Preventive Service Planning
Abstract
This document details the Microsoft® Exchange database backup and restore requirements for IBM Spectrum Protect Plus Version 10.1.6.
Content
This document is divided into linked sections for ease of navigation. Use the following links to jump to the section of the document that you require:
- General
- Configuration
- Software
- Authentication and privileges
- Prerequisites and operations
- Connectivity
- Ports
- Hardware
General
Beginning with IBM Spectrum Protect Plus V10.1.3, support was added for backing up and restoring of Microsoft Exchange Server data.
Before you register a Microsoft Exchange Server with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.
Configuration
Application versions
IBM Spectrum Protect Plus | Microsoft Exchange Server 2013 CU16* Standard and Enterprise editions | Microsoft Exchange Server 2016 CU5* Standard and Enterprise editions | Microsoft Exchange Server 2019* Standard and Enterprise editions |
V10.1.3 | |||
V10.1.4 | |||
V10.1.5 | |||
V10.1.6 |
* The base release and later cumulative updates and maintenance levels are supported.
Microsoft Exchange database availability groups (DAGs) are supported.
Operating systems
IBM Spectrum Protect Plus | Microsoft Windows Server 2012 R2* Standard and Datacenter editions | Microsoft Windows Server 2016* Standard and Datacenter editions | Microsoft Windows Server 2019* Standard and Datacenter editions |
V10.1.3 | |||
V10.1.4 | |||
V10.1.5 | |||
V10.1.6 |
*The base release and later maintenance levels are supported.
IBM Spectrum Protect Plus supports Microsoft Exchange Server running on a physical (bare metal) server and in a virtualized environment. The following virtualized environments are supported:
- VMware Elastic Sky X (ESX) guest operating system
- Microsoft Windows Hyper-V guest operating system
See minimum requirements to enable write range tracking in section Incremental backups.
Restrictions
The following restrictions apply:
- Windows Server 2019 with the Server Core option is supported. However, the granular restore feature is not supported by the Server Core installation option.
- The database logs are backed up on the preferred node only. Only one Exchange Server instance at a time can write log backups to the vSnap server.
- When you restore a mailbox item (or mailbox) to an Outlook personal folders (
.pst
) file, you can use the Mailbox Restore Browser view only with non-Unicode .pst files. - When you restore a mailbox item (or a mailbox) to a different mailbox, you cannot drag mail items or subfolders in the Recoverable Items folder to a destination mailbox.
- When you restore mail items to a non-Unicode personal folders (.pst) file, each folder can contain a maximum of 16,383 mail items.
- Only one application server or file server per host can assigned.
For example, if a host as a Microsoft Windows file system is already registered, you cannot register the same host as a Microsoft SQL Server or a Microsoft Exchange Server.
See specific restrictions for technologies that are not supported for changed bytes tracking in sectionIncremental backups
Software
- Install the most recent Microsoft Exchange database patches and updates in your environment.
- Install a supported version of a Windows 64-bit operating system in your environment. Ensure that the most recent patches and updates are installed.
- The following software must be installed before you use IBM Spectrum Protect Plus:
- Windows PowerShell 4 or later
- Windows Management Framework 4 or later
- If you use Microsoft Exchange Server 2013 with the granular restore feature, the minimum level that is supported for Microsoft Exchange Messaging API (MAPI) Client and Collaboration Data Objects (CDO) is version 6.5.8320.0.
- If you use the granular restore feature with Microsoft Exchange Server 2016 or 2019, Microsoft 32-bit Outlook 2013, Outlook 2016, or Outlook 2019 is required.
