IBM Support

System requirements: IBM Spectrum Protect™ Plus V10.1.4

Preventive Service Planning


Abstract

This document details the system requirements for installing IBM Spectrum Protect™ Plus Version 10.1.4.

Content

This document is divided into linked sections for ease of navigation. Use the links below to jump to the section of the document that you require.


General

Ensure that you have the required system configuration and browser to deploy and run IBM Spectrum Protect™ Plus.

IBM Spectrum Protect Plus support for third-party platforms, applications, services, and hardware is dependent on the third-party vendors. When a third-party vendor product or version enters extended support, self-serve support, or end-of-life, IBM Spectrum Protect Plus will support the product or version at the same level.
 


Virtual machine installation

IBM Spectrum Protect Plus is installed as a virtual appliance. Before you deploy IBM Spectrum Protect Plus to the host, ensure that one of the following requirements are in place:

  • vSphere 5.5, 6.0, 6.5, or 6.7
  • Microsoft Hyper-V 2016 or Microsoft Hyper-V 2019

For initial deployment, configure your virtual appliance to meet the following minimum requirements:

  • 64-bit 8-core machine
  • 48 GB memory
  • 536 GB disk storage for virtual machine

Use an NTP server to synchronize the time zones across IBM Spectrum Protect Plus resources in your environment, such as the IBM Spectrum Protect Plus appliance, storage arrays, hypervisors and application servers. If the clocks on the various systems are significantly out of sync, you might experience errors during application registration, metadata cataloging, inventory, backup, or restore/file restore jobs. For more information about identifying and resolving timer drift, see the following VMware knowledge base article: Time in virtual machine drifts due to hardware timer drift


Browser support

Run IBM Spectrum Protect Plus from a computer that has access to the installed virtual appliance.
IBM Spectrum Protect Plus was tested and certified against the following web browsers. 

  • Firefox 55.0.3 and later
  • Google Chrome 60.0.3112 and later
  • Microsoft Edge 40.15063/Microsoft EdgeHTML 15.15063 and later

If your screen resolution is lower than 1024 x 768, some items might not fit in the window. Pop-up windows must be enabled in your browser to access the help system and some IBM Spectrum Protect Plus operations.


IBM Spectrum Protect requirements

If you plan to use IBM Spectrum Protect as a repository server for cloud offload operations, ensure that you are using IBM Spectrum Protect Version 8.1.8.


IBM Spectrum Protect Plus ports

The following ports are used by IBM Spectrum Protect Plus and associated services. Ports that are indicated with "Accept" in the Firewall Rule column use secure connections (HTTPS or SSL).

Note: In IBM Spectrum Protect Plus v10.1.3, port 9090 was used for online help. Starting with v10.1.4, this port is no longer required for online help. No further action is required.

Table 1. Incoming firewall connections (IBM Spectrum Protect Plus appliance)
IBM Spectrum Protect Plus
Port Protocol Firewall Rule Service Description
22 TCP Accept OpenSSH 5.3
(protocol 2.0)
Used for troubleshooting IBM Spectrum Protect Plus
443 TCP Accept A microservice running a reverse-proxy Main entry point for the client connections (SSL).
Note: This port is also used for REST API queries.
5671 TCP, AMQP Accept RabbitMQ Message framework used to manage messages produced and consumed by the VADP proxy and VMware job management workers. Also facilitates job log management.
8090 TCP Accept Administrative Console Framework (ACF) Extensible framework for system administration functions. Supports plugins that run operations such as system updates and catalog backup or restore operations
8761 TCP Accept Discovery Server Automatically discovers VADP proxies and is used by IBM Spectrum Protect Plus VM backup operations
Onboard vSnap server
Port Protocol Firewall Rule Service Description
111 TCP Accept RPC Port Bind Allows clients to discover ports that Open Network Computing (ONC) clients require to communicate with ONC servers (internal)
2049 TCP Accept NFS Used for NFS data transfer to and from vSnap (internal)
3260 TCP Accept iSCSI Used for iSCSI data transfer to and from vSnap (internal)
20048 TCP Accept NFS Used for NFS data transfer to and from vSnap (internal)



