File system requirements
Before you register Microsoft Windows file systems with IBM Spectrum® Protect Plus, ensure that your system environment meets the outlined requirements.
To help ensure that backup and restore operations can be run successfully, your system must meet the hardware and software requirements. Use the following requirements as a starting point. For the most current requirements, which might include updates, see technote 304861.
The IBM® file systems backup and restore requirements for IBM Spectrum Protect Plus are as follows.
Configuration
Application versions
| IBM Spectrum Protect Plus | Microsoft Windows Resilient® File System (ReFS) | Microsoft New Technology File System (NTFS) |
| V10.1.6 |  |
|
Restriction: Even if other Microsoft Windows file systems, such as that the allocation table (FAT), are detected during the inventory process, these file systems cannot be added to jobs or protected.
Operating systems
| IBM Spectrum Protect Plus | Microsoft Windows Server 2012 R2* Standard and Datacenter editions | Microsoft Windows Server 2016* Standard and Datacenter editions | Microsoft Windows Server 2019* Standard and Datacenter editions |
| V10.1.6 | |
|
|
| *The base release and later maintenance levels (64-bit kernel) are supported. | |||
IBM Spectrum Protect Plus supports proxy host server running on physical (bare metal) servers, and in a virtualized environment.
Restrictions
The following restrictions apply:
- IBM Spectrum Protect Plus does not protect file system shares or Microsoft cluster volumes.
- Microsoft FAT file systems are not supported.
- IBM Spectrum Protect HSM for Windows stub files are not supported.
- Ensure that your file system setup does not include nested mount points.
- Network shares are not valid alternative locations for restore jobs.
- Inventory jobs must not be scheduled to run at the same time as backup jobs.
Authentication and privileges
Authentication
To register a Windows file system, an IBM Spectrum Protect Plus administration user must register at the client host where the file systems to be protected are located.
Windows file servers can be registered with an Administrator user ID. It is possible to register the file server by using a domain user ID, if that user is the domain administrator or a local user with administrator privileges.
Privileges
The user ID for registering Windows file servers can be set up with one of the following Windows configurations:
- Disable the local system administrator user account with the User Account Control (UAC) security
component.
- Open the Windows System Control Panel > User Account Control Settings
- Move the slider to Never notify.
- Disable the Admin Approval Mode security policy setting for a user who is a member of the local
administrator Group.
- with this user, open the Windows System Local Security Policy
- from the Security Settings menu, choose Local Policies > security options > User account Control: Run all administrators in Admin Approval Mode policy
- disable the User Account Control: Run all administrators
- Ensure that your Local Administrator Group includes policy Log on as Service.
See also User Account Control Group Policy and registry key settings
Group Policy Object
For the Network security: LAN Manager authentication level policy setting at , specify one of the following options:
- Not Defined.
- Send NTLMv2 response only.
- Send NTLMv2 response only. Refuse LM.
- Send NTLMv2 response only. Refuse LM & NTLM.
The Send NTLM response only option is not compatible with the vSnap Common Internet File System (CIFS) and Server Message Block (SMB) version and can cause CIFS authentication problems.
You can specify the Group Policy Object (GPO) setting by navigating to:
Or
Then, choose one of the following options:
- Allow all
- Allow all accounts
Prerequisites and operations
Prerequisites
- Before you start backing up data that is stored on the registered file system, ensure that you have enough free disk space on the backup host and in the vSnap repository.
- If you plan to restore data to an alternative location, allow for extra space. No files are overwritten during the restore process. When files with identical names are found, both copies are retained.
- If the IBM Spectrum Protect Plus file systems agent is running, a self-signed certificate and key are created. You can increase the secure access for protecting file system files with IBM Spectrum Protect Plus by creating a certificate and managing its placement.
Operations
Before you start a backup or restore operation:
- To start protecting the data on an ReFS or NTFS, you must add the host address where the file system is located. You can repeat the procedure to add every host that you want to protect with IBM Spectrum Protect Plus, as described in Adding a file system server.
