Unit 3: Data protection for virtual

machines

© Copyright IBM Corporation 2019

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Unit objectives
When you complete this unit, you can perform the following tasks:
• Register VMware and Hyper-V systems to be protected
• Work with options to optimize virtual machine backups
• Create and schedule backup jobs for VMware and Hyper-V
• Create restore jobs for VMware and Hyper-V
• Run and monitor jobs and access relevant log files

2 © Copyright IBM Corporation 2019

Topics
• Lesson 1: VMware backup and restore
• Lesson 2: Hyper-V backup and restore

3 © Copyright IBM Corporation 2019

Lesson 1: VMware backup and
restore

4 © Copyright IBM Corporation 2019

Virtual machine backup introduction
• In order to protect virtual machines you must register or add the provider
(hypervisor)
 A provider is a server that hosts objects and attributes

• Run an inventory job to catalog information about the protected

environment
• Create backup and restore job definitions
 This includes setting up the SLA Policy with the job schedule and retention
• While the steps are generally the same for any provider, there are
some differences that include but are not limited to:
 System requirements
 Permissions needed to access the protected system
 Ports
 Options available for backup/snapshot and restore

5 © Copyright IBM Corporation 2019

Add a VMware provider
• To add a VMware vCenter server:
• Expand Manage Protection > VMware
 Select Manage vCenter
 Click the +Add vCenter button to open the properties and
add the following information:
− Hostname/IP
− Use existing user
− Username
− Password
− Port (default for SSL is port 443)
 Using SSL is optional
• Always verify prerequisites including permissions and
ports
 https://www-
01.ibm.com/support/docview.wss?uid=ibm10881566
 https://www.ibm.com/support/knowledgecenter/en/SSNQF
Q_10.1.4/spp/r_spp_vm_privs.html

6 © Copyright IBM Corporation 2019

Options
• Options
 Max number of VMs to process concurrently
per ESX server (default is 3)
 Click Save
− IBM Spectrum Protect Plus validates the
connection to the provider at this point

7 © Copyright IBM Corporation 2019

Inventory
• As you add each provider, an inventory is automatically run to add that new system to the catalog.
• You can run inventory manually at any time by selecting Run Inventory from the backup menu.
• Specific to VMware:
 VMware tags are supported in IBM Spectrum Protect Plus.
 Tags are applied in vSphere and are then picked up by the inventory job.
 Tags allow users to assign meta data to virtual machines and can be viewed through the View > Tags and
Categories filter when you create a job definition.
• You can view active Inventory jobs through the Jobs and Operations page. Select the Running Jobs tab, and
then the Inventory link.

8 © Copyright IBM Corporation 2019

Live inventory of VMs
• If virtual machines are added after the VM Inventory
has run, they are not processed for backup because
they have not been inventoried yet.
• There is an option available that lets you run an
inventory job and capture the latest data of the
selected resources before starting the backup job.
• Hypervisors > VMware or Hyper-V > Policy Options
• From here you can also exclude resources or force a
full backup of resources, which creates a new full
base backup.
VMware backup source selection
• Datastores, folders, sub-folders or virtual
machines can be selected as source for
backup by applying an SLA Policy
 Snapshot backups are done at the block-
level
− First backup is a full
− All subsequent backups are incremental
 All snapshots are instantly mountable for
restore operations

10 © Copyright IBM Corporation 2019

VMware backup selection using tagging
• Virtual Machine Tags can also be used as a filter when
creating backup jobs in IBM Spectrum Protect Plus.
• Tagging makes objects more sortable and searchable.
• VM Tags are applied in vSphere, and picked up by the
IBM Spectrum Protect Plus inventory.
• VM Tags can be viewed through the View Tags &
Categories filter when creating a job definition.
• To preserve VM Tags upon a restore, ensure the Restore
VM tags checkbox is selected.
• After selecting the VM for Restore, click Options and go
to Advanced options. The Restore VM Tags checkbox
is selected by default.
For more information on VMware tagging, see:
https://docs.vmware.com/en/VMware-
vSphere/6.5/com.vmware.vsphere.vcenterhost.doc/GUID-
E8E854DD-AA97-4E0C-8419-CE84F93C4058.html

11 © Copyright IBM Corporation 2019

VM backup prioritization
• You can set an option to specify the priority of a selected resource during backup processing.
• VMs with high priority will be backed up earlier in the job.
• Setting a priority is useful in the case a backup job ends early due to a failure or cancellation.
• Click the resource that you want to prioritize in the VMware Backup section and you are presented
with the option to set a priority for that resource.

