Support matrix

Browser	Minimum requirements
Web browser	Internet Explorer (IE) 11 and Edge Mozilla Firefox (Firefox) 70 Google Chrome (Chrome) 78 Note: Druva recommends that you use Firefox or Chrome for accessing the Phoenix Management Console. If you use Internet Explorer, some UI elements might not appear as expected.

Software requirements for files and folders

Phoenix supports the File servers running with Windows and Linux operating systems as well as the network shares. The following table lists the supported platforms that Phoenix can backup and restore files and folders on.

Operating System	File System	Editions
Windows (Standard and Enterprise editions)	New Technology File System (NTFS)	Windows Server 2019 (64-bit) Windows Server 2016 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2012 (64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2008 (64-bit )
Windows (Standard and Enterprise editions)	Resilient File System (ReFS) 1.1, 1.2, 2.0, 3.0, 3.1	Windows Server 2019 (64-bit) Windows Server 2016 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2012 (64-bit)
Windows (Standard edition)	New Technology File System (NTFS)	Windows Small Business Server (SBS) 2011 (64-bit)
Linux	Extended file system (EXT) version 3 and 4 XFS	CentOS 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8 , and 8.3 (64-bit) Red Hat Enterprise Linux (RHEL) 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, and 7.4, 7.5, 7.6, 7.8, and 8.3 (64-bit) Oracle Linux 6.8, 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, 7.9 (64-bit) SUSE Linux Enterprise Server (SLES) 11.4, 12.2, and 12.4 LTS (64-bit) Amazon Linux 2
Ubuntu	Extended file system (EXT) version 3 and 4	Ubuntu 14.04 (64-bit) Ubuntu 16.04 (64-bit) Ubuntu 18.04 LTS (64-bit)

Note: Phoenix also supports the backup of files and folders on the non-VSS partitions such as FAT, FAT32, and exFAT.

Ports and communication protocols for Phoenix

Phoenix communicates with your File servers to backup and restores the data from your File servers. This communication happens through ports and protocols that are secure for communication and transition of data.

Phoenix uses Transport Layer Security (TLS) protocol for establishing a connection and initiating communication between Phoenix components and your File servers.

The following diagram depicts the ports and communication protocols that are used by Phoenix for secure connection and communication during the backup and restore operations.

Software requirements for Hyper-V

This section contains information about the Windows server that Phoenix supports.

Operating System	Editions
Windows	Windows Server 2019 (Standard and Datacenter editions) Windows Server 2016 (Standard and Datacenter editions) Windows Server 2012 R2 (Standard and Datacenter editions) Windows Server 2012 (Standard and Datacenter editions) Windows Server 2008 R2 (Standard and Enterprise editions) Windows Server 2008 (Standard and Enterprise editions)

Note: If you are using SCVMM for managing virtual machines on Windows Server 2008 and Windows Server 2008 R2 hosts:

When you activate the Phoenix agent, select the type as standalone or cluster (based on your setup). Do not select the type as scvmm to register your hosts through SCVMM.

Phoenix does not support registration of Microsoft Windows Server 2008 and Microsoft Windows Server 2008 R2 hosts through SCVMM.

Partition type and file systems for file-level restore (FLR)

Windows:

Primary
Extended
Basic disk (Partition type: MBR/GPT)
Dynamic disk (Partition type: MBR. (simple/spanned volume)

Note: Dynamic Disk with GPT partition type is not supported.

Linux:

LVM (Simple/Spanned/Mirror/Stripped)

File-systems:

NTFS
FAT
FAT32
Ext2/3/4
XFS

Software requirements for FLR proxy

Before you deploy and activate the FLR proxy, ensure that following system requirements on the Hyper-V host are met for the proxy:

Memory: 2 GB
vCPUs: 2

This is a recommended configuration for two restore jobs. If you want to run multiple restore jobs, increase the memory and number of vCPUs.

Ports and communication protocols for Phoenix

Phoenix communicates with your hosts to backup and restore data on your hosts. Phoenix talks to your Hyper-V host through ports and protocols that are secure for communication and transition of data.

Phoenix uses Transport Layer Security (TLS) protocol for establishing the connection and initiating communication between Phoenix components and your Hyper-V hosts.

The following diagram depicts the ports and communication protocols that are used by Phoenix for secure connection and communication during the backup and restore operations.

