following procedure: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2239.
IBM Spectrum Protect Plus Ports
The following ports are used by IBM Spectrum Protect Plus and associated services. Note that ports marked as Accept use a secure connection (https/ssl).
Table 1. Incoming Firewall Connections (IBM Spectrum Protect Plus Appliance)
IBM Spectrum Protect Plus | ||||
Port | Protocol | Firewall Rule | Service | Description |
22 | TCP | Accept | OpenSSH 5.3 (protocol 2.0) | Used for troubleshooting IBM Spectrum Protect Plus. |
443 | TCP | Accept | A microservice running a reverse-proxy. | Main entry point for the client connections (ssl) |
5432 | TCP | Blocked | PostgreSQL | SQL RDBMS - Supports job management and some security related data and transactions. |
5671 | TCP, AMQP | Accept | RabbitMQ | Message framework used to manage messages produced and consumed by the VADP proxy and VMware job management workers. Also facilitates job log management. |
5672 | AMQP | Blocked | RabbitMQ | Message framework used to manage messages produced and consumed within the IBM Spectrum Protect Plus appliance. |
8082 | TCP | Blocked | Virgo | Modular Java application server. Serves core functions for IBM Spectrum Protect Plus including the REST APIs. |
8083 | TCP | Blocked | NodeJs | JavaScript server. Provides higher level APIs to the user interface leveraging the REST APIs running in Virgo. |
8090 | TCP | Accept | Administrative Console Framework (ACF) | Extensible framework for system administration functions. Supports plugins that perform operations such as system updates and catalog backup/restore. |
8092 | TCP | Blocked | ACF Plugin EMI | Supports system update, certificate and license management. |
8093 | TCP | Blocked | ACF Plugin Catalog Backup/Recovery | Performs backup and restore of the IBM Spectrum Protect Plus catalog data. |
8761 | TCP | Accept | Discovery Server | Automatically discovers VADP proxies and is used by IBM Spectrum Protect Plus VM backup operations. |
27017 | TCP | Blocked | MongoDB | Persists configuration related documents for IBM Spectrum Protect Plus. |
27018 | TCP | Blocked | MongoDB | Persists recovery meta data documents for IBM Spectrum Protect Plus. |
On Board vSnap | ||||
Port | Protocol | Firewall Rule | Service | Description |
111 | TCP | Accept | RPC Port Bind | Allows clients to discover ports that ONC (Open Network Connectivity) clients require to communicate with ONC serversp (internal). |
2049 | TCP | Accept | NFS | Used for NFS data transfer to/from vSnap (internal) |
3260 | TCP | Accept | iSCSI | Used for iSCSI data transfer to/from vSnap (internal). |
20048 | TCP | Accept | NFS | Used for NFS data transfer to/from vSnap (internal). |
Table 2. Outgoing Firewall Connections (IBM Spectrum Protect Plus Appliance)
Port | Protocol | Service | Description |
22 | TCP | OpenSSH 5.3 (protocol 2.0) | Used for ssh communications to remote servers running guest apps components. |
25 | TCP | SMTP | Email service. |
389 | TCP | LDAP | Active directory services. |
443 | TCP | VMware ESXi Host | ESXi host port for managing operations. |
443 | TCP | VMware vCenter | Client connections to vCenter. |
636 | TCP | LDAP | Active directory services (ssl) |
902 | TCP | VMware NFC service | Network File Copy (NFC) provides a file-type-aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default. |
5985 | TCP | Windows Remote Management (WinRM) | Hyper-V and guest apps client connections. |
8080 | TCP | VADP Proxy | Virtual machine data protection proxy. |
8900 | TCP | vSnap | OVA/Installer version of the intelligent storage framework used as a target for data protection operations. |
Use the following diagram as guidance for understanding the communication paths managed by IBM Spectrum Protect Plus. It can be leveraged to provide assistance for troubleshooting and network configuration for deployment scenarios.