- The following software, required by Microsoft, is installed automatically by the IBM Spectrum Protect Plus granular restore feature, if not already present on your virtual machine:
- 32-bit Microsoft Visual C++ 2012 Redistributable Package
- 64-bit Microsoft Visual C++ 2012 Redistributable Package
- 32-bit Microsoft Visual C++ 2017 Redistributable Package
- 64-bit Microsoft Visual C++ 2017 Redistributable Package
- Microsoft .NET Framework 4.5
- Microsoft ReportViewer 2012 SP1 Redistributable Package
- Microsoft SQL Server 2012 System CLR Types
- Microsoft SQL Server 2014 System CLR Types
- Microsoft SQL Server 2016 System CLR Types
Authentication and privileges
Authentication
Register each Microsoft Exchange Server with IBM Spectrum Protect Plus by name or IP address.
Restrictions: The IP address must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server. The fully qualified domain name of each Microsoft Exchange Server must be resolvable and can be routed from the IBM Spectrum Protect Plus server and from the vSnap server. The fully qualified domain name of the IBM Spectrum Protect Plus server must be resolvable and can be routed from the Microsoft Exchange servers.
The user identity must have sufficient privileges to install and start the IBM Spectrum Protect Plus Tools Service on the node. For more information, see the Microsoft article: Add the Log on as a service Right to an Account
Privileges
To use an Exchange database, an IBM Spectrum Protect Plus agent user must have the appropriate privileges. For instructions about assigning privileges, see Exchange Server Privileges
- To manage Exchange role groups by using the Exchange Admin Center (EAC) or Exchange Powershell Cmdlets, the username must be authorized by the security policy.
- The Encrypting File System (EFS) must be enabled in the local or group domain policy, and a valid Domain Data Recovery Agent (DRA) certificate must be available.
- To use the mailbox browser for granular restore operations, Exchange digital certificates must be installed and configured.
Tip: With Microsoft Exchange Server 2016 and 2019, the Exchange Server is configured to use Transport Layer Security (TLS) by default. This TLS security encrypts communication between internal Exchange servers, and between Exchange services on the local server.
Group Policy Object
For the Network security: LAN Manager authentication level policy
setting at Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options,
specifies one of the following options:
Not Defined.
Send NTLMv2 response only.
Send NTLMv2 response only. Refuse LM.
Send NTLMv2 response only. Refuse LM & NTLM.
The Send NTLM response only
option is not compatible with the vSnap Common Internet File System (CIFS) and SMB version and can cause CIFS authentication problems.
You can specify the Group Policy Object (GPO) setting by navigating to:
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Incoming NTLM
traffic
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLM
traffic
Allow all
Allow all accounts
Prerequisites and operations
Prerequisites
Ensure that the Software, Connectivity, and Authentication and privileges requirements are met.
The following prerequisites must be met before you start protecting your resources. For details, see Prerequisites for Exchange Server
Operations
Before you start a backup or restore operation:
- Ensure that the application servers that contain the Exchange databases that you want to back up are registered with IBM Spectrum Protect Plus. For instructions, see Adding an Exchange application server
- Configure a service level agreement (SLA) policy. For instructions, see Defining a Service Level Agreement backup job
- Ensure that appropriate roles and resource groups are assigned to the user who will create backup and restore jobs. For instructions, see Managing user access
Review the following information about creating backup and restore jobs:
- To protect Microsoft Exchange databases, you can define a backup job that runs continuously to create incremental backups. You can also run on-demand backup jobs outside of the schedule. For instructions, see Backing up Exchange databases
- When you restore files from an IBM Spectrum Protect archive, the files are initially migrated from tape storage to a staging storage pool. Depending on the size of the files to be restored, this process might take several hours.
- If you plan to restore data restoring to an alternative instance or to a new file location, the destination directories that you enter in the Destination Path field must exist on the application host. If the directories do not exist on the server, you must create them before you complete the restore operation.
- If data in an Exchange database is lost or corrupted, you can restore the data from a backup copy. Use the "Restore" wizard to set up a restore job schedule or an on-demand restore operation. You can define a job that restores data to the original instance. For instructions, see Restoring Exchange databases
For detailed requirements and restrictions that apply to backup jobs, see Incremental backups
Incremental backups
IBM Spectrum Protect Plus uses update sequence number (USN) change journal technology for incremental backups in a Microsoft Exchange Server environment. The USN change journal provides write range tracking for a volume when the file size meets the minimum file size threshold requirement. The changed bytes offset and length extent information can be queried against a specific file.
