IBM Support

Windows file systems backup and restore requirements: IBM Spectrum Protect Plus 10.1.12

Preventive Service Planning


Abstract

This document details the Microsoft® Windows file systems backup and restore requirements for IBM Spectrum Protect Plus 10.1.12.

Content

This document is divided into linked sections. Use the following links to go to the section of the document that you require.



 

General

Beginning with IBM Spectrum Protect Plus 10.1.6, support was added for backing up and restoring Microsoft Windows file systems data.
To read about new and changed features in different versions of IBM Spectrum Protect Plus 10.1, see What's new for IBM Spectrum Protect Plus.

Before you register a client host where the Microsoft Windows file system is located with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.

IBM Spectrum Protect Plus support for third-party operating systems, applications, services, and hardware depend on the respective vendor. If a third-party product or version moves into extended support, self-service support, or end-of-life, IBM Spectrum Protect Plus supports the product or version at the same level as the vendor. See also IBM Support General Guidelines and Limitations - IBM support for software on unsupported operating systems.



 

Configuration

Application versions

Table 1. Coverage matrix for Microsoft Windows file systems supported by IBM Spectrum Protect Plus
IBM Spectrum Protect Plus Microsoft Windows Resilient file system (ReFS) Microsoft New Technology file system (NTFS)
 
10.1.6
10.1.7
10.1.8
10.1.9
10.1.10
10.1.11
10.1.12

Restriction: Even if other Microsoft Windows file systems, such as File Allocation Table (FAT), are detected during the inventory process, these file systems are not protected by IBM Spectrum Protect Plus and cannot be added to back up or restore jobs.


 

Operating systems

Table 2. Coverage matrix for supported Microsoft Windows 64-bit operating systems
IBM Spectrum Protect Plus Microsoft Windows Server 2012 R2*(1) Microsoft Windows Server 2016*(1) Microsoft Windows Server 2019*(1) Microsoft Windows Server 2022*(1)
10.1.6 --
10.1.7 --
10.1.8 --
10.1.9
10.1.10
10.1.11
10.1.12

* The base release and later maintenance levels (64-bit kernel) are supported.
(1) Microsoft Windows Server supported editions: Standard, and Datacenter Editions


 

Browser support

For supported browsers, see the Browser support section in  System requirements: IBM Spectrum Protect Plus 10.1.12.


 

Restrictions

  • IBM Spectrum Protect Plus does not protect file system shares, Microsoft cluster volumes or Microsoft cluster nodes.
  • Microsoft FAT file systems are not supported.
  • Stub files are not supported.
  • Network shares are not valid alternative locations for restore jobs.
  • Only one application server or file server can be assigned per host.
    For example, if a host is registered as a Microsoft Windows file system, you cannot register the same host as a Microsoft SQL Server or a Microsoft Exchange Server.
  • Inventory not detecting all file systems when VM was cloned or created from a template if a file systems agent was installed previously.
  • Alternate data streams are not protected.
  • Sparse files are protected like normal files.
  • Windows share definitions are not protected.
  • If a nondefault local administrator ID is entered as the Guest OS username when you define a backup job, the file cataloging, backup, application point-in-time restores, and other operations that start the Windows agent fail. A nondefault local administrator is any user ID created in the guest operating system and assigned the administrator role.
    This failure occurs if the registry key LocalAccountTokenFilterPolicy in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System is set to 0 or not set. If the parameter is set to 0 or not set, a local nondefault administrator cannot interact with WinRM. WinRM is the protocol that IBM Spectrum Protect Plus uses to install the Windows agent for file cataloging, send commands to this agent, and get results from it.
    Set the LocalAccountTokenFilterPolicy registry key to 1 on the Windows guest that is being backed up with catalog file metadata enabled. If the key does not exist, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and add a DWord Registry key named LocalAccountTokenFilterPolicy with a value of 1.



 

Software

  • A supported version of a Microsoft Windows 64-bit operating system, including the most recent patches and updates, must be installed in your system environment.
  • Anti-virus software can interfere with the operations of IBM Spectrum Protect Plus. Exclude the IBM Spectrum Protect Plus agent folders C:\ProgramData\SPP and C:\Program Files\IBM from anti-virus scans.



 

Connectivity

Ensure that your system environment meets the following connectivity requirements:

  • The network adapter that is used for the connection must be configured as a client for Microsoft Networks.
  • The Microsoft Windows Remote Management (WinRM) service must be running.
  • Firewalls must be configured to enable IBM Spectrum Protect Plus to connect to the server by using WinRM.
  • Firewalls must be configured to enable the IBM Spectrum Protect Plus File Systems File-Level Restore browser to connect to the restore service.
  • The IP address of any client host that you register must be reachable from the IBM Spectrum Protect Plus server and from the vSnap server.
    The Windows file systems agent must have a WinRM service that is listening on the same port as the global preference in IBM Spectrum Protect Plus for WinRM port. This port must be the port 5985 for WinRM by using the HTTP protocol or the port 5986 for WinRM by using the HTTPS protocol.
  • All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
  • If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.



 

Authentication and privileges

Authentication

To register a Windows file system, an IBM Spectrum Protect Plus administrative user must register with the client host where the file systems to be protected are located.