12
VM backup options
• Options include:
 Skip read-only datastores
 Skip temporary datastores mounted for Instant
Access
 VADP proxy
− By site
− By proxy
 Priority
• The priority scale is 1-10 (1 is most important, 10
is least important)
• The default priority option is set to 5.

13
Snapshot and Agent options

• Make VM snapshot application/file system consistent – by default this is enabled to quiesce

the application and system state to enable a consistent snapshot.
 VM Snapshot retry attempts – controls the number of times the job will retry the snapshot before failure
• Agent Options
 Truncate SQL logs – truncates SQL logs during backup
 Catalog file metadata – analyzes and stores metadata about mounted filesystems
− This is required for File Restore functionality
 Exclude files
− This allows you to pare down the amount of data you back up.
 Guest OS User info – is required for file metadata cataloging, SQL log truncation and certain restore
options such as re-IP

14 © Copyright IBM Corporation 2019

VMware backup workflow
1. Register vCenter server with IBM Spectrum Protect Plus
2. Inventory virtual machines
3. Select VMs and add them to existing SLAs (Gold, Silver, Bronze) or create your own
4. Select appropriate Backup Options
5. vSNAP server target for snapshot data determined
6. Snapshot of source VM is taken
7. Protected VMs datastores are determined
8. New target volumes (datastores) are created on vSNAP server
9. Volumes mounted on VADP server as NFS datastores
10. Backup is performed to mounted volumes
11. VM snapshots are deleted on ESXi
12. Snapshot of target datastore is taken
13. Datastore is unmounted
14. The catalog captures details of the backup (source, vSNAP, retention, schedule, and so forth)

15 © Copyright IBM Corporation 2019

File metadata indexing
• File metadata indexing is optional
• This enables you to create backups that can be restored at a file level
• Supported for Windows and Linux
• Allows you to search across all virtual machines snapshots to find files for restore
• Requires permissions not only in IBM Spectrum Protect Plus, but also on the machine being
protected
• Be sure to check the IBM Knowledge Center to review the complete list of requirements and
conditions for your environment:
https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.4/spp/r_spp_system_reqs_file.html

16 © Copyright IBM Corporation 2019

File indexing requirements - Windows
• Windows Requirements • Authentication and privilege requirements
 Supported Operating Systems  The credentials specified for the virtual machine must
− Windows Server 2008 R2 include a user with the following privileges:
− Windows Server 2012 R2 and Windows Server 2012 R2 Core − The user identity must have Log on as a service rights.
− Windows Server 2016 and Windows Server 2019 Core − The system login credential must have the permissions of the
local administrator.
− Windows Server 2019 and Windows Server 2019 Core

• Supported File Systems • VMware Tools requirements

 The latest version of VMware tools should be installed.
 NTFS
 ReFS • VMware requirements
 CsvFS  In the virtual machine settings under Advanced
 Note: IBM Spectrum Protect Plus can protect and restore virtual Configuration, the disk.enableUUID setting must be
machines with other file systems, but only the file systems listed present and set to true.
above are eligible for file indexing and restore.
• The following directories in Windows are skipped:
• Connectivity Requirements  /Drivers
 All firewalls must be configured to allow IBM Spectrum Protect
 /Program Files and /Program Files (x86)
Plus to connect to the server through WinRM (Windows Remote
Management)  /Windows
 /winnt

17
File indexing requirements - Linux
• Connectivity Requirements • Supported Operating Systems
• The SSH service must be running on port 22 on the  Red Hat Enterprise Linux 6.4, 7.0 and later maintenance
server, and any firewalls must be configured to allow and modification levels
SPP to connect to the server through SSH. The SFTP
 SUSE Linux Enterprise Server 12.0 and later
subsystem for SSH must also be enabled.
maintenance and modification levels
• Software Requirements  CentOS 6.4 and later maintenance and modification
• Python version 2.6.x or 2.7.x levels
• Up-to-date util-linux-ng package
• Supported File Systems
• If data resides on LVM volumes, ensure the LVM version
is 2.0.2.118 or later.  ext2
 ext3
• VMware Tools Requirements
• The latest version of VMware tools should be installed.  Ext4
 XFS
Note: IBM Spectrum Protect Plus can protect and
restore virtual machines with other file systems, but
only the file systems listed above are eligible for file
indexing and restore.

