Operations Center updates

Learn about new features and updates for the Operations Center in version 8.1.

The following table provides an overview of new features and updates. For more detailed information, see the Operations Center online help.

Release New features and updates
Use multifactor authentication to log in to the Operations Center
Starting with this release, you might be required to use multifactor authentication (MFA) when you log in to the Operations Center. When MFA is required, you must log in by using a one-time passcode in addition to your password. The passcode is valid only for the current session and is generated on a cell phone, or similar trusted device, that only you can access. When you log in to the Operations Center for the first time after the MFA requirement is set, you are prompted to register your administrator ID with an authentication app. An authentication app is a lightweight program that can generate passcodes by using the Time-based One-time Password (TOTP) algorithm. By using the TOTP algorithm, the authentication app generates short-lived passcodes based on the current time and a secret key that was generated for your administrator ID. The secret key is a shared secret between your authentication app and the IBM server. To help you register your administrator ID, the login page of the Operations Center displays a Quick Response (QR) code. If your trusted device has a built-in camera that the authentication app can access, you can scan the QR code to add the shared secret key to your authenticator app. The QR code encodes a TOTP Uniform Resource Identifier (URI), which contains the shared secret key and other information that is needed to configure your authentication app.
Specify Google Coldline or Google Archive cloud storage classes for cloud-container storage pools
A number of different storage classes are available for Google Cloud Storage. These storage classes have different pricing models that are based on how often data is accessed. In previous releases, you could configure cloud-container storage pools to use storage classes for frequent data access. In this release, storage classes for infrequent data access are also supported. These storage classes for infrequent data access are the Google Coldline and Google Archive storage classes. When you use the Add Storage Pool wizard to configure a cloud-container storage pool for Google Cloud Storage, you can now specify these storage classes. For certain types of data, these storage classes might be your most cost-effective option. For more information about these storage classes, see the Google Cloud Storage documentation.
Tip: The Google Coldline and Google Archive storage classes are also available for database backup operations and for cloud retention pools. However, database backup operations and cloud retention pools require a device class that specifies the storage class. You cannot define a device class by using the Operations Center. Instead, you can define a device class by using the DEFINE DEVCLASS command. The device class is then available in the Operations Center for database backup operations and for retention storage pools.
Configure data replication to a single target or to multiple targets by using storage rules
You can use replication storage rules to configure and schedule replication processing. By using replication storage rules, you can configure both single-target and multi-target replication. With multi-target replication, client data is copied from a source server to more than one target server. To configure multi-target replication, define multiple storage rules with the same source replication server, but different target replication servers.

With replication storage rules, storage pool protection is not a separate process. Instead, replication storage rules combine storage pool protection with the replication processing. You do not have to schedule replication and protection separately, as is required if you use the REPLICATE NODE and PROTECT STGPOOL commands.