-
The labeled resources within the gray background represent the core services of the IBM Spectrum Protect Plus virtual appliance. The curved lines represent implicit communications.
-
The colors of the various modules represent different types of services as defined by the key in the upper right.
-
The red rectangle represents the network firewall. Services that appear on the red rectangle are indicative of the ports that are open on the firewall.
-
Dashed arrows represent communication among resources and services. The arrow flows TOWARD the listening port. The port numbers that need to be open are indicated by the LISTENING port.
For example, the vSnap service near the bottom of the diagram is represented as being external to the IBM Spectrum Protect Plus virtual appliance. It is listening on port 8900 as well as other ports. As represented by the dashed line, a component within the virtual appliance establishes a communication path by way of a connection to the vSnap service at port 8900.
vSnap requirements
A vSnap server serves as the primary backup destination for IBM Spectrum Protect Plus. In either a VMware or Hyper-V environment, one vSnap server with the name localhost is automatically installed at the time that the IBM Spectrum Protect Plus appliance is initially deployed. In larger backup enterprise environments, additional vSnap servers might be desired.
vSnap server virtual machine installation requirements
Before deploying to the host, ensure you have the following:
-
The correct VMware or Microsoft Hyper-V template
-
vSphere 5.5, 6.0, or 6.5 or Microsoft Hyper-V Server 2016
Note: For later versions of vSphere, the vSphere Web Client might be required to deploy IBM Spectrum Protect Plus IBM Spectrum Protect Plus appliances.
-
Network information and VMware host information
-
Either an available static IP address to use or access to DHCP
For initial deployment, configure your virtual appliance to meet the following recommended minimum requirements:
-
64-bit dual core machine
-
16 GB memory
Note: Memory should be adjusted based on backup capacity for more efficient deduplication. General Rule of thumb is 1GB for every 1TB of backup data.
The vSnap appliance has two virtual disks that total 150 GB storage
vSnap server physical installation requirements
The following Linux operating systems are supported for physical vSnap installations:
-
CentOS Linux7.3.1611 (x86_64)
-
CentOS Linux7.4.1708 (x86_64)
-
RedHat Enterprise Linux 7.3 (x86_64)
-
RedHat Enterprise Linux 7.4 (x86_64)
For initial deployment, configure your physical server to meet the following recommended minimum requirements:
-
64-bit quad core machine
-
32 GB memory
-
8 GB free space in root partition
Note: Memory should be adjusted based on backup capacity for more efficient deduplication. General Rule of thumb is 1GB for every 1TB of backup data.
Optionally, an SSD improves backup and restore performance.
-
To improve backup performance, configure the pool to use one or more log devices backed by SSD. Specify at least two log devices to create a mirrored log for better redundancy.
-
To improve restore performance, configure the pool to use a cache device backed by SSD.
vSnap Ports
The following ports are used by vSnap servers. Note that ports marked as Accept use a secure connection (https/ssl).
Table 3. Incoming vSnap Firewall Connections
Port | Protocol | Firewall Rule | Service | Description |
22 | TCP | Accept | SSH | Used for troubleshooting vSnap. |
111 | TCP | Accept | RPC Port Bind | Allows clients to discover ports that ONC (Open Network Connectivity) clients require to communicate with ONC servers (internal). |
2049 | TCP | Accept | NFS | Used for NFS data transfer to/from vSnap (internal). |
3260 | TCP | Accept | iSCSI | Used for iSCSI data transfer to/from vSnap (internal). |
20048 | TCP | Accept | NFS | Used for NFS data transfer to/from vSnap (internal). |
VADP Proxy requirements
In IBM Spectrum Protect Plus, running virtual machine backup jobs through VADP can be taxing on system resources. By creating VADP backup job proxies, you enable load sharing and load balancing for your IBM Spectrum Protect Plus backup jobs. If proxies exist, the entire processing load is shifted off the IBM Spectrum Protect Plus appliance and onto the proxies.