18
File indexing backup metadata
Where is file metadata stored?
Metadata information is stored on both the client (temporarily) and the IBM Spectrum Protect Plus catalog
• Client
 Metadata collection starts on the client after a successful snapshot
 A *.txt file created for each drive/volume
 All the *.txt are zipped and sent to the vSnap storage server
− Windows: c:\ProgramData\SPP\temp\output\
− Linux: /tmp/
 It uses 7.7KB per file on the source pre-compression and 4 bytes per file post-compression to IBM Spectrum
Protect Plus
 Metadata is deleted after it has been sent to IBM Spectrum Protect Plus

• IBM Spectrum Protect Plus

• When the zip files reach the vSnap repository (/data2/filecatalog/), the Lucene indexing starts (/data3/lucene/) and runs in
the background
• When the backup image expires, the file index associated with that image is deleted

19 © Copyright IBM Corporation 2019

Test the connection

• The test function is used to verify that your credentials for File level backup allow you sufficient
access to the machine you are protecting.
• It tests all permissions, IP connectivity, username and password, all the way down to the virtual
machine level.

20 © Copyright IBM Corporation 2019

VMware restore
• VMware Restore jobs support Instant VM Restore and Instant Disk Restore scenarios, which are created
automatically based on the selected source.
• If a VMDK is selected for restore, you are automatically presented with options for an Instant Disk Restore job,
which provides instant write access to data and application recovery points.
• A snapshot is mapped to a target server where it can be accessed or copied.

• All other sources are restored through Instant VM Restore jobs, which can be run in a variety of modes.

21 © Copyright IBM Corporation 2019

VM restore modes
• Test Mode
 Creates temporary VMs for development/testing, snapshot verification and DR verification on a scheduled,
repeatable basis without affecting production environments.
 Can use fenced networking to establish a safe environment without interfering with production.
 VMs created through Test mode are given unique names and UUIDs to avoid conflicts.
• Clone Mode
 Creates copies of VMs for use cases requiring permanent or long-running copies for data mining or duplication
of a test environment in a fenced network.
 VMs created through Clone mode are given unique names and UUIDs to avoid conflicts.
• Production Mode
 Enables DR at the local site from primary storage or a remote DR site, replacing original VM with recovery
image. All configurations are carried over as part of the recovery, including names and UUIDs.

22 © Copyright IBM Corporation 2019

VMware restore recovery points
• In the Snapshot Restore wizard, you can select from the available recovery points, including VMs, VM
templates, datastores, folders, and vApps
• You can expand an entry in the Restore pane to view individual recovery points
• You might have to expand several levels
• You can use the Tags and Categories for filtering numerous VMs to find the one you want

23 © Copyright IBM Corporation 2019

Selecting the source snapshot
• You must make selections to find the correct source:
 Type of restore
− On demand or recurring
 The site
− Cloud offload
− Repository
− Cloud Archive
− Repository Archive
 Which vSnap
− Demo (not for production)
− Primary
− Secondary
 Date range
− If not within the past week

24 © Copyright IBM Corporation 2019

Selections for restore location
• Set destination
 Original ESX Host or Cluster - Restores to the original host or cluster.
 Alternate ESX Host or Cluster - Restores to a local destination different from the original host or cluster,
then select the alternate location from available resources.
− From the vCenter section, select an alternate location. Selections can be filtered by either hosts or clusters.
 ESX Host if vCenter is down - Use this to bypass the vCenter and restore directly to the ESX host.
• Set datastore
 Select which datastore you want to use for each selected source
 Restore to original location skips this step