Software requirements for MS SQL servers

Druva categorizes its platform support levels as follows:

Certified Platforms:
A certified platform is fully tested by Quality Assurance (QA) team. Druva certifies these environments and performs regular testing with every cloud release to ensure the functionality works as expected.
Supported Platforms:
A supported platform is not tested by the Druva QA team with every cloud release, however, the functionality should work as expected. Druva will provide support for such platforms. Issues that require time and resources beyond commercial viability may not be addressed.

Certified platforms

Windows Server (64-bit) (Standard and Enterprise editions)	SQL Server editions
Windows Server 2019	SQL Server 2019
Windows Server 2016 (x86-64)	SQL Server 2017 SQL Server 2016 SP1 SQL Server 2014
Microsoft Windows Server 2012 R2	SQL Server 2017 SQL Server 2016 SP1 SQL Server 2014 SQL Server 2012 Service Pack (SP) 2 SQL Server 2008 Service Pack (SP) 4 SQL Server 2008 R2 SP 3
Microsoft Windows Server 2012	SQL Server 2017 SQL Server 2016 SP1 SQL Server 2012 SP 2 SQL Server 2008 R2 SP 3 SQL Server 2008 RTM
Microsoft Windows Server 2008 R2 SP 1	SQL Server 2012 SP 2 SQL Server 2008 RTM
Microsoft Windows Server 2008 R2	SQL Server 2008 R2 SP 3 SQL Server 2008 RTM
Microsoft Windows Server 2008 SP 2	SQL Server 2012 SP 2 SQL Server 2008 R2 SP 3 SQL Server 2008 RTM
Microsoft Windows Server 2008	SQL Server 2008 SP 4 SQL Server 2008 RTM

Note: Express editions are not supported.

Prerequisites

This is an Early Availability draft of the documentation. This documentation is not final, and it will get updated until the General Availability of the feature.

The Phoenix agent interacts with Volume Shadow Copy Service (VSS) to perform full backups. Ensure that the Volume Shadow Copy Service is not disabled. The Phoenix agent uses Microsoft SQL Server Virtual Device Interface (VDI) for differential backups.

Note: As with any other third-party backup software, Druva Phoenix interfaces with Microsoft Virtual Device Interface (VDI) to perform differential and transaction log, backups and restores. The SysAdmin role is mandatory for VDI backups and restores. If differential and transaction log backups and restores are not required, sysadmin permissions are not required. For more information, see SQL Server VDI backup and restore operations require Sysadmin privileges.

Druva recommends that you use the Microsoft’s native VSS provider. If you are using a third-party VSS provider, you must configure Phoenix agents to recognize this provider.
Ensure that the SQL Writer Service on your MS-SQL servers is running.
Ensure that the disk space on the drive where your shadow copy storage is located is adequate for the cumulative size of your databases. To know how you can configure VSS to write shadow copies to a separate drive, see Set VSS to write shadow copies to a separate NTFS volume.
Ensure that you enabled Windows authentication for your SQL servers. For more information, see Change Server Authentication Mode.

Ensure that the Local System account has permissions listed in the following table:

Permission	Description
Sysadmin	Required for SQL server backup and restores.

Note: As with any other third-party backup software, Druva Phoenix interfaces with Microsoft Virtual Device Interface (VDI) to back up and restore SQL Database Transaction Logs. To use VDI, SysAdmin role is mandatory. If transaction log backups and restores are not required, sysadmin permissions are not required.
For more information, see Backup (Transact-SQL), and Restore Statements (Transact - SQL)

If you want to perform log backups for the database, ensure that you set the databases to FULL RECOVERY mode. For more information about modifying recovery mode, refer to View or Change the Recovery Model of a Database.
Phoenix supports backup of availability group databases in MS-SQL Server 2012 onward since Microsoft introduced availability group in SQL 2012.
Ensure that you install Phoenix agent on all primary and secondary nodes in the availability group.
Ensure that you enable the Readable secondary option for the secondary nodes for successful backups from that node.
Ensure that all the nodes in an availability group must have the same Phoenix agent version installed on them.
If you want the Phoenix agent to run under a domain user account:
- Ensure that the domain user is added under the local administrative group of the SQL server
- Ensure that Phoenix agent and SQL Server VSS writer service log on using the same domain user account. (By default both services log on using the local system account.)
- Ensure that Sysadmin right is assigned to the domain user in the SQL server.

