Preventive Service Planning
Abstract
This document details the backup and restore requirements for hypervisors (Microsoft® Hyper-V and VMware) and for Amazon Elastic Compute Cloud (EC2) instances for IBM Storage Protect Plus 10.1.16.
Content
Note: The product now known as IBM Storage Protect Plus was named IBM Spectrum Protect Plus in levels earlier than 10.1.15. To learn more about the brand change, see IBM Spectrum Protect brand change to IBM Storage Protect.
This document is divided into linked sections. Use the following links to go to the section of the document that you require.
IBM Storage Protect Plus support for third-party operating systems, applications, services, and hardware depend on the respective vendor. If a third-party product or version moves into extended support, self-service support, or end-of-life, IBM Storage Protect Plus supports the product or version at the same level as the vendor. See also IBM Support General Guidelines and Limitations - IBM support for software on unsupported operating systems
| IBM Storage Protect Plus | Microsoft Hyper-V on Windows Server 2016 | Hyper-V Server 2016 | Microsoft Hyper-V on Windows Server 2019 | Hyper-V Server 2019 | Microsoft Hyper-V on Windows Server 2022 |
|---|---|---|---|---|---|
| 10.1.0 | ✔ | ✔ | -- | -- | -- |
| 10.1.1 | ✔ | ✔ | -- | -- | -- |
| 10.1.2 | ✔ | ✔ | -- | -- | -- |
| 10.1.3 | ✔ | ✔ | ✔ | -- | -- |
| 10.1.4 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.5 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.6 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.7 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.8 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.9 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.10 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.11 | ✔ | ✔ | ✔ | ✔ | ✔ |
| 10.1.12 | ✔ | ✔ | ✔ | ✔ | ✔ |
| 10.1.13 | ✔ | ✔ | ✔ | ✔ | ✔ |
| 10.1.14 | ✔ | ✔ | ✔ | ✔ | ✔ |
| 10.1.15 | ✔ | ✔ | ✔ | ✔ | ✔ |
| 10.1.16 | ✔ | ✔ | ✔ | ✔ | ✔ |
Beginning with IBM Spectrum Protect Plus 10.1.5, you can protect virtual machines (VMs) that are enabled to use the Hyper-V replica feature. Depending on your Hyper-V environment, you might be required to update some service level agreement (SLA) policies when you update your system environment to IBM Spectrum Protect Plus 10.1.5 or later levels. For more information, see Additional steps for updating virtual machines in Hyper-V replica environments.
- Windows file indexing and file restore operations on volumes that are staying on dynamic disks are not supported.
- For Hyper-V data, backup and restore operations are supported only for virtual hard disks (VHDX).
- File indexing and file restore operations are not supported from restore points that were copied to cloud resources or repository servers.
- For file indexing and file restore operations in a Hyper-V environment:
- Only volumes on SCSI disks are eligible for file cataloging and file restore operations
- Integrated Drive Electronics (IDE) disks are not supported.
- If a nondefault local administrator ID is entered as the Guest OS username when you define a backup job, the file cataloging, backup, application point-in-time restores, and other operations that start the Windows agent fail. A nondefault local administrator is any user ID created in the guest operating system and assigned the administrator role.
- Virtual hard disks (VHDX) exclusion for Hyper-V is available by using Hyper-V Server 2019 and later only.
- Transport encryption feature is not supported on Hyper-V environments.
- If the VMware user has a non-ASCII character in the password, clone restores fail.
Ensure that the newest Hyper-V integration services are installed:
- Ensure that the 64-bit Microsoft Visual C++ 2008 SP1 Redistributable Package or later 64-bit Microsoft Visual C++ Redistributable Package is installed on the VM guest machine before you start to restore operation from a backup image.
- For Microsoft Windows environments, see Supported Windows guest operating systems for Hyper-V on Windows Server
- For Linux® environments, see Supported Linux and FreeBSD virtual machines for Hyper-V on Windows
Ensure that the following connectivity requirements are met:
- The network adapter that is used for the connection must be configured as a client for Microsoft Networks.
- The Microsoft Windows Remote Management (WinRM) service must be running.