25 © Copyright IBM Corporation 2019

VM restore network settings
• Network settings for restore to the original ESX host or cluster:
 Allow system to define IP configuration – Select this option if you want your OS to define the destination IP
address.
− When you restore using Test Mode, the new VM is assigned a new MAC address along with an associated NIC.
− When you restore using Production Mode, the MAC address does not change, so the IP should also be retained.
 Use original IP configuration – Select this option to restore to the original
• Network settings for restore to an alternate ESX host or cluster:
 Use a fenced network to keep virtual machines used for test separate from production.
 The networks used for restores in Test and Production modes are specific to the mode.
 The option Use system defined subnets and IP addresses for VM guest OS on destination is enabled by
default.
− To use your predefined subnets and IP addresses, select Use original subnets and IP addresses for VM guest OS on
destination
 Refer to IBM Spectrum Protect Plus User’s Guide for more information.

26 © Copyright IBM Corporation 2019

Restore VM with a new name

27 © Copyright IBM Corporation 2019

Test mode restore workflow
1. The restore job is parsed for the objects to be restored
2. The IBM Spectrum Protect Plus catalog data is loaded to list all resources
3. A volume clone from backup image is created
4. A Network File System (NFS) share is created and mounted on the target ESXi host
5. A temporary NAS datastore from the volume clone is created
6. The backup VMX file is renamed
7. The virtual machine is registered and reconfigured per the restore job parameters
• Upon completion, the job goes into Resource Active state with three options:
1. Cleanup
− The virtual machine is deleted
− The temp datastore and volume clone are removed

2. Move to Production (vMotion)

3. Clone (vMotion)
28 © Copyright IBM Corporation 2019
Restore an individual file to a virtual machine
• Expand Manage Protection and
click File Restore
• Use the upper search field to provide
a file name.
 You can use wildcards
• Use the Filters to find the virtual
machine backups available for
restore. Filter by:
• Virtual Machine (name)
• Date Range (calendar)
• OS Type
• Folder path

• Click the search icon in the top

window to run the search and
populate the Search Results table.
• Expand the File name in the Search
Table and select a backup for the
restore.
• Next you specify options.

29 © Copyright IBM Corporation 2019

File restore options and destination
You can restore to the same or a different
location and specify to overwrite a file.
• Options – Overwrite existing Files/Folder
• Destination – Same or different location
 Same: Click Restore
 Alternate: If you restore to an alternate
location, choose the location
• Destination Folder – supply a target path
in the virtual machine
• Click Restore

30 © Copyright IBM Corporation 2019

Lesson 2: Hyper-V backup and
restore

31 © Copyright IBM Corporation 2019

Hyper-V provider registration prerequisites
Prior to registering a new Hyper-V provider in IBM Spectrum Protect
Plus, the following prerequisites must be met:
• On the IBM Spectrum Protect Plus server, add entry for the Hyper-V
server(s) to /etc/hosts file
 All nodes must be added for a clustered configuration
• Add IBM Spectrum Protect Plus service user to local administrators group
on the Hyper-V server
 This is the user that will be used to register the provider in IBM Spectrum Protect
Plus
• Run this command on Hyper-V server from elevated command prompt:
 winrm s winrm/config/service @ {AllowUnencrypted="true"}
• Verify AllowUnencrypted setting was applied with the following command:
 winrm g winrm/config/service
• Ensure default port of 5985 is open
 IBM Spectrum Protect Plus uses the WinRM service to communicate with Hyper-V
• Ensure the iSCSI initiator is enabled on the Hyper-V server

32 © Copyright IBM Corporation 2019

Register a Hyper-V provider
• Expand Manage Protection > Hypervisors > Hyper-V.
• Click Manage Hyper-V Server.
• Click Add. The Server Properties pane opens.
• Populate the fields in the Server Properties pane:
 Hostname/IP – Enter the resolvable IP address or a resolvable path and machine name.
 Use existing user – Enable to select a previously entered username and password for the provider.
 Username – Enter your username for the provider.
 Password – Enter your password for the provider.
 Port – Enter the communications port of the provider you are adding. The typical default port is 5985.

• To use SSL, select the Use SSL check box.

 You can manage certificates through the Administrative Console.

• Expand Options to configure additional options:

 Maximum number of VMs to process concurrently per Hyper-V server – specify a maximum number
 Click Save.
− IBM Spectrum Protect Plus confirms a network connection, adds the provider to the database, then catalogs the provider.