Copy retention sets to the cloud for long-term storage
In earlier releases, retention sets could be kept in place in primary storage or saved on tape. In this release, retention sets can also be saved in cloud object storage. You can maintain a copy of retention sets on standard cloud storage or archive cloud storage. By copying retention sets to standard cloud storage, you provide an extra layer of protection for the data. By copying retention sets to archive cloud storage, you can meet your long-term data retention requirements while also reducing the amount of data that must be stored on premises. With the retention-to-cloud feature, which is similar to the retention-to-tape feature, retention sets are initially created in place, but are then copied to cloud object storage. After the copy process creates the retention set in the cloud, the original backup objects are kept in primary storage according to backup policies only. Only the retention set data in the cloud is retained until the retention set's expiration date.
Define cloud connections to access cloud storage
Cloud connections were introduced in version 8.1.10 to enable database backup operations to cloud storage. Starting in version 8.1.13, you specify a cloud connection when you define a cloud-container storage pool. Because cloud connections are maintained separately from cloud-container storage pools, you have more flexibility when you work with cloud connections. For example, you can reuse the same connection for two cloud-container storage pools. From the Cloud Connections page in the Operations Center, you can view configuration and status information for all cloud connections. From the Cloud Connections page, you can also create and test cloud connections.
View tasks for all servers in a centralized location
From the new Tasks page of the Operations Center, you can view status information for all active and completed tasks across all IBM Spectrum® Protect servers that are managed by the Operations Center. In earlier releases, you could view the active and completed tasks only for an individual IBM Spectrum Protect server. This information is still available when you are viewing details for a selected server.
Retain data from more types of clients in retention sets
In retention sets, you can now store active backup data from Data Protection for Microsoft Exchange Server and Data Protection for Microsoft SQL Server clients in retention sets. Retention sets, which help you comply with requirements for long-term retention, were introduced in an earlier release. In earlier releases, you could save the active backup data only for backup-archive clients or IBM Spectrum Protect for Virtual Environments virtual machines.
Check in and check out tape volumes
In earlier releases, you could check in a tape volume only by using the CHECKIN LIBVOLUME command, and you could check out a tape volume only by using the CHECKOUT LIBVOLUME command. In this release, you can check in and check out volumes from the Volumes tab of a tape device's details notebook.
Enable read caches for cloud-container storage pools
If a read cache is enabled for a cloud-container storage pool, containers are cached on disk during restore operations. This feature is available only for non-Swift cloud types, and is designed to improve the performance of restore operations. In the Operations Center, you can enable a cloud read cache when you define a cloud-container storage pool by using the Add Storage Pool wizard. You can also enable or disable a cloud read cache from the Properties tab of a cloud-container storage pool's details notebook.
Copy container pools to tape for disaster recovery
You can define a new type of storage rule to regularly back up container storage pools to tape. Tapes can be taken offsite for disaster recovery (DR) preparedness, or kept onsite as a redundant backup that is readily available. Any data compression or deduplication is reversed to create a hydrated copy of the original client data.
Back up data to Google Cloud Storage
You can configure cloud-container storage pools to back up client data and the server database to the Google Cloud Storage service.
View more details about tape libraries
From the details notebook for a tape device, you can now view status and configuration information for the paths and volumes. You can view the availability status of the paths that are defined to a tape library and its drives, and you can bring paths online if necessary. You can view capacity and status information for the volumes that are in use or available for use by a tape library. For improved troubleshooting, you can display messages that were issued about a selected path or volume.
View more details about storage rules
On the Storage Rules page, a new status value shows the storage rules that are currently running. You can also view an explanation of a Warning or Failed status value by hovering over the status value. If that information is not sufficient for you to diagnose and resolve the problem, you can open the storage rule's details notebook. From the details notebook, you can view the recent history for the individual jobs that were run by the storage rule. From the recent history, you can view server messages that were issued about the job.
Update the access mode of tape volumes
From the volumes table for tape-based storage pools, such as retention storage pools or copy storage pools, an Update action is added. By using this action, you can update the access mode of selected volumes.
Track the movement of disaster recovery volumes
You can use the Operations Center to track tape volumes as the volumes are moved between an onsite library and an offsite vault. If data must be restored, you can use this tracking information to locate the volumes. This capability was introduced for retention volumes in version 8.1.10, and is now extended to include volumes in copy storage pools and container-copy storage pools. Also added in this release is the capability to include a database backup with volumes that you send offsite. Sending the most recent database backup offsite helps ensure that data can be restored if your database is lost or damaged.
Exercise greater control when you specify members of a retention rule
When you define the properties of a retention rule or a one-time retention set, you specify the clients whose active backup data is to be collected. Previously, you could specify individual clients or a name pattern to match one or more virtual machines. Beginning with version 8.1.11, you can also specify a name pattern to match multiple clients or file spaces. You can also specify multiple clients by adding a client node group.
Copy retention sets to tape for air-gapped protection
You can copy retention sets to tape and physically isolate the tape volumes from your production systems and network. By securing retention sets with an air gap, you can help to protect the data from malware and physical disasters.
Monitor IBM Spectrum Protect Plus servers
IBM Spectrum Protect Plus is a data protection and availability solution for virtual environments. If your organization uses IBM Spectrum Protect Plus, you can monitor the health of your virtual environment from the Operations Center.
Back up an IBM Spectrum Protect server database to cloud object storage
To back up server database volumes to object storage, define a device class of type CLOUD by using the command-line interface. Then, you can select the device class when you are backing up a server database in the Operations Center.
Track the movement of retention volumes
You can use the Operations Center to track tape volumes that contain retention data as the volumes are moved between an onsite library and an offsite vault. If a retention set must be restored, you can use this tracking information to locate the tape volumes that contain the retention set.
Access message documentation
When a server message is displayed in the Operations Center, you can hover over the message number to display documentation about the message. Depending on the message, this documentation might include a detailed explanation of the message and actions that you can take to resolve errors. This feature is available on Operations Center pages that display server messages, such as the Alerts page and the Active Tasks page.
Preserve data in a retention hold
To preserve data indefinitely, you can define a retention hold. When a retention set is in a retention hold, its data cannot be deleted until the retention set is explicitly released.
Review commands to avoid unwanted results
Configure servers to prevent certain commands from running until they are approved by another administrator. By using this feature, you might grant less-experienced administrators greater authority to complete more tasks, but have more-experienced administrators review their work for unintended consequences. You might also use this feature to create a peer-review process for equally experienced administrators.
Automatically tier data from disk storage to tape storage
You can tier data from directory-container storage pools on disk to both cloud storage and tape storage. In previous releases, you could tier data only to cloud storage.