Software requirements for NAS devices

Druva provides vendor-agnostic support for NAS devices. The supported protocol for SMB and NAS shares is as mentioned below. Phoenix can perform backup and restore provided your configuration adheres to the following NAS proxy mappings.

Share type on the NAS device	NAS device is mapped to	Shares discovered
CIFS/SMB	Windows NAS proxy	CIFS/SMB
NFS	Linux NAS proxy	NFS
CIFS/SMB and NFS	Windows NAS proxy	CIFS/SMB
CIFS/SMB and NFS	Linux NAS proxy	NFS
CIFS/SMB and NFS	Windows NAS proxy and Linux NAS proxy	CIFS/SMB and NFS

Note:

The NAS proxy must be version 4.8.16-98358 or later for share auto-discovery to work.

Phoenix validates the NAS device credentials before adding the NAS device. Ensure that you have valid device credentials.

Phoenix supports Amazon FSx for Windows and Amazon EFS shares for backups and restores. You can protect Amazon FSx shares using a Windows proxy, and protect Amazon EFS shares using a Linux proxy. For more information see Phoenix support for Amazon FSx for Windows and Amazon EFS

Permissions for NAS auto-discovery

Software requirements for NAS proxy

Since you install the NAS proxy on a Windows or Linux server, the server must comply with the following requirements.

Operating System	Edition	Support Considerations
Windows	Windows Server 2019 (64-bit) Windows Server 2016 R2 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2008 R2 (64-bit)	Phoenix supports backup and restore from all SMB share versions supported on the respective Windows Server version.
Linux	CentOS 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8, and 8.3 (64-bit) Ubuntu 14.04, 16.04 , 18.04 LTS (64-bit) Red Hat Enterprise Linux (RHEL) 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.4 , 7.5, 7.6, ,7.8, and 8.3 (64-bit) Oracle Linux 6.8, 6.9, 6.10, 7.5, 7.6, 7.7, 7.8, and 7.9 (64-bit) SUSE Linux Enterprise Server (SLES) 11.4 and 12.2 (64-bit) Amazon Linux 2	Phoenix supports backup and restore from all NFS share versions supported on the respective Linux Server version and variants.

Ports and communication protocols for Phoenix

Phoenix communicates with your NAS shares to back up and restore the data. This occurs through ports and protocols that are secure for communication and transition of data. Phoenix uses Transport Layer Security (TLS) protocol to establish a connection and initiate communication between Phoenix components and your NAS device.

The following diagram depicts the ports and communication protocols that Phoenix uses for secure connection and communication during the backup and restore operations.

Software requirements for Oracle

System requirements for the Phoenix Backup Store

Ports and communication protocols for Phoenix

Software requirements for VMware

Support Matrix

Ports and communication protocols for Phoenix

Ports and communication protocols

Software requirements for Phoenix CloudCache

The following table lists the system requirements for deploying Phoenix CloudCache.

Operating system	Editions
Windows	Windows Server 2012 R2 Standard Edition (64-bit) Windows Server 2016 (64-bit)

Ports and communication protocols for Phoenix

Phoenix CloudCache communicates with your servers and Phoenix Cloud to back up and restore the data. This communication happens through ports and protocols that are secure for communication and transition of data.

Phoenix CloudCache uses Transport Layer Security (TLS) protocol to establish a connection and initiate communication with Phoenix components.

The following diagram depicts the ports and communication protocols that are used by Phoenix CloudCache for secure connection and communication during the backup and restore operations.

Hardware requirements

The Phoenix agent installer, VMware backup proxy appliance, Hyper-V FLR proxy appliance, Phoenix Backup Store package, and the CloudCache installer are available at http://downloads.druva.com/phoenix/.

You can also download the installer at the time of registering servers.

Prerequisites for Phoenix agent

This section contains the prerequisites for the Phoenix agent. This configuration is applicable for one backup or restore job at a time. Applies to:

Hyper-V virtual machines
Files on a server
MS-SQL servers

Hardware requirements for installing Phoenix agent

Hardware	Minimum requirements
CPU	Three Cores or, Three vCPUs if the agent is installed on a virtual machine
RAM	3 GB
Free space	On Windows and Linux servers, 2% of the total source data is utilized for Phoenix application data. This application data is stored in the following locations: Windows 2012 Server C:\ProgramData\Phoenix Windows 2008 Server C:\ProgramData\Phoenix Linux /var/log/Phoenix /var/Phoenix On Windows servers, a minimum 10% of each volume size that you want to backup for Volume Shadow Copy Service (VSS) snapshots.

