- Use multifactor authentication to log in to the Operations Center
- Starting with this release, you might be required to use multifactor authentication (MFA) when
you log in to the Operations Center. When MFA is required, you
must log in by using a one-time passcode in addition to your password. The passcode is valid only
for the current session and is generated on a cell phone, or similar trusted device, that only you
can access. When you log in to the Operations Center for the
first time after the MFA requirement is set, you are prompted to register your administrator ID with
an authentication app. An authentication app is a lightweight program that can generate passcodes by
using the Time-based One-time Password (TOTP) algorithm. By using the TOTP algorithm, the
authentication app generates short-lived passcodes based on the current time and a secret key that
was generated for your administrator ID. The secret key is a shared secret between your
authentication app and the IBM server. To help you register your administrator ID, the login page of
the Operations Center displays a Quick Response (QR) code. If
your trusted device has a built-in camera that the authentication app can access, you can scan the
QR code to add the shared secret key to your authenticator app. The QR code encodes a TOTP Uniform
Resource Identifier (URI), which contains the shared secret key and other information that is needed
to configure your authentication app.
- Specify Google Coldline or Google Archive cloud storage classes for cloud-container storage
- A number of different storage classes are available for Google Cloud Storage. These storage
classes have different pricing models that are based on how often data is accessed. In previous
releases, you could configure cloud-container storage pools to use storage classes for frequent data
access. In this release, storage classes for infrequent data access are also supported. These
storage classes for infrequent data access are the Google Coldline and Google Archive storage
classes. When you use the Add Storage Pool wizard to configure a cloud-container storage pool for
Google Cloud Storage, you can now specify these storage classes. For certain types of data, these
storage classes might be your most cost-effective option. For more information about these storage
classes, see the Google Cloud Storage documentation.
Tip: The Google Coldline and Google
Archive storage classes are also available for database backup operations and for cloud retention
pools. However, database backup operations and cloud retention pools require a device class that
specifies the storage class. You cannot define a device class by using the Operations Center. Instead, you can define a device class by using the
DEFINE DEVCLASS command. The device class is then available in the Operations Center for database backup operations and for retention
- Configure data replication to a single target or to multiple targets by using storage rules
- You can use replication storage rules to configure and schedule replication
processing. By using replication storage rules, you can configure both single-target and
multi-target replication. With multi-target replication, client data is copied from a
source server to more than one target server. To configure multi-target replication, define multiple
storage rules with the same source replication server, but different target replication servers.
With replication storage rules, storage pool protection is not a separate process. Instead,
replication storage rules combine storage pool protection with the replication processing. You do
not have to schedule replication and protection separately, as is required if you use the
REPLICATE NODE and PROTECT STGPOOL commands.
- Copy retention sets to the cloud for long-term storage
- In earlier releases, retention sets could be kept in place in primary storage or saved on tape.
In this release, retention sets can also be saved in cloud object storage. You can maintain a copy
of retention sets on standard cloud storage or archive cloud storage. By copying retention sets to
standard cloud storage, you provide an extra layer of protection for the data. By copying retention
sets to archive cloud storage, you can meet your long-term data retention requirements while also
reducing the amount of data that must be stored on premises. With the retention-to-cloud feature,
which is similar to the retention-to-tape feature, retention sets are initially created in place,
but are then copied to cloud object storage. After the copy process creates the retention set in the
cloud, the original backup objects are kept in primary storage according to backup policies only.
Only the retention set data in the cloud is retained until the retention set's expiration date.
- Define cloud connections to access cloud storage
- Cloud connections were introduced in version 8.1.10 to enable database backup operations to
cloud storage. Starting in version 8.1.13, you specify a cloud connection when you define a
cloud-container storage pool. Because cloud connections are maintained separately from
cloud-container storage pools, you have more flexibility when you work with cloud connections. For
example, you can reuse the same connection for two cloud-container storage pools. From the
Cloud Connections page in the Operations Center, you can view configuration and status information
for all cloud connections. From the Cloud Connections page, you can also create
and test cloud connections.
- View tasks for all servers in a centralized location
- From the new Tasks page of the Operations Center, you can view status
information for all active and completed tasks across all IBM Spectrum® Protect servers that are managed by the Operations Center.
In earlier releases, you could view the active and completed tasks only for an individual IBM Spectrum Protect server. This information is still available when
you are viewing details for a selected server.
- Retain data from more types of clients in retention sets
- In retention sets, you can now store active backup data from Data Protection for Microsoft Exchange Server and Data Protection for Microsoft SQL Server clients in retention sets. Retention
sets, which help you comply with requirements for long-term retention, were introduced in an earlier
release. In earlier releases, you could save the active backup data only for backup-archive clients
or IBM Spectrum Protect for Virtual Environments virtual machines.