Windows file servers can be registered with an administrative user ID. However, you can register a file server by using a domain user ID, if that user is the domain administrator or a local user with administrator privileges.


 

Privileges

The user ID for registering Windows file servers can be set up with one of the following Windows configurations:

  • For the local system administrator:
    Ensure that Admin Approval Mode is disabled by completing the following steps:
    1. Click the Windows System Control Panel > User Account Control Settings.
    2. Ensure that the Never notify option is enabled.
  • For members of the local administrator group:
    Disable the Admin Approval Mode security policy setting for a user who is a member of the local administrator group by completing the following steps:
    1. Log in as a member of the local administrator group and open the Windows System Local Security Policy window.
    2. From the Security Settings menu, click Local Policies > Security options > User Account Control: Run all administrators in Admin Approval Mode.
    3. Disable the User Account Control: Run all administrators option.
    4. Ensure that your local Administrator group includes the Log on as a Service policy setting.

See also User Account Control Group Policy and registry key settings


 

Group Policy Object

For the Network security: LAN Manager authentication level policy setting, click Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options and specify one of the following options:

  • Not Defined.
  • Send NTLMv2 response only.
  • Send NTLMv2 response only. Refuse LM.
  • Send NTLMv2 response only. Refuse LM & NTLM.

Important: For vSnap, you must use one of the previous listed security options listed. Other options are not compatible with the vSnap Common Internet file system (CIFS) and the Server Message Block (SMB) protocol versions, and can cause CIFS authentication problems.

Specify the Group Policy Object (GPO) setting by going to: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Incoming NTLM traffic
And also to: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers.
For the NTLM traffic, specify one of the following options:

  • Allow all
  • Allow all accounts



 

Prerequisites and operations

Prerequisites

Ensure that the Software, Connectivity, and Authentication and privileges requirements are met.

The following prerequisites must be met before you start protecting your resources. For more information, see Prerequisites for file systems.

  • Before you start backing up data that is stored on the registered file system, ensure that you have enough free disk space on the backup host and in the vSnap repository.
  • If you plan to restore data, allow for extra space. No files are overwritten during the restore process. When files with identical names are found, you can decide whether to retain both copies, or to overwrite data.
  • If the IBM Spectrum Protect Plus file systems agent is running, a self-signed certificate and key are created.  You can enhance the security of a protected file system by creating a certificate and managing its placement.


 

Operations

Before you start a backup or restore operation, take the following actions:

  • Add the file system servers that you want to back up.
  • Configure a service level agreement (SLA) policy.
  • Assign appropriate roles and resource groups to users who are running backup and restore operations. Grant users access to resources and roles by using the Accounts pane.

Review the following information about creating backup and restore jobs:

  • During the initial backup job, IBM Spectrum Protect Plus creates a vSnap volume and CIFS share. During incremental backups jobs, the previously created volume is reused. The IBM Spectrum Protect Plus file system agent mounts the share on the server where the backup job is to be completed, as described in Backing up file system data.
  • To restore file system data from the vSnap repository, define a job that restores data from either the newest backup or an earlier backup copy. You can restore data to the original location or to an alternative location. You can also specify other recovery options, as described in Restoring file system data.

For an overview about protecting Windows file systems with IBM Spectrum Protect Plus, see Protecting Windows file systems.



 

Ports

The following ports are used by IBM Spectrum Protect Plus agent users.

Table 3. Communication ports when the target is an IBM Spectrum Protect Plus agent
Port Protocol Initiator Target Description
5985 Transmission Control Protocol (TCP) IBM Spectrum Protect Plus server Windows file systems Provides access to the Microsoft WinRM service for Windows-based servers
5986 TCP IBM Spectrum Protect Plus server Windows file systems Provides access to the Microsoft WinRM service for Windows-based servers
9085 TCP File Systems File-Level Restore browser Windows file systems The File Systems File-Level Restore browser used during restore operations to connect the user interface and the file server


 

Table 4. Communication ports when the initiator is an IBM Spectrum Protect Plus agent user
Port Protocol Initiator Target Description
443 TCP Windows file systems IBM Spectrum Protect Plus server Port that allows the agent to communicate with IBM Spectrum Protect Plus for making representational state transfer application programming interface (REST API) calls.
445 TCP Windows file systems vSnap server Used for SMB or CIFS data transfer to and from file systems mounted from vSnap servers during backup and restore operations



 

Hardware

Table 5. Minimum hardware requirements
System Disk space Memory
x86_64 based hardware that is compatible with one of the Windows operating system versions that is listed in the Software section A minimum of 500 MB of disk space is required for product installation.

The system also requires 1 GB per 1 million files of available disk space for temporary files at run time in the file system to be protected.		 A minimum of 4 GB RAM and minimum a dual-core processor are required for backup operations.
Note: At least 8 GB RAM and a quad-core processor are required when the SLA includes several volumes.



 

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"ARM Category":[{"code":"a8m3p000000h9Z4AAI","label":"HW\/SW Requirements"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.1.12"}]

Document Information

Modified date:
04 October 2022

UID

ibm16613003

Page Feedback