You can also start a tiering rule outside of its scheduled time and start a tiering rule that is not active.

Copy IBM Spectrum Protect Plus data to tape
You can copy data from IBM Spectrum Protect Plus and store the data on physical tape media or in a virtual tape library (VTL) for long-term data retention and disaster recovery.
Create collections of backup data to meet long-term data retention requirements
You can comply with requirements for the collection, retention, and eventual deletion of data by creating collections of client backup data. These collections, which are called retention sets, are snapshots of the active backup data for one or more clients. You can define retention rules, which are schedules for collecting backup data for specified clients into retention sets. You can also create retention sets on an ad hoc basis. Data is not re-ingested from the client or copied from server storage to create a retention set. Instead, retention sets consist of data that is already in server storage. The data objects that must be retained are tracked in the server inventory and are not deleted until the specified retention period ends.
Copy data from IBM Spectrum Protect Plus
You can use a new client type, called an object client, to copy data from IBM Spectrum Protect Plus. An object client is an application, in this case IBM Spectrum Protect Plus, that accesses the server by making Simple Storage Service (S3) requests to store and retrieve objects. By defining an IBM Spectrum Protect Plus server as an object client, you enable IBM Spectrum Protect Plus to send virtual machine copies directly to an IBM Spectrum Protect server.
Exercise greater control over cloud tiering operations
Exercise greater control when you specify rules for automatically tiering data to cloud storage. Previously, you could tier all data that met an age threshold. Now, you can also choose to tier only inactive data that meets an age threshold. You can also create exceptions to a rule by defining subrules. By defining one or more subrules, you can exercise granular control to keep some data in disk storage for faster retrieval, while tiering other data to the cloud for long-term retention.
Receive security notifications for potential ransomware attacks
After every client backup session, statistics are analyzed for signs of ransomware infection. If signs are present, a warning message is displayed in the Operations Center. You can use the new Security Notifications page to view details for each security notification. This information helps you determine whether the client is infected with ransomware or if the notification is a false positive.
Reclaim space in cloud-container storage pools to help reduce storage costs
Fragmentation occurs in cloud-container storage pools when data is deleted or expired. As a result, a cloud container can have occupied but unused space. You can now specify a threshold for reclaiming that space. When you are selecting a reclamation threshold, you can view the estimated space savings that can be achieved. You can also view the estimated number of requests to move data, and the amount of data to be sent and received. You can use these estimates to decide on a reclamation threshold that is most cost effective based on your cloud provider's storage and data movement charges.
Create custom email reports without writing SQL queries
You can create two types of custom email reports in the Operations Center:
  • Template-based operational overview reports, which provide insight into key storage metrics and do not require SQL expertise
  • SQL-based reports, which can be fully customized to reflect your storage environment
Create schedules to update one or more backup-archive clients
You can automatically download backup-archive client installation packages as they are released. When an update schedule runs, installation files are copied to the client system and the client is updated. You can also use the Operations Center to monitor, cancel, or reschedule updates.
Create storage rules to tier older data to the cloud
You can create tiering storage rules to automatically move data from directory-container storage pools to cloud-container storage pools based on the age of the data. The different types, or tiers, of storage offer different price and performance tradeoffs. You can archive older data in lower performance storage in the cloud, and retain recent data backups on high-performance disk for faster restore operations.
Configure cloud-container storage pools to use Microsoft Azure
You can use the Add Storage Pool wizard to create cloud-container storage pools that use Microsoft Azure, a cloud-based object storage system, to back up data.
Encrypt communication by using Transport Layer Security (TLS) 1.2
The Operations Center provides enhanced security by enforcing the use of Transport Layer Security (TLS) 1.2 encryption for communication between the Operations Center and the hub server.
Move data to container storage pools by using the Convert Storage Pool wizard
Use the Convert Storage Pool wizard to move data from primary storage pools that use the FILE device class, a tape device class, or a virtual tape library to directory-container storage pools or cloud-container storage pools.
Authenticate clients by using an LDAP server
You can choose local or LDAP authentication when you use the Add Client wizard to register clients. You can also view local and LDAP configuration settings for servers.
Configure cloud-container storage pools to use an existing bucket
When you use the Add Storage Pool wizard to create a cloud-container storage pool for the IBM Cloud® Object Storage or Amazon Simple Storage Service (S3) cloud types, you can use an existing bucket or allow the Operations Center to create a bucket. Previously, you could only create a bucket.