Spectrum Protect 8.1.4 - What's New in the World of Spectrum Protect?

Spectrum Protect 8.1.4 - What's New in the World of Spectrum Protect?

On the 15th of December IBM released Spectrum Protect 8.1.4.

The release contains a raft of exciting enhancements for us data protection geeks.
 If you're a Spectrum Protect customer using the Operations Center, Hierarchical Storage Management, Spectrum Protect for Virtual Environments, Spectrum Protect for ERP, Spectrum Snapshot for Unix, Oracle & SQL or Spectrum Protect for Databases you have something to get enthused about in this release.
 Below is an overview at a very high level of the enhancements within 8.1.4.


Here I'm going to discuss a few key product updates from my perspective.

The main enhancement for me and something I had actually raised an RFE for a while back is parallel restores for Spectrum Protect for Virtual Environments (SP4VE).

Why is this a game changer for me?
 Because in the event of needing to run recovery for a large number of VMs or in a DR scenario the SP4VE setup needs a smaller number of datamovers as you can now restore up to 10 VMs or VMDKs in parallel.
 Hopefully we see that maximum number increase in future releases as well.

A common point of discussion out of this is the fact you may have noticed IBM are continuing development for SP4VE despite it no longer being possible for new customers to buy following the release of Spectrum Protect Plus (SPP).
 Why would IBM do this?
 Its currently due to the fact SP4VE is used as the offload engine for SPP and enables the offload of backups via SPP into Spectrum Protect. Therefore at this point in time SP4VE is still a key product offering from IBM. So existing SP4VE customers will be glad to know development is continuing for the foreseeable future.
 However you will at some point need to review when the best point to switch to SPP will be. As SPP will replace SP4VE when SP4VE goes EOS, key to state no dates have been confirmed yet but I would expect them towards the back end of 2018.
 We have found for some it is more cost effective to switch from SP4VE to SPP now and for others it will be worth waiting until 1 or 2 releases of SPP have happened before making the switch. If you want to discuss this in more detail feel free to give me a shout via william.bush@tectrade.com

SP4VE for Hyper-V also gets a lot of focus in 8.1.4 with a new configuration wizard to make deployment easier, a GUI for operation and scheduling and a Powershell module.
 The Powershell module is of particular use for those want to script functions using the DP for Hyper-V REST API.

In terms of Spectrum Protect Server enhancements Security is what IBM have focused on with key enhancements include:

  • The default minimum length of the password is increased to 8 characters
  • Security has been optimised by using certificates with SHA256 signatures.
     If a server has an MD5-signed certificate that is labelled "TSM Server SelfSigned Key" set as the default when you upgrade to IBM Spectrum Protect 8.1.4, the default certificate is automatically updated to use a certificate with a Secure Hash Algorithm (SHA) signature.
     In releases prior to 7.1.8, the default certificate was labelled "TSM Server SelfSigned Key" and had an MD5 signature, which does not support the Transport Layer Security (TLS) 1.2 protocol that is required by default for 8.1.2 or later clients and the Operations Center.
     Beginning with 8.1.4, servers that use the MD5-signed certificate as the default are automatically updated to use a default certificate with a SHA signature that is labelled "TSM Server SelfSigned SHA Key". A copy of the certificate is stored in the cert256.arm file, which is located in the server instance directory.
  • You can now use the new FIPSMODE server option to specify whether non-Secure Sockets Layer operations utilise cryptographic modules that are compliant with the Federal Information Processing Standard (FIPS) 140-2. By default, FIPS mode is disabled.
     The US government publishes FIPS to establish guidelines for computer security and interoperability. To enforce FIPS 140-2 requirements for all operations in your storage environment, set the FIPSMODE and SSLFIPSMODE options to YES
  • Beginning with 8.1.4 you no longer have to manually configure certificates between storage agents, library clients, and library manager servers.
     Library clients and library manager servers that use V7.1.8, V8.1.2, or V8.1.3 software automatically use SSL to communicate with storage agents, but you must manually configure the certificates between them. Beginning with 8.1.4, certificates between storage agents, library clients, and library manager servers are configured automatically, and manual configuration is no longer required.

As is the norm these days Tricia Jiang and Sean Sperry have done a sterling job in creating and sharing the technical update presentation for 8.1.4 here which details everything you need to know about the update including a fair few nuggets I haven't discussed here. So its 43 minutes well spent if you want to know further information regarding the 8.1.4 update for Spectrum Protect .

If your a currently Spectrum Protect customer or have a Data Protection solution that simply isn't fit for the job and want to discuss these enhancements in more detail please drop me an e-mail william.bush@tectrade.com