File indexing and restore requirements

Review the following requirements for indexing and restoring files through IBM Spectrum Protectâ„¢ Plus.

General requirements for VMware

In the virtual machine settings under Advanced Configuration, the disk.enableUUID setting must be present and set to true.

Windows requirements

Supported operating systems: Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016

Supported file systems: NTFS, ReFS, CsvFS

IBM Spectrum Protect Plus supports only the operating systems available to your hypervisors. Review your hypervisor documentation for information about supported operating systems.

Windows Remote Shell (WinRM) must be enabled. By default, WinRM is not enabled in a Windows Server 2008 R2 or Windows 10 Server environments. To ensure services are able to receive connections, perform the following procedure: Run winrm quickconfig, then select Yes to make changes. This adds a listener for port 5985. To ensure the listener is available, enter the following command: winrm e winrm/config/listener.

Important: IBM Spectrum Protect Plus can protect and restore virtual machines with other file systems, but only the file systems listed above are eligible for file indexing and restore.

Ensure the latest version of VMware Tools is installed on VMware virtual machines, and Hyper-V Integration Services is installed on your Hyper-V virtual machines.

Space requirements
The C drive must have sufficient temporary space to save the file indexing results.
Connectivity requirements
The hostname of the IBM Spectrum Protect Plus appliance should be resolvable from the Windows virtual machine. If the hostname of the IBM Spectrum Protect Plus appliance is not resolvable, add the IP address of the appliance in the ecxAddress field in the IBM Spectrum Protect Plus configuration file, which can be found in the following location on the appliance:
/opt/virgo/repository/ecx-usr/com.catalogic.ecx.deploy.vmware.ecxvmdeployer.json
The IP address of the virtual machine selected for indexing must be visible to the vSphere client or Hyper-V Manager.
The Windows virtual machine selected for indexing must allow outgoing connections to port 22 (ssh) on the IBM Spectrum Protect Plus appliance.
All firewalls must be configured to allow IBM Spectrum Protect Plus to connect to the server through WinRM.
Authentication and privilege requirements
The credentials specified for the virtual machine must include a user with the following privileges:
  • The user identity must have the "Log on as a service" right, which is assigned through the Administrative Tools control panel on the local machine (Local Security Policy > Local Policies > User Rights Assignment > Log on as a service). For more information about the "Log on as a service" right, https://technet.microsoft.com/en-us/library/cc794944.aspx.
  • The default security policy uses the Windows NTLM protocol, and the user identity follows the default domain\Name format if the Hyper-V virtual machine is attached to a domain. The format .\<local administrator> is used if the user is a local administrator. Note that credentials must be established for the associated virtual machine through the Guest OS Username and Guest OS Password option within the associated backup job definition.
  • The system login credential must have the permissions of the local administrator.
Kerberos requirements
Kerberos-based authentication can be enabled through a configuration file on the IBM Spectrum Protect Plus appliance. This will override the default Windows NTLM protocol. Note that Kerberos does not allow local user accounts to be used and is only suitable for environments in which all machines are on a single domain.
For Kerberos-based authentication only, the user identity must be specified in the username@FQDN format. The username must be able to authenticate using the registered password to obtain a ticket-granting ticket (TGT) from the key distribution center (KDC) on the domain specified by the fully qualified domain name.
Kerberos authentication also requires that the clock skew between the Domain Controller and the IBM Spectrum Protect Plus appliance is less than 5 minutes. Note that the default Windows NTLM protocol is not time dependent.

Linux requirements

Supported operating systems: Red Hat Enterprise Linux 6.4+, CentOS 6.4+, Red Hat Enterprise Linux 7.0+, CentOS 7.0+, SUSE Linux Enterprise Server 12.0+

Supported file systems: ext2, ext3, ext4, XFS.

IBM Spectrum Protect Plus supports only the operating systems available to your hypervisors. Review your hypervisor documentation for information about supported operating systems.

Note: IBM Spectrum Protect Plus can protect and restore virtual machines with other file systems, but only the file systems listed above are eligible for file indexing and restore.
Software requirements
Python version 2.6.x or 2.7.x must be installed.
When file systems are indexed, temporary metadata files are generated under the /tmp directory and then deleted as soon as the indexing is complete. The amount of free space required for the metadata depends on the total number of files present on the system. Ensure that there is approximately 350 MB of free space per 1 million files.
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 6.x only: Ensure the util-linux-ng package is up-to-date by running yum update util-linux-ng. Depending on your version or distribution, the package may be named util-linux.
If data resides on LVM volumes, ensure the LVM version is 2.0.2.118 or later. Run lvm version to check the version and run yum update lvm2 to update the package if necessary.
If data resides on LVM volumes, the lvm2-lvmetad service must be disabled as it can interfere with the ability of IBM Spectrum Protect Plus to mount and re-signature volume group snapshots/clones. To disable:
  • systemctl stop lvm2-lvmetad
  • systemctl disable lvm2-lvmetad
  • Edit the file /etc/lvm/lvm.conf and set use_lvmetad = 0
For a discussion of the lvmetad service, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Logical_Volume_Manager_Administration/metadatadaemon.html.
If data resides on XFS file systems and the version of xfsprogs is between 3.2.0 and 4.1.9, the file restore can fail due to a known issue in xfsprogs that causes corruption of a clone/snapshot file system when its UUID is modified. To resolve this issue, update xfsprogs to version 4.2.0 or above. For more information, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782012.
Connectivity requirements
The SSH service must be running on port 22 on the server, and any firewalls must be configured to allow IBM Spectrum Protect Plus to connect to the server through SSH. The SFTP subsystem for SSH must also be enabled. For SFTP configuration information, see https://en.wikibooks.org/wiki/OpenSSH/Cookbook/File_Transfer_with_SFTP.
Authentication and Privilege Requirements
The credentials specified for the virtual machine must specify a user that has the following sudo privileges:
  • The sudoers configuration must allow the user to run commands without a password.
  • The !requiretty setting must be set.
The recommended approach is to create a dedicated IBM Spectrum Protect Plus Agent user with the following privileges. Sample configuration:
  • Create user: useradd -m sppagent
  • Set a password: passwd sppagent
  • Place the following lines at the end of your sudoers configuration file, typically /etc/sudoers. If your existing sudoers file is configured to import configurations from another directory (for example, /etc/sudoers.d), you can also place the lines in a new file in that directory:

    Defaults:sppagent !requiretty

    sppagent ALL=(root) NOPASSWD:ALL