 

Table 2. Outgoing firewall connections (IBM Spectrum Protect Plus appliance)
Port Protocol Service Description
22 TCP OpenSSH 5.3 (protocol 2.0) Used for SSH communications to remote servers running guest applications components
25 TCP SMTP Email service
389 TCP LDAP Active directory services
443 TCP VMware ESXi Host ESXi host port for managing operations
443 TCP VMware vCenter Client connections to vCenter
636 TCP LDAP Active directory services (SSL)
902 TCP VMware NFC service Network File Copy (NFC) provides a file-type-aware FTP service for vSphere components. By default, ESXi uses NFC for operations such as copying and moving data between datastores
5985 TCP Windows Remote Management (WinRM) Hyper-V and guest applications client connections
8098 TCP VADP Proxy Virtual machine data protection proxy
8900 TCP vSnap OVA/Installer version of the intelligent storage framework used as a target for data protection operations


 


vSnap server requirements

A vSnap server is the primary backup destination for IBM Spectrum Protect Plus. . In either a VMware or Hyper-V environment, one vSnap server with the name localhost is automatically installed at the time that the IBM Spectrum Protect Plus appliance is initially deployed. In larger backup enterprise environments, additional vSnap servers might be required.

Allocate memory based on backup capacity for more efficient deduplication. For more information and sizing guidance, see the IBM Spectrum Protect Plus Blueprints

For initial deployment, ensure that your virtual machine or physical Linux machine meets the following minimum requirements:

  • 64-bit 8-core machine
  • 32 GB memory
  • 16 GB free space on the root file system
  • 128 GB free space in a separate file system mounted at /opt/vsnap-data

The Linux Network Management service must be installed and running.

Optionally, an SSD improves backup and restore performance.

  • To improve backup performance, configure the pool to use one or more log devices backed by SSD. Specify at least two log devices to create a mirrored log for better redundancy.
  • To improve restore performance, configure the pool to use a cache device backed by SSD.


vSnap server virtual machine installation requirements

Before deploying the vSnap server to the host, ensure that one of the following requirements are in place:

  • vSphere 5.5, 6.0, 6.5, or 6.7
  • Microsoft Hyper-V 2016 or Microsoft Hyper-V 2019


vSnap server physical installation requirements

Beginning with V10.1.3 IBM Spectrum Protect Plus provides new functionality that requires the kernel levels supported in RHEL 7.5 and CentOS 7.5. If you must use operating systems earlier than RHEL 7.5 and CentOS 7.5, use IBM Spectrum Protect Plus V10.1.2 for physical vSnap V10.1.2 installations.

The following Linux operating systems are supported for IBM® Spectrum Protect Plus V10.1.4 physical vSnap server installations:

  • CentOS 7.1804 (7.5) (x86_64)
  • CentOS 7.1810 (7.6) (x86_64)
  • Red Hat Enterprise Linux 7.5 (x86_64)
  • Red Hat Enterprise Linux 7.6 (x86_64)

If you are using the following operating systems, use IBM Spectrum Protect Plus V10.1.2 for physical vSnap server V10.1.2 installations:

  • CentOS Linux 7.3.1611 (x86_64)
  • CentOS Linux 7.4.1708 (x86_64)
  • Red Hat Enterprise Linux 7.3 (x86_64)
  • Red Hat Enterprise Linux 7.4 (x86_64)


vSnap server ports

The following ports are used by vSnap servers. Ports that are indicated with "Accept" in the Firewall Rule column use secure connections (HTTPS or SSL).