To enable write range tracking, the system environment must meet the following requirements:
- Windows Server 2012 R2 or later
- New Technology File System (NTFS) version 3.0 or later
The following technologies are not supported for changed bytes tracking:
- Resilient File System (ReFS)
- Server Message Block (SMB) 3.0 protocol
- SMB Transparent Failover (TFO)
- SMB 3.0 with Scale-out file shares
By default, 512 MB of space is allocated for USN change journaling. In addition, when journal overflow is detected, the allocated space doubles in size, to a maximum of 2 GB.
The minimum space required for shadow copy storage is 100 MB, although more space might be required on systems with increased activity.
A base backup of a file is forced when the following conditions are detected:
- Journal discontinuity is reported. This issue can occur when the log reaches its maximum size, when journaling is disabled, or when the cataloged USN ID is changed.
- The file size is less than or equal to the tracking threshold size, which by default is 1 MB.
- A file is added after a previous backup operation.
Connectivity
Ensure that the following connectivity requirements are met:
- The network adapter used for the connection must be configured as a client for Microsoft Networks.
- The Microsoft Windows Remote Management (WinRM) service must be running.
- Firewalls must be configured to enable IBM Spectrum Protect Plus to connect to the server by using WinRM.
- The IP address of the client host that you register must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server. Microsoft Exchange server must have a WinRM service that is listening on port 5985.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus virtual appliance server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
Ports
The following ports are used by IBM Spectrum Protect Plus agent users.
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
5985 | Transmission Control Protocol (TCP) | IBM Spectrum Protect Plus virtual appliance1 | Microsoft Exchange Server | Provides access to the Microsoft WinRM service for Windows-based servers |
5986 | TCP | IBM Spectrum Protect Plus virtual appliance1 | Microsoft Exchange Server | Provides access to the Microsoft WinRM service for Windows-based servers |
1 The IBM Spectrum Protect Plus virtual appliance contains the following base components: the IBM Spectrum Protect Plus server, the vSnap server, and a VADP proxy, as described in Product components
Port | Protocol | Initiator | Target | Description |
---|---|---|---|---|
3260 iSCSI initiator is required on this node. | TCP | Microsoft Exchange Server | vSnap server | The Microsoft Internet Small Computer System Interface (iSCSI) Initiator service vSnap target port that is used for mounting LUNS for backup and recovery operations |
443 | TCP | Microsoft Exchange Server agent | IBM Spectrum Protect Plus virtual appliance1 | Port that allows the agent to communicate with IBM Spectrum Protect Plus to send alerts in case of log backup failures |
445 | TCP | Microsoft Exchange Server agent | vSnap server | Provides vSnap server SMB or CIFS target port that is used for mounting file system shares for transaction log backup and recovery operations |
1 The IBM Spectrum Protect Plus virtual appliance contains the following base components: the IBM Spectrum Protect Plus server, the vSnap server, and a VADP proxy, as described in Product components
Ports update:
- For Microsoft Exchange Server, port 443 is available in IBM Spectrum Protect Plus V10.1.4 and later.
- In earlier versions, ports 137, 138, and 139 on the vSnap server were used by application agents that use SMBv1. Beginning with IBM Spectrum Protect Plus V10.1.6, the SMBv1 protocol is not used. All agents use SMBv2 or later, which does not require ports 137, 138, or 139.
Hardware
System | Disk space | Disk space for granular restore operations |
---|---|---|
Compatible hardware that is supported by the 64-bit operating system and Microsoft Exchange Server | A minimum of 500 MB of disk space for the product to be installed | At least 2.1 GB of disk space for required Microsoft software, which is installed automatically |
Related Information
Was this topic helpful?
Document Information
Modified date:
09 September 2020
UID
ibm12488563