File restore prerequisites

Before you restore files with the IBM Spectrum Protect Data Protection for VMware file restore interface, ensure that your environment meets the minimum prerequisites.

To enable the file restore feature, Data Protection for VMware must be installed on a Windows system.

VMware virtual machine prerequisites

The following prerequisites apply to the VMware virtual machine that contains the files to be restored:
  • Windows operating systemsLinux operating systemsVMware Tools must be installed on the virtual machine.
  • Windows operating systemsLinux operating systemsThe virtual machine must be running during the file restore operation.
  • Windows operating systemsThe data mover system must either belong to the same windows domain or be in a domain with a trust relationship with the virtual machine that contains the files to be restored.
  • Windows operating systemsWhen a virtual machine is deleted from a Windows domain and then restored later, the virtual machine must rejoin the domain to ensure the domain trust relationship. Do not attempt a file restore from the virtual machine until the domain trust relationship is restored.
  • Windows operating systemsIf the user does not own the file to be restored, the Microsoft Windows Restore Files and Directories privilege must be assigned to the user for that virtual machine.
  • For further information on Microsoft Windows domain account prerequisites required to use the Data Protection for VMware file restore interface, see technote 1998066.
  • Linux operating systemsLocal user authentication is required for the virtual machine. Authentication is not available through Windows domain, Lightweight Directory Access Protocol (LDAP), Kerberos, or other network authentication methods.
  • Linux operating systemsOn a Red Hat Enterprise Linux 6 operating system, the ChallengeResponseAuthentication option in the sshd daemon configuration file (/etc/ssh/sshd_config) must specify YES or be commented out. For example, either of the following statements are valid:
    ChallengeResponseAuthentication yes
    #ChallengeResponseAuthentication no
    Restart the sshd daemon after you modify this option.

Data mover prerequisites

The data mover system represents a specific data mover that "moves data" from one system to another.

Windows operating systemsThe data mover system must belong to the same Windows domain as the virtual machine that contains the files to be restored.

Mount proxy prerequisites

The mount proxy system represents the Linux or Windows proxy system that accesses the mounted virtual machine disks through an iSCSI connection. This system enables the file systems on the mounted virtual machine disks to be accessible as restore points to the file restore interface.

Linux operating systemsLinux operating systems provide a daemon that activates Logical Volume Manager (LVM) volume groups as these groups become available to the system. Set this daemon on the Linux mount proxy system so that LVM volume groups are not activated as they become available to the system. For detailed information about how to set this daemon, see the appropriate Linux documentation.

Windows operating systemsLinux operating systemsThe Windows mount proxy system and Linux mount proxy system must be on the same subnet.

Microsoft Windows domain account prerequisites

The following prerequisites apply to Windows domain accounts. The first requirement is to establish a Windows domain user account with local administrative authority over all VMs:
  • To perform the necessary tasks to enable file recovery to a virtual machine guest, you need a user account that belongs to a Windows domain and is a local administrator on the mount proxy system . An administrator with this account enters the account credentials in the Data Protection for VMware vSphere GUI configuration wizard or notebook to enable the environment for file restore operations.
  • To create a user account with sufficient privileges to use the file restore interface, you can use the Windows Group Policy object to centrally manage a single domain user, allow it to access multiple machines with local administrator credentials, and optionally restrict undesirable actions.
The following steps illustrate how this user account can be created. Complete these steps on a domain controller by using the Active Directory Users and Computers MMC snap-in:
  1. Select Action->New->Groups and create a new security group named FR Admins. The group scope should be set to Global.
  2. Create a new domain user account with the user name fradmin1 and add it to the FR Admins security group. You can also add other domain user accounts to the group.
  3. To provide more control over the set of computers that fradmin1 can access, create a new organizational unit
  4. From the domain object, select New->Organizational Unit, name it as FR Computers
  5. Populate the FR Computers organizational unit with a number of machines. .
Complete the following steps on the domain controller from the Group Policy MMC snap-in:
  1. Create a new Group Policy object named FR Admin GPO, which will add the administrators in the FR Admins group to the local administrator group of the computers associated with the organizational unit to which the Group Policy object is applied.
  2. In the Group Policy object, add the account to both the local administrator group and optionally to remote desktop users.
  3. Select the FR Computers organizational unit and add the newly created Group Policy object.
    Note: The Group Policy object could have been associated with the domain itself, but then fradmin1 would be in the local administrator group of all computers in the domain. Using an explicit organization unit provides additional control.
  4. Optionally: use Group Policy Management to restrict undesirable actions on the local machine such as Deny log on locally and Deny log on through Terminal Services.
  5. On the File Restore page of the Data Protection for VMware vSphere GUI configuration wizard or notebook, update the settings to use the domain\fradmin1 account that was created in the steps above.
  6. Restart the mount proxy client access daemon (CAD) service.
When you have set up an account with suitable privileges:
  • Windows operating systemsEnter your credentials in the Data Protection for VMware vSphere GUI configuration wizard or notebook to enable the environment for file restore operations.
  • Windows operating systemsA file owner accesses the remote virtual machine (that contains the files to be restored) with Windows domain user credentials. These credentials are entered in the file restore interface during login. Domain user credentials verify that the file owner has permission to log in to the remote virtual machine and restore files into the remote virtual machine. These credentials do not require any special permissions.
  • Windows operating systemsIf a file owner uses a Windows domain user account that limits access to specific computers (instead of access to all computers within the domain), ensure that the mount proxy system is included in the list of computers that are accessible to this domain user account. Otherwise, the file owner is unable to log in to the file restore interface.

Tape media prerequisites

File restore from tape media is not supported. File restore from disk storage is the preferred method.