- Before an IBM Spectrum Protect Plus user can implement backup and restore operations, roles and resource groups must be assigned to the user. Grant users access to backup and restore operations by using the Accounts pane. For instructions, see Managing user access.
- Configure a service level agreement (SLA) policy. For instructions, see Defining a Service Level Agreement backup job.
Review the following information about creating backup and restore jobs:
- During the initial backup, IBM Spectrum Protect Plus creates a new vSnap volume and Common Internet File System (CIFS) share. During incremental backups, the previously created volume is reused. The IBM Spectrum Protect Plus file system agent mounts the share on the server where the backup is to be completed, as described in Backing up file system data.
- In a backup job, you can define exclusion rules to exclude certain drives, directories, or files. These files are not backed up as part of your SLA policy or as part of an ad hoc backup job. When you run a restore job, the exclusion rules mean that the drives, directories, or files that are specified in the exclude rules are not restored to the new copy. For more information, see Exclude rules syntax.
- To restore file system data from the vSnap repository, define a job that restores data from either the newest backup or an earlier backup copy. You can restore data to the original location or to an alternative location. You can also specify other recovery options, as described in Restoring file system data.
- The restore process is not tracked on the IBM Spectrum Protect Plus Jobs and Operations page. Use the File Systems File-Level Restore browser to specify the drives, directories, and files for the job. You can define an alternative location for the restore operation, and monitor the restore job until it completes in the browser.
- Ensure that the IBM Spectrum Protect destination target for your restore job is registered and set up correctly.
- When the restore job completes, you must remove the resource from the Active Resources tab in the Jobs and Operations window. You cannot run another restore job until the active resource is canceled.
Connectivity
Ensure that the following connectivity criteria are in place:
- The network adapter used for the connection must be configured as a client for Microsoft Networks.
- The Microsoft Windows Remote Management (WinRM) service must be running.
- Firewalls must be configured to enable IBM Spectrum Protect Plus to connect to the server by using WinRM.
- Firewalls must be configured to enable the IBM Spectrum Protect Plus File Systems File-Level Restore browser to connect to the restore service.
- The IP address of the client host you register must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server. Windows file systems agent must have a Windows Remote Management service that is listening on port 5985.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus virtual appliance server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
Ports
The following ports are used by IBM Spectrum Protect Plus agents users.
| Port | Protocol | Initiator | Target | Description |
|---|---|---|---|---|
| 5985 | Transmission Control Protocol (TCP) | IBM Spectrum Protect Plus virtual appliance1 | Windows file systems | Provides access to the Microsoft WinRM service for Windows-based servers |
| 5986 | TCP | IBM Spectrum Protect Plus virtual appliance1 | Windows file systems | Provides access to the Microsoft WinRM service for Windows-based servers |
| 9085 | TCP | File Systems File-Level Restore browser | Windows file systems | The File System File-Level Restore browser used during restore operations, connects between that UI and the file server |
| 1 The IBM Spectrum Protect Plus virtual appliance contains the following base components: the IBM Spectrum Protect Plus server, the vSnap server, and a VADP proxy, see Product components. | ||||
| Port | Protocol | Initiator | Target | Description |
|---|---|---|---|---|
| 445 | TCP | Windows file systems | vSnap server | Provides vSnap server CIFS target port that is used for mounting file system shares for transaction log backup and recovery operations |
Hardware
| System | Disk space | Memory |
|---|---|---|
| x86_64 based hardware that is compatible with one of the Windows operating system versions that is listed in the Software section. | 500 MB free disk space that can be used for the backup agent deployment. | 5 GB RAM per 1 million files in the file system that has to be protected. Note: Scalability testing has shown that the module used to scan the file system to identify backup
candidates, consumes more memory than expected. An APAR addresses this limitation.
|