- Check in and check out tape volumes
- In earlier releases, you could check in a tape volume only by using the CHECKIN
LIBVOLUME command, and you could check out a tape volume only by using the
CHECKOUT LIBVOLUME command. In this release, you can check in and check out
volumes from the Volumes tab of a tape device's details notebook.
- Enable read caches for cloud-container storage pools
- If a read cache is enabled for a cloud-container storage pool, containers are cached on disk
during restore operations. This feature is available only for non-Swift cloud types, and is designed
to improve the performance of restore operations. In the Operations Center, you can enable a cloud
read cache when you define a cloud-container storage pool by using the Add Storage Pool wizard. You
can also enable or disable a cloud read cache from the Properties tab of a cloud-container storage
pool's details notebook.
- Copy container pools to tape for disaster recovery
- You can define a new type of storage rule to regularly back up container storage pools to tape.
Tapes can be taken offsite for disaster recovery (DR) preparedness, or kept onsite as a redundant
backup that is readily available. Any data compression or deduplication is reversed to create a
hydrated copy of the original client data.
- Back up data to Google Cloud Storage
- You can configure cloud-container storage pools to back up client data and the server database
to the Google Cloud Storage service.
- View more details about tape libraries
- From the details notebook for a tape device, you can now view status and configuration
information for the paths and volumes. You can view the availability status of the paths that are
defined to a tape library and its drives, and you can bring paths online if necessary. You can view
capacity and status information for the volumes that are in use or available for use by a tape
library. For improved troubleshooting, you can display messages that were issued about a selected
path or volume.
- View more details about storage rules
- On the Storage Rules page, a new status value shows the storage rules that
are currently running. You can also view an explanation of a Warning or Failed status value by
hovering over the status value. If that information is not sufficient for you to diagnose and
resolve the problem, you can open the storage rule's details notebook. From the details notebook,
you can view the recent history for the individual jobs that were run by the storage rule. From the
recent history, you can view server messages that were issued about the job.
- Update the access mode of tape volumes
- From the volumes table for tape-based storage pools, such as retention storage pools or copy
storage pools, an Update action is added. By using this action, you can
update the access mode of selected volumes.
- Track the movement of disaster recovery volumes
- You can use the Operations Center to track tape volumes as
the volumes are moved between an onsite library and an offsite vault. If data must be restored, you
can use this tracking information to locate the volumes. This capability was introduced for
retention volumes in version 8.1.10, and is now extended to include volumes in copy storage pools
and container-copy storage pools. Also added in this release is the capability to include a database
backup with volumes that you send offsite. Sending the most recent database backup offsite helps
ensure that data can be restored if your database is lost or damaged.
- Exercise greater control when you specify members of a retention rule
- When you define the properties of a retention rule or a one-time retention set, you specify the
clients whose active backup data is to be collected. Previously, you could specify individual
clients or a name pattern to match one or more virtual machines. Beginning with version 8.1.11, you
can also specify a name pattern to match multiple clients or file spaces. You can also specify
multiple clients by adding a client node group.
- Copy retention sets to tape for air-gapped protection
- You can copy retention sets to tape and physically isolate the tape volumes from your production
systems and network. By securing retention sets with an air gap, you can help to protect the data
from malware and physical disasters.
- Monitor IBM Spectrum Protect Plus servers
- IBM Spectrum Protect Plus is a data protection and
availability solution for virtual environments. If your organization uses IBM Spectrum Protect Plus, you can monitor the health of your virtual
environment from the Operations Center.
- Back up an IBM Spectrum Protect server database to cloud
- To back up server database volumes to object storage, define a device class of type CLOUD by
using the command-line interface. Then, you can select the device class when you are backing up a
server database in the Operations Center.
- Track the movement of retention volumes
- You can use the Operations Center to track tape volumes
that contain retention data as the volumes are moved between an onsite library and an offsite vault.
If a retention set must be restored, you can use this tracking information to locate the tape
volumes that contain the retention set.
- Access message documentation
- When a server message is displayed in the Operations Center, you can hover over the message number to display documentation about the message. Depending on
the message, this documentation might include a detailed explanation of the message and actions that
you can take to resolve errors. This feature is available on Operations Center pages that display server messages, such as the
Alerts page and the Active Tasks page.
- Preserve data in a retention hold
- To preserve data indefinitely, you can define a retention hold. When a retention set is in a
retention hold, its data cannot be deleted until the retention set is explicitly released.
- Review commands to avoid unwanted results
- Configure servers to prevent certain commands from running until they are approved by another
administrator. By using this feature, you might grant less-experienced administrators greater
authority to complete more tasks, but have more-experienced administrators review their work for
unintended consequences. You might also use this feature to create a peer-review process for equally
- Automatically tier data from disk storage to tape storage
- You can tier data from directory-container storage pools on disk to both cloud storage and tape
storage. In previous releases, you could tier data only to cloud storage.
