IBM Support

Microsoft Exchange Server database backup and restore requirements: IBM Spectrum Protect Plus 10.1.12

Preventive Service Planning


Abstract

This document details the Microsoft® Exchange Server database backup and restore requirements for IBM Spectrum Protect Plus 10.1.12.

Content

This document is divided into linked sections. Use the following links to go to the section of the document that you require.



 

General

Beginning with IBM Spectrum Protect Plus 10.1.3, support was added for backing up and restoring of Microsoft Exchange Server data.
To read about new and changed features in different versions of IBM Spectrum Protect Plus 10.1, see What's new for IBM Spectrum Protect Plus.

Before you register a Microsoft Exchange Server with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.

IBM Spectrum Protect Plus support for third-party operating systems, applications, services, and hardware depend on the respective vendor. If a third-party product or version moves into extended support, self-service support, or end-of-life, IBM Spectrum Protect Plus supports the product or version at the same level as the vendor. See also IBM Support General Guidelines and Limitations - IBM support for software on unsupported operating systems.



 

Configuration

Application versions

Table 1. Coverage matrix for application levels supported by IBM Spectrum Protect Plus
IBM Spectrum Protect Plus Microsoft Exchange Server 2013 CU16*(1) Microsoft Exchange Server 2016 CU5*(1) Microsoft Exchange Server 2019*(1)
10.1.3
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.1.9
10.1.10
10.1.11
10.1.12

* The base release and later cumulative updates and maintenance levels are supported.
(1) Microsoft Exchange Server supported editions: Standard and Enterprise editions

Microsoft Exchange Server database availability groups (DAGs) are supported.


 

Operating systems

Table 2. Coverage matrix for supported Microsoft Windows 64-bit operating systems
IBM Spectrum Protect Plus Microsoft Windows Server 2012 R2*(1) Microsoft Windows Server 2016*(1) Microsoft Windows Server 2019*(1) Microsoft Windows Server 2022*(1)
10.1.3 --
10.1.4 --
10.1.5 --
10.1.6 --
10.1.7 --
10.1.8 --
10.1.9
10.1.10
10.1.11
10.1.12

*The base release and later maintenance levels are supported.
(1) Microsoft Windows Server supported editions: Standard, and Datacenter Editions

IBM Spectrum Protect Plus supports Microsoft Exchange Server running on a physical (bare metal) server and in a virtualized environment. The following virtualized environments are supported:

  • VMware ESXi guest operating system
  • Microsoft Windows Hyper-V guest operating system

To enable write range tracking, see the minimum requirements in Incremental backups


 

Restrictions

  • Windows Server 2019 with the Server Core option is supported. However, the granular restore feature is not supported by the Server Core installation option.
  • The database logs are backed up on the preferred node only. Only one Exchange Server instance at a time can write log backups to the vSnap server.
  • When you restore a mailbox item (or an entire mailbox) to an Outlook personal folders (.pst) file, you can use the Mailbox Restore Browser view only with non-Unicode .pst files.
  • When you restore a mailbox item (or a mailbox) to a different mailbox, you cannot drag mail items or subfolders in the Recoverable Items folder to a destination mailbox.
  • When you restore mail items to a non-Unicode personal folders (.pst) file, each folder can contain a maximum of 16,383 mail items.
  • Only one application server or file server can be assigned per host.
    For example, if a host is registered as a Microsoft Windows file system, you cannot register the same host as a Microsoft SQL Server or a Microsoft Exchange Server.
  • If a nondefault local administrator ID is entered as the Guest OS username when you define a backup job, the file cataloging, backup, application point-in-time restores, and other operations that start the Windows agent fail. A nondefault local administrator is any user ID created in the guest operating system and assigned the administrator role.
    This failure occurs if the registry key LocalAccountTokenFilterPolicy in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System is set to 0 or not set. If the parameter is set to 0 or not set, a local nondefault administrator cannot interact with WinRM. WinRM is the protocol that IBM Spectrum Protect Plus uses to install the Windows agent for file cataloging, send commands to this agent, and get results from it.
    Set the LocalAccountTokenFilterPolicy registry key to 1 on the Windows guest that is being backed up with catalog file metadata enabled. If the key does not exist, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and add a DWord Registry key named LocalAccountTokenFilterPolicy with a value of 1.