Table 3. Incoming vSnap server firewall connections
Port Protocol Firewall Rule Service Description
22 TCP Accept SSH Used for troubleshooting vSnap servers
111 TCP Accept RPC Port Bind Allows clients to discover ports that ONC clients require to communicate with ONC servers (internal)
137 UDP Accept SMB/CIFS Used for SMB or CIFS data transfer to and from vSnap servers (internal)
138 UDP Accept SMB/CIFS Used for SMB or CIFS data transfer to and from vSnap servers (internal)
139 TCP Accept SMB/CIFS Used for SMB or CIFS data transfer to and from vSnap servers (internal)
445 TCP Accept SMB/CIFS Used for SMB or CIFS data transfer to and from vSnap servers (internal)
2049 TCP Accept NFS Used for NFS data transfer to and from vSnap servers (internal)
3260 TCP Accept iSCSI Used for iSCSI data transfer to and from vSnap servers (internal)
8900 TCP Accept HTTPS vSnap server REST APIs
20048 TCP Accept NFS Used for NFS data transfer to and from vSnap servers (internal)


 


VADP proxy requirements

In IBM Spectrum Protect Plus, running virtual machine backup jobs through VADP can be taxing on system resources. By creating VADP backup job proxies, you enable load sharing and load balancing for your IBM Spectrum Protect Plus backup jobs. If proxies exist, the entire processing load is shifted from the IBM Spectrum Protect Plus appliance onto the proxies.
This feature has been tested only for SUSE Linux Enterprise Server and Red Hat environments. The feature supported only in 64-bit quad core or higher configurations with a minimum kernel of 2.6.32.

VADP proxies support the following VMware transport modes: File, SAN, HotAdd, NBDSSL, and NBD. For more information about VMware transport modes, see: Virtual Disk Transport Methods

This feature is supported only in 64-bit quad core or higher configurations in the following Linux environments:

  • CentOS Linux 6.5 and later maintenance and modification levels (beginning with 10.1.1 patch 1)
  • CentOS Linux 7.0 and later maintenance and modification levels (beginning with 10.1.1 patch 1)
  • Red Hat Enterprise Linux 6, Fix pack 4 and later maintenance and modification levels
  • Red Hat Enterprise Linux 7 and later maintenance and modification levels
  • SUSE Linux Enterprise Server 12 and later maintenance and modification levels

For more information and sizing guidance, see the IBM Spectrum Protect Plus Blueprints

For initial deployment of a VADP proxy server, ensure that your Linux machine meets the following minimum requirements:

  • 64-bit quad core processor
  • 8 GB RAM required, 16 GB preferred
  • 60 GB free disk space

The increase of used CPUs and concurrency on the VADP proxy server requires the memory that is allocated on the proxy server  to be increased accordingly.
The proxy must be able to mount NFS file systems, which in many cases requires an NFS client package to be installed. The exact package details vary based on the distribution.
Each proxy must have a fully qualified domain name and must be able to resolve and reach the vCenter. vSnap servers must be reachable from the proxy.
Port 8098 on the VADP proxy server must be open when the proxy server firewall is enabled.


VADP Proxy ports

The following ports are used by VADP proxies. Ports that are indicated with "Accept" in the Firewall Rule column use secure connections (HTTPS or SSL).

Table 4. Incoming VADP proxy firewall connections
Port Protocol Firewall Rule Service Description
22 TCP Accept SSH Port 22 is used to push the VADP Proxy to the host node.
8098 TCP Accept VADP Default port for TLS-based REST API communications between the IBM Spectrum Protect Plus server and the VADP proxy.

Table 5. Outgoing VADP proxy firewall connections
Port Protocol Service Description
111 TCP vSnap RPC Port Bind Allows clients to discover ports that ONC clients require to communicate with ONC servers (internal)
443 TCP VMware ESXi Host/vCenter Client connections to vCenter.
902 TCP VMware ESXi Host Network File Copy (NFC) provides a file-type-aware FTP service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default.
2049 TCP vSnap NFS Used for NFS file sharing via vSnap server.
5671 TCP RabbitMQ Message framework used to manage messages produced and consumed by the VADP proxy and VMware job management workers. Also facilitates job log.
8761 TCP Discovery Server Automatically discovers VADP proxies and is used by IBM Spectrum Protect Plus VM backup operations.
20048 TCP vSnap mount Mounts vSnap file systems on clients such as the VADP proxy, application servers, and virtualization data stores.