- Firewalls must be configured to enable IBM Storage Protect Plus to connect to the server by using WinRM.
- The IP address of the machine that you register must be reachable from the IBM Storage Protect Plus server and from the vSnap server. The Hyper-V server must have a WinRM service that is listening on the port specified during registration. This port must be the port 5985 for WinRM by using the HTTP protocol or the port 5986 for WinRM by using the HTTPS protocol.
- All servers, proxies, applications, and hypervisors that are added to the IBM Storage Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
- If DNS names are used, they must be resolvable over the network by the IBM Storage Protect Plus server and the vSnap server. All IBM Storage Protect Plus components must also be resolvable by their DNS names. If the Hyper-V server is part of a cluster, all nodes in the cluster must be resolvable by DNS.
- If DNS is not available, you must add the server to the /etc/hosts file on the IBM Storage Protect Plus server by using the command line. If more than one Hyper-V server is set up in a cluster environment, you must add all of the servers to the /etc/hosts file.
- When you are registering the cluster in IBM Storage Protect Plus, register the Failover Cluster Manager.
- Ensure that the Microsoft iSCSI Initiator Service is running on all Hyper-V servers, including cluster nodes. In the Services window, set the startup type for the Microsoft iSCSI Initiator Service to Automatic so that the service is available when the Hyper-V server or cluster node starts.
- Troubleshooting tip: If the IP address of the vSnap server is changed after an initial Hyper-V base backup is created, the target iSCSI qualified name (IQN) of the Hyper-V resource might be left in a bad state. To correct this issue, from the Microsoft iSCSI Initiator tool, click the Discovery tab. Select the old IP address, then click Remove. Click the Target tab and disconnect the reconnecting session.
-
If you use HTTPS with port 5986, the key length of the certificate on the Hyper-V host must be greater or equal 2048 bits.
Ensure that the Software and Connectivity requirements are met.
Before you start a backup or restore operation, ensure that your system meets the following requirements:
- Register the providers that you want to back up. For instructions, see Adding a Hyper-V server.
- A service level agreement (SLA) policy is configured.
- Assign appropriate roles and resource groups to users who plan to run backup and restore operations. Grant users access to resources and roles by using the Accounts pane. Add the user to the local administrator group on the Hyper-V server.
Review the following information about creating backup and restore jobs:
- Use a backup job to back up Hyper-V data with snapshots. For instructions, see Backing up Hyper-V data.
- Hyper-V restore jobs support Instant VM Restore and Instant Disk Restore scenarios, which are created automatically based on the selected source. For instructions, see Restoring Hyper-V data.
| IBM Storage Protect Plus | VMware vSphere 6.0* | VMware vSphere 6.5* | VMware vSphere 6.7* | VMware vSphere 7.0* | VMware vSphere 8.0* |
|---|---|---|---|---|---|
| 10.1.0 | ✔ | ✔ | -- | -- | -- |
| 10.1.1 | ✔ | ✔ | -- | -- | -- |
| 10.1.2 | ✔ | ✔ | ✔ | -- | -- |
| 10.1.3 | ✔ | ✔ | ✔ | -- | -- |
| 10.1.4 | ✔ | ✔ | ✔ | -- | -- |
| 10.1.5 | ✔ | ✔ | ✔ | -- | -- |
| 10.1.6 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.7 | ✔ | ✔ | ✔ | ✔ | -- |
| 10.1.8 | --(1) | ✔ | ✔ | ✔ | -- |
| 10.1.9 | -- | ✔ | ✔ | ✔ | -- |
| 10.1.10 | -- | ✔ | ✔ | ✔ | -- |
| 10.1.11 | -- | ✔ | ✔ | ✔ | -- |
| 10.1.12 | -- | ✔ | ✔ | ✔ | -- |
| 10.1.13(2) | -- | ✔ | ✔ | ✔ | ✔ |
| 10.1.14 | -- | ✔ | ✔ | ✔ | ✔ |
| 10.1.15 | -- | ✔ | ✔ | ✔ | ✔ |
| 10.1.16 | -- | ✔ | ✔ | ✔ | ✔ |
*The base level and later updates and patch levels are supported.
