Preventive Service Planning
This document details the Windows file systems backup and restore requirements for IBM Spectrum Protect Plus Version 10.1.6.
This document is divided into linked sections for ease of navigation. Use the following links to jump to the section of the document that you require:
Beginning with IBM Spectrum Protect Plus V10.1.6, support is added for backing up and restoring Microsoft® Windows file systems data.
Before you register a client host where the Microsoft Windows file system is located with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.
|IBM Spectrum Protect Plus||Microsoft Windows Resilient File System |
|Microsoft New Technology File System |
Restriction: Even if other Microsoft Windows file systems, such as that the allocation table (FAT), are detected during the inventory process, these file systems cannot be added to jobs or protected.
|IBM Spectrum Protect Plus||Microsoft Windows Server 2012 R2* |
Standard and Datacenter editions
|Microsoft Windows Server 2016* |
Standard and Datacenter editions
|Microsoft Windows Server 2019* |
Standard and Datacenter editions
*The base release and later maintenance levels (64-bit kernel) are supported.
IBM Spectrum Protect Plus supports proxy host server running on physical (bare metal) servers, and in a virtualized environment.
The following restrictions apply:
- IBM Spectrum Protect Plus does not protect file system shares or Microsoft cluster volumes.
- Microsoft FAT file systems are not supported.
- IBM Spectrum Protect HSM for Windows stub files are not supported.
- Ensure that your file system setup does not include nested mount points.
- Network shares are not valid alternative locations for restore jobs.
- Inventory jobs must not be scheduled to run at the same time as backup jobs.
- Only one application server or file server per host can assigned.
For example, if a host as a Microsoft Windows file system is already registered, you cannot register the same host as a Microsoft SQL Server or a Microsoft Exchange Server.
- Backup and restore operations of a file server instance that was created from a template or cloned from other VMs, is not supported.
- Install a supported version of a Windows 64-bit operating system in your environment. Ensure that the most recent patches and updates are installed.
To register a Windows file system, an IBM Spectrum Protect Plus administration user must register at the client host where the file systems to be protected are located.
Windows file servers can be registered with an Administrator user ID. It is possible to register the file server by using a domain user ID, if that user is the domain administrator or a local user with administrator privileges.
The user ID for registering Windows file servers can be set up with one of the following Windows configurations:
- For the local system administrator:
Ensure that the Admin Approval Mode is disabled. Check if this is the case by following steps:
- Open the Windows System Control Panel > User Account Control Settings
- Never notify option should be active
- For users member of the Local Administrators group:
Disable the Admin Approval Mode security policy setting for a user who is a member of the local administrator Group.
- with this user, open the Windows System Local Security Policy
- from the Security Settings menu, choose Local Policies > security options > User account Control: Run all administrators in Admin Approval Mode policy
- disable the User Account Control: Run all administrators
- Ensure that your Local Administrator Group includes policy Log on as Service
Network security: LAN Manager authentication level policy setting at
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, specifies one of the following options:
Send NTLMv2 response only.
Send NTLMv2 response only. Refuse LM.
Send NTLMv2 response only. Refuse LM & NTLM.
Send NTLM response only option is not compatible with the vSnap Common Internet File System (CIFS) and SMB version and can cause CIFS authentication problems.
You can specify the Group Policy Object (GPO) setting by navigating to:
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Incoming NTLMtraffic
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLMtraffic
Allow all accounts
The following prerequisites must be met before you start protecting your resources. For details, see Prerequisites for file systems
- Before you start backing up data that is stored on the registered file system, ensure that you have enough free disk space on the backup host and in the vSnap repository.
- If you plan to restore data to an alternative location, allow for extra space. No files are overwritten during the restore process. When files with identical names are found, both copies are retained.
- If the IBM Spectrum Protect Plus file systems agent is running, a self-signed certificate and key are created. You can increase the secure access for protecting file system files with IBM Spectrum Protect Plus by creating a certificate and managing its placement.
Before you start a backup or restore operation:
- To start protecting the data on an ReFS or NTFS, you must add the host address where the file system is located. You can repeat the procedure to add every host that you want to protect with IBM Spectrum Protect Plus, as described in Adding a file system server
- Before an IBM Spectrum Protect Plus user can implement backup and restore operations, roles and resource groups must be assigned to the user. Grant users access to backup and restore operations by using the Accounts pane. For instructions, see Managing user access
- Configure a service level agreement (SLA) policy. For instructions, see Defining a Service Level Agreement backup job
Review the following information about creating backup and restore jobs:
- During the initial backup, IBM Spectrum Protect Plus creates a new vSnap volume and Common Internet File System (CIFS) share. During incremental backups, the previously created volume is reused. The IBM Spectrum Protect Plus file system agent mounts the share on the server where the backup is to be completed, as described in Backing up file system data
- In a backup job, you can define exclusion rules to exclude certain drives, directories, or files. These files are not backed up as part of your SLA policy or as part of an ad hoc backup job. When you run a restore job, the exclusion rules mean that the drives, directories, or files that are specified in the exclude rules are not restored to the new copy. For more information, see Exclude rules syntax
- To restore file system data from the vSnap repository, define a job that restores data from either the newest backup or an earlier backup copy. You can restore data to the original location or to an alternative location. You can also specify other recovery options, as described in Restoring file system data
- The restore process is not tracked on the IBM Spectrum Protect Plus Jobs and Operations page. Use the File Systems File-Level Restore browser to specify the drives, directories, and files for the job. You can define an alternative location for the restore operation, and monitor the restore job until it completes in the browser.
- Ensure that the IBM Spectrum Protect destination target for your restore job is registered and set up correctly.
- When the restore job completes, you must remove the resource from the Active Resources tab in the Jobs and Operations window. You cannot run another restore job until the active resource is cancelled.
Ensure that the following connectivity criteria are in place:
- The network adapter used for the connection must be configured as a client for Microsoft Networks.
- The Microsoft Windows Remote Management (WinRM) service must be running.
- Firewalls must be configured to enable IBM Spectrum Protect Plus to connect to the server by using WinRM.
- Firewalls must be configured to enable the IBM Spectrum Protect Plus File Systems File-Level Restore browser to connect to the restore service.
- The IP address of the client host you register must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server. Windows file systems agent must have a Windows Remote Management service that is listening on port 5985.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus virtual appliance server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
The following ports are used by IBM Spectrum Protect Plus agents users.
|5985||Transmission Control Protocol (TCP)||IBM Spectrum Protect Plus virtual appliance1||Windows file systems||Provides access to the Microsoft WinRM service for Windows-based servers|
|5986||TCP||IBM Spectrum Protect Plus virtual appliance1||Windows file systems||Provides access to the Microsoft WinRM service for Windows-based servers|
|9085||TCP||File Systems File-Level Restore browser||Windows file systems||The File System File-Level Restore browser used during restore operations, connects between that UI and the file server|
1 The IBM Spectrum Protect Plus virtual appliance contains the following base components: the IBM Spectrum Protect Plus server, the vSnap server, and a VADP proxy, see Product components
|445||TCP||Windows file systems||vSnap server||Provides vSnap server CIFS target port that is used for mounting file system shares for transaction log backup and recovery operations|
|x86_64 based hardware that is compatible with one of the Windows operating system versions that is listed under section "Software"||500 MB free disk space that can be used for backup agent deployment||5 GB RAM per 1 million files in the file system that has to be protected. |
Note: Scalability testing has shown that the module used to scan the file system to identify backup candidates consumes more memory than expected. An APAR will be opened to address this limitation.
10 September 2020