Tip: VADP proxies can be pushed and installed to Linux-based servers over SSH port 22.

If the firewall command script is not available on your system, edit the firewall manually to add necessary ports, and restart the firewall. More information on editing firewall rules can be found here: Editing firewall ports


VADP proxy on vSnap server requirements

VADP proxies can be installed on vSnap servers in your IBM Spectrum Protect Plus environment. A combination VADP proxy/vSnap server must meet the minimum requirements of both devices. Consult the system requirements of both devices and add the core and RAM requirements together to identify the minimum requirements of the combination VADP proxy/vSnap server.
Ensure that your combination VADP proxy/vSnap server meets the following recommended minimum requirements, which is the sum of the requirements for each device.

VADP proxy installed on a virtual vSnap server:

  • 64-bit 8-core processor
  • 48 GB RAM

All required VADP proxy and vSnap server ports must be open on the combination VADP proxy/vSnap server. Review the VADP proxy and vSnap ports sections of the system requirements for more information.
 


Cloud requirements

To offload data to cloud storage, ensure that your IBM Spectrum Protect Plus and cloud environments meet the following requirements.


Disk cache area

For all functionality related to offloading as well as restoring to and from cloud and archival targets, the vSnap server requires a disk cache area to be present on the vSnap server.

  • During offload operations, this cache is used as a temporary staging area for objects that are pending upload to the cloud endpoint.
  • During restore operations, the disk cache area is used to cache downloaded objects as well as to store any temporary data that may be written into the restore volume.

For instructions about sizing and installing the cache see Cloud offload configuration or IBM Spectrum Protect Plus Blueprints


Multipath requirements

During copy operations to object storage, IBM Spectrum Protect Plus attaches and detaches virtual cloud devices on vSnap servers. If multipath is enabled on the vSnap server using dm-multipath, it can interfere with the copy operation. To avoid this, the virtual cloud devices must be excluded from the multipath configuration. Modify the multipath configuration file and specify a rule to exclude devices whose vendor matches "LIO-ORG". For instructions and examples, go to the Red Hat Customer Portal and see the DM Multipath documentation


Certificate requirements

  1. Self-signed certificates
    If the cloud endpoint or repository server uses a self-signed certificate, the certificate must be specified (in Privacy Enhanced Mail (PEM) format) while registering the cloud or repository server in the IBM Spectrum Protect Plus user interface.
  2. Certificates signed by private Certificate Authority
    If the cloud endpoint or repository server uses a certificate signed by a private Certificate Authority (CA), the endpoint certificate must be specified (in PEM format) when you register the cloud or repository server in the IBM Spectrum Protect Plus user interface.
    In addition, the root/intermediate certificate of the private CA must be added to the system certificate store in each vSnap server using the following procedure:
    1. Log in to the vSnap server console as the "serveradmin" user and upload any private CA
      certificates (in PEM format) to a temporary location.

    2. Copy each certificate file to the system certificate store directory (/etc/pki/ca trust/source/anchors/) by running the following command:

      $ sudo cp /tmp/private-ca-cert.pem /etc/pki/ca-trust/source/anchors/

    3. To incorporate the newly added custom certificate and update the system certificate bundle, run the following command:

      $ sudo update-ca-trust
  3. Certificates signed by public Certificate Authority
    If the cloud endpoint uses a public CA-signed certificate, no special action is needed. vSnap server will validate the certificate by using the default system certificate store.
     


Network requirements

The following ports are used for communication between vSnap servers and cloud or repository server endpoints.

Table 6. Outgoing vSnap server firewall connections
Port Protocol Service Description
443 TCP HTTPS Allows vSnap to communicate with Amazon S3, Microsoft Azure, or IBM Cloud Object Storage endpoints
9000 TCP HTTPS Allows vSnap to communicate with IBM Spectrum Protect (repository server) endpoints


Any firewalls or network proxies that perform SSL Interception or Deep Packet Inspection for traffic between vSnap servers and cloud endpoints might interfere with SSL certificate validation on vSnap servers. This interference can also cause cloud offload job failures. To prevent this interference, the vSnap servers must be exempted from SSL interception and inspection in the firewall or proxy configuration.
 