You can also start a
tiering rule outside of its scheduled time and start a tiering rule that is not active.
- Copy IBM Spectrum Protect Plus data to tape
- You can copy data from IBM Spectrum Protect Plus and store
the data on physical tape media or in a virtual tape library (VTL) for long-term data retention and
- Create collections of backup data to meet long-term data retention requirements
- You can comply with requirements for the collection, retention, and eventual deletion of data by
creating collections of client backup data. These collections, which are called retention sets, are
snapshots of the active backup data for one or more clients. You can define retention rules, which
are schedules for collecting backup data for specified clients into retention sets. You can also
create retention sets on an ad hoc basis. Data is not re-ingested from the client or copied from
server storage to create a retention set. Instead, retention sets consist of data that is already in
server storage. The data objects that must be retained are tracked in the server inventory and are
not deleted until the specified retention period ends.
- Copy data from IBM Spectrum Protect Plus
- You can use a new client type, called an object client, to copy data from IBM Spectrum Protect Plus. An object client is an application, in this
case IBM Spectrum Protect Plus, that accesses the server by
making Simple Storage Service (S3) requests to store and retrieve objects. By defining an IBM Spectrum Protect Plus server as an object client, you enable IBM Spectrum Protect Plus to send virtual machine copies directly to an
IBM Spectrum Protect server.
- Exercise greater control over cloud tiering operations
- Exercise greater control when you specify rules for automatically tiering data to cloud storage.
Previously, you could tier all data that met an age threshold. Now, you can also choose to tier only
inactive data that meets an age threshold. You can also create exceptions to a rule by defining
subrules. By defining one or more subrules, you can exercise granular control to keep some data in
disk storage for faster retrieval, while tiering other data to the cloud for long-term
- Receive security notifications for potential ransomware attacks
- After every client backup session, statistics are analyzed for signs of ransomware infection. If
signs are present, a warning message is displayed in the Operations Center. You can use the new Security Notifications page to
view details for each security notification. This information helps you determine whether the client
is infected with ransomware or if the notification is a false positive.
- Reclaim space in cloud-container storage pools to help reduce storage costs
- Fragmentation occurs in cloud-container storage pools when data is deleted or expired. As a
result, a cloud container can have occupied but unused space. You can now specify a threshold for
reclaiming that space. When you are selecting a reclamation threshold, you can view the estimated
space savings that can be achieved. You can also view the estimated number of requests to move data,
and the amount of data to be sent and received. You can use these estimates to decide on a
reclamation threshold that is most cost effective based on your cloud provider's storage and data
- Create custom email reports without writing SQL queries
- You can create two types of custom email reports in the Operations Center:
- Template-based operational overview reports, which provide insight into key storage metrics and
do not require SQL expertise
- SQL-based reports, which can be fully customized to reflect your storage environment
- Create schedules to update one or more backup-archive clients
- You can automatically download backup-archive client installation packages as they are released.
When an update schedule runs, installation files are copied to the client system and the client is
updated. You can also use the Operations Center to monitor,
cancel, or reschedule updates.
- Create storage rules to tier older data to the cloud
- You can create tiering storage rules to automatically move data from directory-container storage
pools to cloud-container storage pools based on the age of the data. The different types, or tiers,
of storage offer different price and performance tradeoffs. You can archive older data in lower
performance storage in the cloud, and retain recent data backups on high-performance disk for faster
- Configure cloud-container storage pools to use Microsoft Azure
- You can use the Add Storage Pool wizard to create cloud-container storage pools that use Microsoft Azure, a cloud-based object storage system, to back
- Encrypt communication by using Transport Layer Security (TLS) 1.2
- The Operations Center provides enhanced security by
enforcing the use of Transport Layer Security (TLS) 1.2 encryption for communication between the
Operations Center and the hub server.
- Move data to container storage pools by using the Convert Storage Pool wizard
- Use the Convert Storage Pool wizard to move data from primary storage pools that use the FILE
device class, a tape device class, or a virtual tape library to directory-container storage pools or
cloud-container storage pools.
- Authenticate clients by using an LDAP server
- You can choose local or LDAP authentication when you use the Add Client wizard to register
clients. You can also view local and LDAP configuration settings for servers.
- Configure cloud-container storage pools to use an existing bucket
- When you use the Add Storage Pool wizard to create a cloud-container storage pool for the IBM Cloud® Object Storage or Amazon Simple Storage Service
(S3) cloud types, you can use an existing bucket or allow the Operations Center to create a bucket. Previously, you could only create