Preventive Service Planning
Abstract
This document details the Microsoft® 365 backup and restore requirements for IBM Spectrum Protect Plus 10.1.9.
Content
This document is divided into linked sections. Use the following links to go to the section of the document that you require.
- General
- Configuration
- Software
- Connectivity
- Authentication and privileges
- Prerequisites and operations
- Ports
- Hardware
Beginning with IBM Spectrum Protect Plus 10.1.5, support was added for backing up and restoring Microsoft 365 data.
Product name update: Microsoft Corporation announced new product names, effective 21 April 2020, for its Office 365 offerings for small and medium businesses. With this announcement, all small and medium business plans transitioned to the new Microsoft 365 brand. In IBM Spectrum Protect Plus 10.1.6, the user interface and documentation use the original product name, Office 365. For more information, see New Microsoft 365 offerings for small and medium-sized businesses
If you choose to protect Microsoft 365 data with IBM Spectrum Protect Plus, you must purchase the IBM Spectrum Protect Plus for Microsoft 365 Entity ID monthly license. For more information about this entitlement, see the IBM Spectrum Protect 10.1.5 announcement letter.
Before you start protecting Microsoft 365 data with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.
To protect a Microsoft 365 application, you must register the application with Azure Active Directory and grant appropriate permissions. Before you begin, you must have the following items:
- An active Microsoft 365 subscription
- A Microsoft 365 administrative user ID and password
For instructions about registering the Microsoft 365 application with Azure Active Directory, see Registering with Azure Active Directory.
If you have a Microsoft 365 administrative account, you can add users to ensure that they have valid licenses. For instructions, see Microsoft 365 in Visual Studio subscriptions
Ensure that you remember the Microsoft 365 administrative user IDs and passwords or maintain this information in a secure location.
IBM Spectrum Protect Plus | Microsoft 365 Business Basic, Business Standard, Business Premium editions |
Office 365 for Enterprise E1, E3, and E5 editions |
Office 365 for Education A1, A3, and A5 editions |
Office 365 for Firstline Workers F3 edition |
Microsoft 365 for Enterprise E3 and E5 editions |
10.1.5 | |||||
10.1.6 | |||||
10.1.7 | |||||
10.1.8 | |||||
10.1.9 |
Note:
- Microsoft 365 Business, former product name: Office 365 Business
- Office 365 for Education, former product name: Office 365 Education edition
- Office 365 for Firstline Workers, former product name: Microsoft 365 F1
IBM Spectrum Protect Plus | RHEL 7.0* | RHEL 8.0* | CentOS 7.0* | CentOS 8.0* |
10.1.5 | -- | -- | ||
10.1.6 | -- | |||
10.1.7 | ||||
10.1.8 | ||||
10.1.9 |
* The base release and later maintenance and modification levels are supported.
IBM Spectrum Protect Plus supports proxy host servers running on physical (bare metal) servers and in virtualized environments.
- The Microsoft 365 tenant must be in a global region as defined by Microsoft. National regions are not supported. For more information about regions, see National cloud deployments
- Ensure that vSnap is not used as a proxy server in production mode.
- The bash and sudo packages must be installed. Sudo must be at version 1.7.6p2 or later. Run
sudo -V
to check the version. - Tip: The required bash and sudo packages are included in the supported Linux x86_64 operating system installation packages.
- Install the most recent Microsoft 365 patches and updates in your environment.
- Ensure that a supported version of Linux x86_64 is installed with the most recent patches and updates.
- The International Components for Unicode (
libicu
) RPM package must be installed for the corresponding version of your operating system. - Ensure that the user limit value ulimit -f value, which specifies the effective file size for the IBM Spectrum Protect Plus agent, is set to unlimited. Alternatively, set the value sufficiently high to support copying of the largest Microsoft 365 files in your backup and restore jobs.
- In a Linux environment, depending on your version or distribution, ensure that the Linux utility package,
util-linux-ng
, orutil-linux
, is current.
Ensure that your system environment meets the following connectivity requirements:
- The secure file transfer protocol (SFTP) subsystem for Secure Shell (SSH) is enabled.