For restrictions on changed bytes tracking, see Incremental backups



 

Software

  • Install the most recent Microsoft Exchange Server database patches and updates in your environment.
  • A supported version of a Microsoft Windows 64-bit operating system, including the most recent patches and updates, must be installed in your system environment.
  • Ensure that the Microsoft Storage Spaces SMP service is enabled and running.
  • Anti-virus software can interfere with the operations of IBM Spectrum Protect Plus. Exclude the IBM Spectrum Protect Plus agent folders C:\ProgramData\SPP and C:\Program Files\IBM from anti-virus scans.
  • The following software must be installed before you use IBM Spectrum Protect Plus:
    • Windows PowerShell 4 or later
    • Windows Management Framework 4 or later
  • If you use Microsoft Exchange Server 2013 with the granular restore feature, the minimum level that is supported for Microsoft Exchange Messaging API (MAPI) Client and Collaboration Data Objects (CDO) is version 6.5.8320.0.
  • If you use the granular restore feature with Microsoft Exchange Server 2016 or 2019, Microsoft 32-bit Outlook 2013, Outlook 2016, or Outlook 2019 is required.
  • If not already present on your virtual machine, the following software, required by Microsoft, is installed automatically by the IBM Spectrum Protect Plus granular restore feature:
    • 32-bit Microsoft Visual C++ 2012 Redistributable Package
    • 64-bit Microsoft Visual C++ 2012 Redistributable Package
    • 32-bit Microsoft Visual C++ 2017 Redistributable Package
    • 64-bit Microsoft Visual C++ 2017 Redistributable Package
    • Microsoft .NET Framework 4.5
    • Microsoft ReportViewer 2012 SP1 Redistributable Package
    • Microsoft SQL Server 2012 System CLR Types
    • Microsoft SQL Server 2014 System CLR Types
    • Microsoft SQL Server 2016 System CLR Types
    Tip: Installation of these prerequisites might require a system restart. To avoid a system restart, ensure that these prerequisites are installed before you start the IBM Spectrum Protect Plus granular restore feature.



 

Connectivity

Ensure that your system environment meets the following connectivity requirements:

  • The network adapter that is used for the connection must be configured as a client for Microsoft Networks.
  • The Microsoft Windows Remote Management (WinRM) service must be running.
  • Firewalls must be configured to enable IBM Spectrum Protect Plus to connect to the server by using WinRM.
  • Firewalls must be configured to enable the Exchange Server to communicate with the IBM Spectrum Protect Plus server by using Hypertext Transfer Protocol Secure (HTTPS) through port 443.
  • The IP address of any client host that you register must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server.
    The Microsoft Exchange Server must have a WinRM service that is listening on the same port as the global preference in IBM Spectrum Protect Plus for WinRM port. This port must be the port 5985 for WinRM by using the HTTP protocol or the port 5986 for WinRM by using the HTTPS protocol.
  • All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
  • If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.



 

Authentication and privileges

Authentication

Register each Microsoft Exchange Server with IBM Spectrum Protect Plus by specifying a fully qualified name or IP address. Ensure that the Connectivity requirements are met.

The user identity must have sufficient privileges to install and start the IBM Spectrum Protect Plus Tools Service on the node. For more information, see the Microsoft article: Add the Log on as a service right to an account


 

Privileges

To use an Exchange Server database, an IBM Spectrum Protect Plus agent user must have appropriate privileges. For instructions about assigning privileges, see Exchange Server Privileges.

For role-based access control, you are required to register the Exchange Server with IBM Spectrum Protect Plus with an Exchange user who has local administrator privileges and the correct role-based access control (RBAC) permissions.
Note: To manage Exchange Server role groups by using the Exchange Admin Center (EAC) or Exchange Powershell Cmdlets, the username must be authorized by the security policy.

Also, for granular restore operations you are required to use an Exchange user and set up the environment to meet the following requirements:

  • Ensure that the Exchange user is a member of a local Administrator group and has an active Exchange mailbox in the domain.
  • Ensure that the user name who is logged in have role-based access control (RBAC) permissions to complete individual mailbox restore operations.
  • Ensure that the Exchange server version level must be equal or higher to the Exchange version level of restoring mailbox.
  • Ensure that the directory where you restore a mailbox has enough temporary disk space to store the entire mailbox database and log files.
     

For encrypting file system privileges, the Encrypting file system (EFS) must be enabled in the local or group domain policy, and a valid Domain Data Recovery Agent (DRA) certificate must be available.

To use the mailbox browser for granular restore operations, Exchange digital certificates must be installed and configured.
Tip: With Microsoft Exchange Server 2016 and 2019, the Exchange Server is configured to use Transport Layer Security (TLS) by default. The TLS protocol encrypts communication between internal Exchange servers, and between Exchange services on the local server.


 

Group Policy Object

For the Network security: LAN Manager authentication level policy setting, click Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options and specify one of the following options:

  • Not Defined.
  • Send NTLMv2 response only.
  • Send NTLMv2 response only. Refuse LM.
  • Send NTLMv2 response only. Refuse LM & NTLM.

Important: For vSnap, you must use one of the previous listed security options listed. Other options are not compatible with the vSnap Common Internet file system (CIFS) and the server message block (SMB) protocol versions, and can cause CIFS authentication problems.

Specify the Group Policy Object (GPO) setting by go to: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Incoming NTLM traffic
And also to: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers.
For the NTLM traffic, specify one of the following options:

  • Allow all
  • Allow all accounts



 

Prerequisites and operations

Prerequisites

Ensure that the Software, Connectivity, and Authentication and privileges requirements are met.