(1)Beginning with IBM Spectrum Protect Plus 10.1.8, VMware VDDK 7.0 is included. This VDDK level does not support vSphere 6.0.
(2) Beginning with IBM Spectrum Protect Plus 10.1.13, transport encryption feature is supported.
Review the following information about supported functions:
- Backing up and restoring encrypted VMs is supported by vSphere 6.5 and later.
- IBM Storage Protect Plus supports VMware VM tags.
- IBM Spectrum Protect Plus 10.1.5 and later protects VMs that are managed by a VMware Cloud (VMC) on an Amazon Web Services (AWS) Software-Defined Data Center (SDDC). For more information, see IBM Spectrum Protect Plus for VMware Cloud on AWS.
- Restored VM templates cannot be powered on after the recovery of a VM.
- Secure Shell (SSH) keys are not a valid authorization mechanism for Windows platforms.
- Physical raw device-mapping (pRDM) volumes do not support snapshots. VMs that contain one or more raw device-mapping (RDM) volumes that are provisioned in pRDM mode are backed up. However, the pRDM volumes are not processed as part of the VM backup operation.
- If a nondefault local administrator ID is entered as the Guest OS username when you define a backup job, the file cataloging, backup, point-in-time restores, and other operations that start the Windows agent fail. A nondefault local administrator is any user ID created in the guest operating system and assigned the administrator role.
- Windows file indexing and file restore operations on volumes that are staying on dynamic disks are not supported.
- Ensure that the most recent version of VMware Tools is installed on VMware VMs.
- Ensure that the 64-bit Microsoft Visual C++ 2008 SP1 Redistributable Package or later 64-bit Microsoft Visual C++ Redistributable Package is installed on the VM guest machine before you start restore operation from a backup image.
- Linux users: Before you enable transport encryption, ensure that the cifs-utils package is installed on the VADP proxy.
For VMware hypervisor connectivity requirements, see System requirements: IBM Storage Protect Plus 10.1.16.
If you attempt to set a static IP for a Linux VM by using NetworkManager, the device configuration must be in /etc/NetworkManager/system-connections or an appropriate plug-in must be installed and enabled.
vCenter Server privileges are required for the VMs that are associated with a VMware provider. These privileges are included in the vCenter Administrator role.
If the user that is associated with the provider is not assigned to the Administrator role for an inventory object, then the user must be assigned to a role that has the required privileges, as described in virtual machine privileges.
Ensure that the Software, Connectivity, and Privileges requirements are met.
When you back up the VMware data, the VADP reads the data from the data store and sends it to vSnap. With transport encryption, you can securely transfer data between the vSnap and a remote VADP. The transport encryption option is not enabled by default. For more information about how to enable transport encryption on VMware to protect VMware data, see Enabling transport encryption for VMware data.
Before you start a backup or restore operation, ensure that your system meets the following requirements:
- Register the providers that you want to back up. For instructions, see Adding a vCenter Server instance.
- A service level agreement (SLA) policy is configured.
- Assign appropriate roles and resource groups to users who plan to run backup and restore operations. Grant users access to resources and roles by using the Accounts pane.
Review the following information about creating backup and restore jobs:
- Use a backup job to back up VMware resources such as VMs, datastores, folders, vApps, and data centers with snapshots. For instructions, see Backing up VMware data.
- In IBM Storage Protect Plus, you can create proxies to run VMware backup jobs by using vStorage API for Data Protection (VADP) in Linux environments. The proxies reduce demand on system resources by enabling load sharing and load balancing. For instructions, see Managing VADP backup proxies.
- VMware restore jobs support Instant VM Restore and Instant Disk Restore scenarios, which are created automatically based on the selected source. For instructions about creating VMware restore jobs, see Restoring VMware data.
EC2 data's are stored in Amazon Web Services (AWS) Elastic Block Store (EBS) snapshots rather than the vSnap server. IBM Storage Protect Plus manages these snapshots for backup and restore operations.