Cloud provider requirements for offload and archive operations

Native lifecycle management is not supported. IBM Spectrum Protect Plus manages the lifecycle of uploaded objects automatically using an incremental-forever approach where older objects can still be used by newer snapshots. Automatic or manual expiration of objects outside of IBM Spectrum Protect Plus will lead to data corruption.
If the cloud provider uses an SSL certificate that is self-signed or signed by a private Certificate Authority, see Certificate requirements.

  • Amazon S3 cloud requirements

    • Offload: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket in one of the supported storage tiers must be specified: S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access.
    • Archive: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket in one of the supported storage tiers must be specified: S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access.  IBM Spectrum Protect Plus will directly upload data files to the Glacier tier.  Some small metadata files will be stored in the default tier for the bucket.  A copy of these metadata files is also placed into the Glacier tier for disaster recovery purposes.
       
  • IBM Cloud Object Storage requirements

    • Offload: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket must be specified. If the specified bucket has a WORM policy that locks objects for a certain time period, IBM Spectrum Protect Plus automatically detects the configuration and deletes snapshots after the WORM policy removes the lock.
    • Archive: When the cloud provider is registered in IBM Spectrum Protect Plus, an existing bucket must be specified. If the specified bucket has a WORM policy that locks objects for a certain time period, IBM Spectrum Protect Plus automatically detects the configuration and deletes snapshots after the WORM policy removes the lock. IBM Spectrum Protect Plus creates a single lifecycle management rule on the bucket to migrate data files to the archive tier.
       
  • Microsoft Azure requirements

    • Offload: When the cloud provider is registered in IBM Spectrum Protect Plus, a an existing container in a hot or cool storage account must be specified.
    • Archive: When the cloud provider is registered in IBM Spectrum Protect Plus, a an existing container in a hot or cool storage account must be specified. IBM Spectrum Protect Plus moves files between tiers on demand.  Data files will be immediately moved to the archive tier and temporarily returned to the hot tier only during a restore operations.  Some small metadata files will be stored in the default tier for the container.  A copy of these metadata files is also placed in the archive tier for disaster recovery purposes.
       
  • IBM Spectrum Protect (repository server) requirements

    • Offload: When the cloud provider  is registered in IBM Spectrum Protect Plus, you cannot use an existing bucket. IBM Spectrum Protect Plus creates a uniquely named bucket for its own use.
    • Archive: When the cloud provider  is registered in IBM Spectrum Protect Plus, you cannot use an existing bucket.  IBM Spectrum Protect Plus creates a uniquely named bucket for its own use. IBM Spectrum Protect Plus will directly upload data files to IBM Spectrum Protect tape storage.  Some small metadata files will be stored in IBM Spectrum Protect object storage.  A copy of these metadata files is also placed on IBM Spectrum Protect tape storage for disaster recovery purposes.
Table 7. Offload and archive requirements for cloud providers
Operation Provider Requirements
Offload Amazon S3 An existing bucket must be specified from one of the supported storage tiers.
Offload IBM Cloud Storage An existing bucket must be specified.
Offload Microsoft Azure An existing container must be specified from hot or cool storage tier.
Offload IBM Spectrum Protect IBM Spectrum Protect Plus creates its own unique bucket.
Archive Amazon S3 Allows vSnap to communicate with IBM Spectrum Protect (repository server) endpoints.
Archive IBM Cloud Storage An existing bucket must be specified from the archive tier.
Archive Microsoft Azure An existing container must be specified from the hot storage tier and archive tier.
Archive IBM Spectrum Protect IBM Spectrum Protect Plus creates its own unique bucket to be copied to IBM Spectrum Protect tape.

For quick-start information to help you to set up and offload data to specific cloud providers, see: Data offload to cloud object storage with IBM Spectrum Protect Plus

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"10.1.4","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
01 July 2021

UID

ibm10881558