 

Operations

Before you start a backup or restore operation, take the following actions:

  • Ensure that the application servers that contain the Exchange Server databases that you want to back up are registered with IBM Spectrum Protect Plus.
  • A service level agreement (SLA) policy is configured.
  • Assign appropriate roles and resource groups to users who are running backup and restore operations. Grant users access to resources and roles by using the Accounts pane.

Review the following information about creating backup and restore jobs:

  • To protect Exchange Server databases, you can define a backup job that runs continuously to create incremental backups. You can also run on-demand backup jobs. Review the information in Backing up Exchange Server databases.
  • IBM Spectrum Protect Plus provides a backup strategy called incremental forever. Rather than scheduling periodic full backup jobs, this backup solution requires only one initial full backup. Afterward, an ongoing sequence of incremental backup jobs occurs. For detailed requirements and restrictions that apply to backup jobs, see section Incremental backups.
  • If data in an Exchange Server database is lost or corrupted, you can restore the data from a backup copy. Use the Restore wizard to set up a restore job schedule or an on-demand restore operation. You can define a job that restores data to the original instance or to an alternative instance. Various recovery options and configurations are available as described in Restoring Exchange Server databases.
  • You can access the Exchange database files by using the instant access restore type and mount the database files from the vSnap volume to an application server.

For an overview about protecting Exchange Server databases with IBM Spectrum Protect Plus, see Protecting Exchange Server.


 

Incremental backups

IBM Spectrum Protect Plus uses update sequence number (USN) change journal technology for incremental backups in a Microsoft Exchange Server environment. The USN change journal provides write range tracking for a volume when the file size meets the minimum file size threshold requirement. Offset and length extent information for the changed bytes be queried against a specific file.

To enable write range tracking, the system environment must meet the following requirements:

  • Windows Server 2012 R2 or later
  • New Technology file system (NTFS) 3.0 or later

The following technologies are not supported for changed bytes tracking:

  • Resilient file system (ReFS)
  • Server message block (SMB) 3.0 protocol
  • SMB transparent failover (TFO)
  • SMB 3.0 with Scale Out file shares
     

By default, 512 MB of space is allocated for USN change journaling. In addition, when journal overflow is detected, the allocated space doubles in size to a maximum of 2 GB.
The minimum space required for shadow copy storage is 100 MB, although more space might be required on systems with increased activity.
A base backup of a file is forced when the following conditions are detected:

  • Journal discontinuity is reported. This issue can occur when the log reaches its maximum size, when journaling is disabled, or when the cataloged USN ID is changed.
  • The file size is less than or equal to the tracking threshold size, which by default is 1 MB.
  • A file is added after a previous backup operation.



 

Ports

The following ports are used by IBM Spectrum Protect Plus agent users.

Table 3. Communication ports when the target is an IBM Spectrum Protect Plus agent
Port Protocol Initiator Target Description
5985 Transmission Control Protocol (TCP) IBM Spectrum Protect Plus server Microsoft Exchange Server Provides access to the Microsoft WinRM service for Windows-based servers
5986 TCP IBM Spectrum Protect Plus server Microsoft Exchange Server Provides access to the Microsoft WinRM service for Windows-based servers


 

Table 4. Communication ports when the initiator is an IBM Spectrum Protect Plus agent user
Port Protocol Initiator Target Description
3260 TCP Microsoft Exchange Server vSnap server Used for Microsoft Internet Small Computer System Interface (iSCSI) data transfer to and from logical unit number's (LUN) mounted from vSnap servers during backup and restore operations.
To enable this function, the Microsoft iSCSI Initiator Service is required on the specified node
443 TCP Microsoft Exchange Server agent IBM Spectrum Protect Plus server Port that allows the agent to communicate with IBM Spectrum Protect Plus to send alerts if log backup failures
 
445 TCP Microsoft Exchange Server agent vSnap server Used for SMB or CIFS data transfer to and from file systems mounted from vSnap servers during transaction log backup and restore operations

Ports update:

  • For Microsoft Exchange Server, port 443 is available in IBM Spectrum Protect Plus 10.1.4 and later.
  • In earlier versions, ports 137, 138, and 139 on the vSnap server were used by application agents that use SMBv1. Beginning with IBM Spectrum Protect Plus 10.1.6, the SMBv1 protocol is not used. All agents use SMBv2 or later, which does not require ports 137, 138, or 139.
     



 

Hardware

Table 5. Minimum hardware requirements
System Disk space Memory
Compatible hardware that is supported by the 64-bit operating system and Microsoft Exchange Server A minimum of 500 MB of disk space is required for product installation.

Extra 600 MB disk space for dump files is required. The default dmp path is in dump-subfolder of agent installation directory, for. For example: C:\Program Files\IBM\IBM Spectrum Protect Plus\tools\dumps.

For granular restore operations: At least 2.1 GB of disk space is required for mandatory Microsoft software, which is installed automatically		 16 GB Random Access Memory (RAM)



 

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"ARM Category":[{"code":"a8m3p000000h9Z4AAI","label":"HW\/SW Requirements"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.1.12"}]

Document Information

Modified date:
26 October 2022

UID

ibm16612997

Page Feedback