- To protect Amazon EC2 data, first add an account for your EC2 instances in IBM Storage Protect Plus, and then create jobs for backup and restore operations for those instances.
- To add an EC2 account to IBM Storage Protect Plus, access keys are required. Access keys are long-term credentials for an Identity and Access Management (IAM) user or the Amazon Web Services (AWS) account root user.
- For more information about how to create an IAM user with access keys and the permissions that are required for IBM Storage Protect Plus, see Creating an AWS IAM user.
- For increased security, do not use the AWS account root user for IBM Storage Protect Plus. For more information about the root user, see the AWS Identity and Access Management User Guide
- For Amazon EC2 workloads, the IBM Storage Protect Plus hostname must consist of only lowercase and alphanumeric characters.
Before you start a backup or restore operation, ensure that your system meets the following requirements:
- When an Amazon EC2 account is added to IBM Storage Protect Plus, an inventory of the instances that are associated with the account is captured. For more information, see Adding an Amazon EC2 account.
- Ensure that one or more SLA policies are configured for the EC2 instances. For instructions, see Creating an SLA policy for Amazon EC2 instances.
- Assign appropriate roles and resource groups to users who plan to run backup and restore operations. Grant users access to resources and roles by using the Accounts pane.
Review the following information about creating backup and restore jobs:
- You can use a backup job to back up data in an Amazon EC2 instance. For instructions, see Backing up Amazon EC2 data.
- You can use a restore job to restore EC2 data from a backup copy. You can restore data to the original availability zone or to a different availability zone in the same region, with different types of recovery options and configurations. For instructions, see Restoring Amazon EC2 data.
The following ports are used by IBM Storage Protect Plus hypervisors.
| Port | Protocol | Initiator | Target | Description |
|---|---|---|---|---|
| 443 | Transmission Control Protocol (TCP) | IBM Storage Protect Plus server | Hypervisor: VMware ESXi host and vCenter | Provides access to ESXi and vCenter for managing operations. |
| 443 | TCP | VADP proxy host | Hypervisor: VMware ESXi host | Provides access to ESXi and vCenter for managing operations. |
| 443 | TCP | IBM Storage Protect Plus server | Hypervisor: Amazon EC2 | Provides access to AWS for managing operations. |
| 902 | TCP | IBM Storage Protect Plus server | Hypervisor: VMware ESXi host | Used for the Network File Copy (NFC) protocol, which provides a file-type-aware File Transfer Protocol (FTP) service for vSphere components. By default, ESXi uses NFC for operations such as copying and moving data between datastores. |
| 902 | TCP | VADP proxy host | Hypervisor: VMware ESXi host | Used for the Network File Copy (NFC) protocol, which provides a file-type-aware File Transfer Protocol (FTP) service for vSphere components. |
| 5985 | TCP | IBM Storage Protect Plus server | Hypervisor: Microsoft Hyper-V | Provides access to the Microsoft WinRM service for Windows-based servers. |
| 5986 | TCP | IBM Storage Protect Plus server | Hypervisor: Microsoft Hyper-V | Provides access to the Microsoft WinRM service for Windows-based servers. |
| Port | Protocol | Initiator | Target | Description |
|---|---|---|---|---|
| 22 | TCP | Hypervisor | vSnap server | Provides access for troubleshooting and maintenance tasks on vSnap servers by using SSH protocol. |
| 111 | TCP and User Datagram Protocol (UDP) | Hypervisor: VMware ESXi host | vSnap server | Used for Network File System (NFS) file sharing by the vSnap server. |
| 2049 | TCP and UDP | Hypervisor: VMware ESXi host | vSnap server | Used for NFS file sharing by the vSnap server. |
| 3260 | TCP | Hypervisor: Microsoft Hyper-V | vSnap server | Used for internet Small Computer System Interface (iSCSI) data transfer by vSnap servers. |
| 20048 | TCP and UDP | Hypervisor: VMware ESXi host | vSnap server | Used for NFS file sharing by the vSnap server. |
Related Information
Product Synonym
IBM Spectrum Protect Plus;
Was this topic helpful?
Document Information
Modified date:
31 January 2024
UID
ibm17107764