This feature has been tested only for SUSE Linux Enterprise Server and Red Hat environments. It is supported only in 64-bit quad core configurations with a minimum kernel of 2.6.32.
VADP Proxies support the following VMware transport modes: File, SAN, HotAdd, NBDSSL, and NBD. For more information about VMware transport modes, see the following VMware article:https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vddk.pg.doc%2FvddkDataStruct.5.5.html.
This feature is supported only in 64-bit quad core configurations in the following Linux environments:
-
CentOS Linux 6.5+ (beginning with 10.1.1 patch 1)
-
CentOS Linux 7.0+ (beginning with 10.1.1 patch 1)
-
Red Hat Enterprise Linux 6, Fix pack 4 or later
-
Red Hat Enterprise Linux 7, all updates are supported
-
SUSE Linux Enterprise Server 12, all updates are supported
The proxy must have the ability to mount NFS file systems, which in many cases requires an NFS client package to be installed. The exact package details vary based on the distribution, but are required for VADP proxy usage.
A minimum of 8 GB of RAM is required (16 GB recommended), along with 60 GB of disk space.
Each proxy must have a fully qualified domain name and must be able to resolve and reach vCenter.
vSnap servers must be reachable from the proxy. If a firewall is active on the proxy, the following ports on the vSnap server must be reachable (both TCP and UDP): 111, 2049, and 20048.
Port 8080 on the VADP proxy server must be open when the proxy server firewall is enabled. If the port is not open, VADP Backups will run on local vmdkbackup instead of the VADP proxy server.
VADP Proxy Ports
The following ports are used by VADP proxies. Note that ports marked as Accept use a secure connection (https/ssl).
Table 4. Incoming VADP Proxy Firewall Connections
Port | Protocol | Firewall Rule | Service | Description |
22 | TCP | Accept | SSH | Port 22 is used to push the VADP Proxy to the host node. |
8080 | TCP | Accept | VADP | VADP REST APIs |
Table 5. Outgoing VADP Proxy Firewall Connections
Port | Protocol | Service | Description |
111 | TCP | vSnap RPC Port Bind | Allows clients to discover ports that Open Network Connectivity (ONC) clients require to communicate with ONC servers. |
443 | TCP | VMware ESXi Host/vCenter | Client connections to vCenter. |
902 | TCP | VMware ESXi Host | Network File Copy (NFC) provides a file-type-aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default. |
2049 | TCP | vSnap NFS | Used for NFS file sharing via vSnap. |
5671 | TCP | RabbitMQ | Message framework used to manage messages produced and consumed by the VADP proxy and VMware job management workers. Also facilitates job log. |
8761 | TCP | Discovery Server | Automatically discovers VADP proxies and is used by IBM Spectrum Protect Plus VM backup operations. |
20048 | TCP | vSnap mountd | Mounts vSnap file systems on clients such as the VADP proxy, application servers, and virtualization data stores. |
Note: VADP Proxies can be pushed and installed to Linux-based servers over SSH port 22.
VADP Proxy on vSnap server requirements
VADP proxies can be installed on vSnap servers in your IBM Spectrum Protect Plus environment. A combination VADP proxy/vSnap server must meet the minimum requirements of both devices. Consult the system requirements of both devices and add the core and RAM requirements together to identify the minimum requirements of the combination VADP proxy/vSnap server.
Ensure your combination VADP proxy/vSnap server meets the following recommended minimum requirements, which is the sum of the requirements for each device.
VADP proxy installed on a virtual vSnap server:
-
64-bit 8-core processor
-
32 GB RAM
VADP proxy installed on a physical vSnap server:
-
64-bit 8-core processor
-
48 GB RAM
All required VADP proxy and vSnap server ports must be open on the combination VADP proxy/vSnap server. Review the VADP proxy and vSnap Ports sections of the system requirements for more information.
Related Information
Was this topic helpful?
Document Information
Modified date:
10 January 2020
UID
swg22012741