Preventive Service Planning
This document details the Microsoft® 365 backup and restore requirements for IBM Spectrum Protect Plus Version 10.1.7.
This document is divided into linked sections for ease of navigation. Use the following links to navigate to the section of the document that you require:
Beginning with IBM Spectrum Protect Plus V10.1.5, support was added for backing up and restoring Microsoft 365 data
Product name update: Microsoft Corporation announced new product names, effective 21 April 2020, for its Office 365 offerings for small and medium businesses. With this announcement, all small and medium business plans transitioned to the new Microsoft 365 brand. In IBM Spectrum Protect Plus V10.1.6, the user interface and documentation use the original product name, Office 365. For more information, see New Microsoft 365 offerings for small and medium-sized businesses
If you choose to protect Microsoft 365 data with IBM Spectrum Protect Plus, you must purchase the IBM Spectrum Protect Plus for Microsoft 365 Entity ID Monthly License. For more information about this entitlement, see the IBM Spectrum Protect V10.1.5 announcement letter
Before you start protecting Microsoft 365 data with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.
To protect a Microsoft 365 application, you must register the application with Azure Active Directory and grant appropriate permissions. Before you begin, you must have the following items:
- An active Microsoft 365 subscription
- A Microsoft 365 administrative user ID and password
For instructions about registering the Microsoft 365 application with Azure Active Directory, see Registering with Azure Active Directory
If you have a Microsoft 365 administrative account, you can add users to ensure that they have valid licenses. For instructions, see Microsoft 365 in Visual Studio subscriptions
Ensure that you remember the Microsoft 365 administrative user IDs and passwords or maintain this information in a secure location.
|IBM Spectrum Protect Plus||Microsoft 365 Business
Basic, Business Standard, Business Premium editions
E1, E3, and E5 editions
A1, A3, and A5 editions
for Firstline Workers
E3 and E5 editions
|Former product name:
Office 365 Business:
Business, Essentials, and Business Premium editions
|Former product name:
Office 365 Education edition
|Former product name: Microsoft 365 F1|
|IBM Spectrum Protect Plus||RHEL 7.0*||RHEL 8.0*||CentOS 7.0*||CentOS 8.0*|
* The base release and later maintenance and modification levels are supported.
IBM Spectrum Protect Plus supports proxy host servers running on physical (bare metal) servers and in virtualized environments.
The Microsoft 365 tenant must be in a global region as defined by Microsoft. National regions are not supported. For more information about regions, see National cloud deployments
- Ensure that Java™ 8 is installed.
- The bash and sudo packages must be installed. Sudo must be at version 1.7.6p2 or later. Run
sudo -Vto check the version.
Tip: The required bash and sudo packages are included in the supported Linux x86_64 operating system installation packages.
- Install the most recent Microsoft 365 patches and updates in your environment.
- Ensure that a supported version of Linux x86_64 is installed with the most recent patches and updates.
- The International Components for Unicode (
libicu) RPM package must be installed for the corresponding version of your operating system.
- Ensure that the user limit value ulimit -f value, which specifies the effective file size for the IBM Spectrum Protect Plus agent, is set to unlimited. Alternatively, set the value sufficiently high to support copying of the largest Microsoft 365 files in your backup and restore jobs.
- In a Linux environment, depending on your version or distribution, ensure that the Linux utility package,
util-linux, is current.
Ensure that your system environment meets the following connectivity requirements:
- The secure file transfer protocol (SFTP) subsystem for Secure Shell (SSH) is enabled.
- The Secure Shell (SSH) service is running on port 22 on the proxy host server.
- Firewalls are configured to allow IBM Spectrum Protect Plus to connect to the proxy host server by using SSH.
- Firewalls must be configured to enable the proxy host server to communicate with the IBM Spectrum Protect Plus server using by using Hypertext Transfer Protocol Secure (HTTPS) via port 443.
- IBM Spectrum Protect Plus uses the Network File System (NFS) protocol to mount storage volumes for backup and restore operations. Ensure that the native Linux NFS client is installed on the proxy host server.
- All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus server and the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
- If DNS is not available, you must add the server to the
/etc/hostsfile on the IBM Spectrum Protect Plus server by using the command line.
- The proxy host server must be registered with IBM Spectrum Protect Plus by using an operating system user that exists on the agent host. The user is then referred to as the IBM Spectrum Protect Plus agent user.
- Ensure that the root user password is correctly configured and that the user can log in without facing any other prompts, such as prompts to reset the password.
The IBM Spectrum Protect Plus agent user must have privileges to run commands a root user by using sudo. The
sudoers configuration must allow the IBM Spectrum Protect Plus agent user to run commands without a password.
The following prerequisites must be met before you start protecting your resources:
- To protect an Microsoft 365 application, you must register the application with Azure Active Directory and grant appropriate permissions. When you register a new application with Azure Active Directory, the application credentials such as application ID and application secret are made available on the Azure Active Directory portal. For instructions, see Registering with Azure Active Directory
- To ensure that the IBM Spectrum Protect Plus agent can connect to the Microsoft 365 tenant, you must register the Microsoft tenant credentials and the proxy host server with IBM Spectrum Protect Plus. For instructions, see Registering the Microsoft 365 tenant with IBM Spectrum Protect Plus
Before you start a backup or restore operation, take the following actions:
- Apply a service level agreement (SLA) policy.
- Assign appropriate roles and resource groups to users who will be running backup and restore operations. Grant users access to resources and roles by using the Accounts pane.
- Performance tip: To help enhance the performance of backup operations, set the number of parallel sessions to a number in the range 10 - 40.
Review the following information about creating backup and restore jobs:
- To back up Microsoft™ 365 email, calendars, contacts, and data on OneDrive cloud storage. For instructions, see Backing up Microsoft 365 data
- To restore Microsoft 365 data from backup copies on vSnap servers or remote storage. For instructions, see Restoring Microsoft 365 data
For an overview about protecting Microsoft 365 with IBM Spectrum Protect Plus. For instructions, see Protecting Microsoft 365
The following ports are used by IBM Spectrum Protect Plus agents users.
|22||Transmission Control Protocol (TCP)||IBM Spectrum Protect Plus server||Proxy host server||Provides access to troubleshoot and maintain remote proxy host servers that are running guest application components by using the SSH protocol|
|111||TCP||Proxy host server||vSnap server||Allows Open Network Computing (ONC) clients to discover ports for communications with ONC servers|
|443||TCP||Proxy host server||vSnap server||Port that allows the agent to communicate with IBM Spectrum Protect Plus for sending alerts in case of log backup failures|
|2049||TCP||Proxy host server||vSnap server||Used for NFS data transfer to and from vSnap servers|
|20048||TCP||Proxy host server||vSnap server||Mounts vSnap file systems on clients such as the VMware vStorage API for Data Protection (VADP) proxy, application servers, and virtualization datastores|
|System||Disk space||Memory and CPU|
|Compatible hardware with quad-core processors that are supported by the operating system||5 GB of available disk space for temporary files at run time||16 GB of random access memory (RAM) and
23 June 2021