- The SSH service is running on port 22 on the proxy host server.
- The SSH host key must be one of the following algorithms: ssh-dsa, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521.
- Firewalls are configured to allow IBM Spectrum Protect Plus to connect to the proxy host server by using SSH.
- Firewalls must be configured to enable the proxy host server to communicate with the IBM Spectrum Protect Plus server by using Hypertext Transfer Protocol Secure (HTTPS) through port 443.
- IBM Spectrum Protect Plus uses the Network File System (NFS) protocol to mount storage volumes for backup and restore operations. Ensure that the native Linux NFS client is installed on the proxy host server.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus server and the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
- If DNS is not available, you must add the server to the
/etc/hosts
file on the IBM Spectrum Protect Plus server by using the command line.
- The proxy host server must be registered with IBM Spectrum Protect Plus by using an operating system user that exists on the agent host. The user is then referred to as the IBM Spectrum Protect Plus agent user.
- Ensure that the root user password is correctly configured and that the user can log in without facing any other prompts, such as prompts to reset the password.
The IBM Spectrum Protect Plus agent user must have privileges to run commands a root user by using sudo. The sudoers
configuration must allow the IBM Spectrum Protect Plus agent user to run commands without a password.
Ensure that the Software, Connectivity, and Authentication and privileges requirements are met.
The following prerequisites must be met before you start protecting your resources:
- To protect a Microsoft 365 application, you must register the application with Azure Active Directory and grant appropriate permissions. When you register a new application with Azure Active Directory, the application credentials such as application ID and application secret are made available on the Azure Active Directory portal. For instructions, see Registering with Azure Active Directory.
- To ensure that the IBM Spectrum Protect Plus agent can connect to the Microsoft 365 tenant, you must register the Microsoft tenant credentials and the proxy host server with IBM Spectrum Protect Plus. For instructions, see Registering the Microsoft 365 tenant with IBM Spectrum Protect Plus.
Before you start a backup or restore operation, take the following actions:
- Apply a service level agreement (SLA) policy.
- Assign appropriate roles and resource groups to users who are running backup and restore operations. Grant users access to resources and roles by using the Accounts pane.
- Performance tip: To help enhance the performance of backup operations, set the number of parallel sessions to a number in the range 10 - 40.
Review the following information about creating backup and restore jobs:
- To back up Microsoft™ 365 email, calendars, contacts, and data on OneDrive cloud storage, see Backing up Microsoft 365 data.
- To restore Microsoft 365 data from backup copies on vSnap servers or remote storage, see Restoring Microsoft 365 data.
For an overview about protecting Microsoft 365 with IBM Spectrum Protect Plus, see Protecting Microsoft 365.
The following ports are used by IBM Spectrum Protect Plus agents users.
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
22 | Transmission Control Protocol (TCP) | IBM Spectrum Protect Plus server | Proxy host server | Provides access to troubleshoot and maintain remote proxy host servers that are running guest application components by using the SSH protocol |
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
111 | TCP and User Datagram Protocol (UDP) | Proxy host server | vSnap server | Allows Open Network Computing (ONC) clients to discover ports for communications with ONC servers |
443 | TCP | Proxy host server | vSnap server | Port that allows the agent to communicate with IBM Spectrum Protect Plus for sending alerts if log backup failures |
2049 | TCP and UDP | Proxy host server | vSnap server | Used for NFS data transfer to and from vSnap servers |
20048 | TCP and UDP | Proxy host server | vSnap server | Mounts vSnap file systems on clients such as the VMware vStorage API for Data Protection (VADP) proxy, application servers, and virtualization datastores |
System | Disk space | Memory and CPU |
---|---|---|
Compatible hardware with quad-core processors that are supported by the operating system | A minimum of 500 MB under /tmp and 800 MB under /opt is required for product installation. 5 GB of available disk space for temporary files at run time |
16 GB of random access memory (RAM) and 8 processors |
Related Information
Was this topic helpful?
Document Information
Modified date:
07 December 2021
UID
ibm16509812