33 © Copyright IBM Corporation 2019

Hyper-V backup management

• Hypervisor or VMs can be selected as source for backup

• By default, all VMs in the selected hypervisor are included and any VMs added are automatically protected
• Backups are performed at the block-level and after the first full backup, all backups are incremental
• Backups are stored as instantly mountable, native-format snapshots
• During restore there is no need to traverse through incremental backups to perform restore.

34 © Copyright IBM Corporation 2019

SLA Policy Status – Policy Options

Additional options are available for altering existing policies that allow you to run inventory before backup,
exclude resources from backup, or force a new full (base) backup.
35 © Copyright IBM Corporation 2019
Hyper-V backup workflow
1. Register Hyper-V resource with IBM Spectrum Protect Plus
2. Inventory virtual machines
3. Select VMs and add them to predefined SLA Policies (Gold, Silver, Bronze) or create your own
4. Select appropriate Backup Options
5. vSnap server determined as target for snapshot data based on site defined in SLA Policy
6. Snapshot of source VM taken
7. New target volumes (datastores) created on vSnap server
8. Volumes mounted on source Hyper-V hosts using iSCSI
9. Backup performed to mounted volumes
10. VM snapshots deleted
11. Snapshot of target datastores taken
12. Datastores are unmounted
13. The IBM Spectrum Protect Plus catalog captures the details of backup (source, vSnap, retention, schedule, etc.)

36 © Copyright IBM Corporation 2019

Hyper-V restore

• Expand Manage Protection > Hyper-V

• Select Create Restore Job
• You can search for restore points using
the search field
• Expand the hypervisor name to expose
the restore points
• Select the + next to the restore point to
add it to the Restore List
• Follow the prompts

37 © Copyright IBM Corporation 2019

Source snapshot

38 © Copyright IBM Corporation 2019

Set destination

• Options vary depending on the

source of the snapshot and the
destination
• Restore methods:
• Instant access – only
method that does not allow
renaming of VM
• Production
• Test
• Clone

39 © Copyright IBM Corporation 2019

Hyper-V restore options

Finally you apply scripts (optional), schedule, then review the job.

40 © Copyright IBM Corporation 2019

Monitoring jobs
• You can:
 Monitor a job in the Policy pane just below the section where you start a backup or restore operation.
 Review the activity by selecting Jobs and Operations
 Select the type of job and review the output in the pane below
 Log is expandable and filterable
 Download the activity log as a zip file

Use to filter the view

41 © Copyright IBM Corporation 2019

Unit glossary
Review the key words and concepts for this unit:
• Provider
• Hyper-V
• VMware
• Restore modes: production, clone, and test
• Job Monitor
• File restore
• Data reuse

42 © Copyright IBM Corporation 2019

Unit summary
Now that you have completed this unit, you can perform the following tasks:
• Register VMware and Hyper-V systems to be protected
• Work with options to optimize virtual machine backups
• Create and schedule backup jobs for VMware and Hyper-V
• Create restore jobs for VMware and Hyper-V
• Run and monitor jobs and access relevant log files

43 © Copyright IBM Corporation 2019

Review questions

1. True or False: IBM Spectrum Protect Plus supports choosing VMware virtual machines for backup
using tags.
2. In order to perform Hyper-V backups, which service must be running on the Hyper-V host?
A. The server service
B. The IBM Spectrum Protect Plus booster service
C. iSCSI initiator service
D. The VADP proxy server service
3. What backup option must be selected to enable file level restore for a virtual machine?
A. Enable file level restore
B. Catalog file metadata
C. Engage file catalog
D. Enable guest tools

44 © Copyright IBM Corporation 2019

Review answers
1. True.
2. C. iSCSI initiator service
3. B. Catalog file metadata

45 © Copyright IBM Corporation 2019

Unit 3: Data protection for virtual
machines exercises

46 © Copyright IBM Corporation 2019

Exercise introduction
In these exercises you perform the following tasks:
• Review hypervisor definitions and update inventory
• Apply an SLA Policy to a backup job
• Back up virtual machines
• Perform production restore
• Restore a file within a virtual machine

47 © Copyright IBM Corporation 2019