Hardware requirements for Hyper-V FLR proxy

Before you deploy and activate the FLR proxy, ensure that following system requirements on the Hyper-V host are met for the proxy:

Memory: 2 GB
vCPUs: 2

This is a recommended configuration for two restore jobs. If you want to run multiple restore jobs, increase the memory and number of vCPUs.

Disks, partitions, and files supported for File Level Restore (FLR) on Hyper-V hosts

Item	Certified
Disk Types	Thin Thick
Partition Tables	MBR GPT (Linux)
Partition Types	Primary Extended LDM (Only Simple and Spanned Volumes with MBR) LVM (Simple/Spanned/Mirror/Striped)
File Systems	NTFS FAT FAT32 Ext2/3/4 XFS
File Type	Regular Files Sparse Files Hidden Files

Hardware requirements for NAS shares

The following table describes the hardware specifications that the Phoenix agent requires to run one backup or restore job at a time:

Hardware	Minimum Requirement
CPU	Three Cores or, Three vCPUs if the agent is installed on a virtual machine
RAM	3 GB
Free space	On Windows and Linux servers, 2% of the total source data is utilized for the Phoenix application data. This application data is stored in the following locations: Windows 2012 Server C:\ProgramData\Phoenix Windows 2008 Server C:\ProgramData\Phoenix Linux /var/log/Phoenix /var/Phoenix

By default, the Phoenix agent is configured to run three backup sets in parallel.

Hardware requirements for VMware

This table lists the minimum requirements for deploying a backup proxy that is available as a virtual appliance.

Backup proxy requirements

Backup proxy is available as a virtual appliance. Deploying backup proxy creates a virtual machine with the configuration that is listed in this table. Ensure that your VMware setup can assign resources to support this requirement.

For more information, see Prerequisites to install the backup proxy.

Hardware requirements for the Phoenix Backup Store

Hardware requirements for Phoenix CloudCache

Prerequisite	Minimum Requirement
CPU	64-bit, quad-core processor
RAM	8 GB or greater
Network Traffic rules	Outgoing network traffic: Phoenix CloudCache connects to Phoenix cloud using port 443. Incoming network traffic: Phoenix agents connect to Phoenix CloudCache using port 443.
Firewall	If a firewall is enabled, allow all outgoing TCP/IP traffic to port 443 for "*.druva.com".
Web proxy	Druva supports the following proxy types: HTTP socks4 socks5 For more information see: Configure Web proxy

Note: Phoenix does not support 4K native drives in the CloudCache environment. We recommend you to use 512 native drives for backup.

To use Phoenix CloudCache 3.3-7649 or later, install the following agents on the servers that you want to protect:

Linux RPM version 4.6.1-7433 or later.
Windows 64/32 bit agent version 4.6.1-7430 or later.

If you do not use the recommended agents, the following errors will be displayed:

PHOENIX 146 error for agent.
KeyError 101 error for CloudCache.

Network requirements

Field	Requirement
Network Traffic rules	Phoenix agent: Phoenix agents connect to Phoenix Cloud using port 443. Phoenix CloudCache: Phoenix CloudCache connects to Phoenix Cloud using port 443. Phoenix agents connect to Phoenix CloudCache using port 443. Phoenix Backup Store Phoenix Backup Store connects to the Phoenix Cloud using port 443.
Firewall	For all the agents and CloudCache: If the firewall is enabled, allow all outbound TCP/IP traffic to *.druva.com through port 443.
Web proxy	Druva supports the following proxy types: http socks4 socks5 For more information see: Configure web proxy for Windows Configure web proxy for Linux Configure web proxy for CloudCache Configure web proxy for the Phoenix Backup Store

Field

Requirement

Network Traffic rules

Phoenix agent:

Phoenix agents connect to Phoenix Cloud using port 443.

Phoenix CloudCache:

Phoenix CloudCache connects to Phoenix Cloud using port 443.

Phoenix agents connect to Phoenix CloudCache using port 443.

Phoenix Backup Store

Phoenix Backup Store connects to the Phoenix Cloud using port 443.

Firewall

For all the agents and CloudCache: If the firewall is enabled, allow all outbound TCP/IP traffic to *.druva.com through port 443.

Web proxy

Druva supports the following proxy types:

http
socks4
socks5

For more information see:

For more information, see Sizing for backup proxy.

Security considerations

One thing that is often overlooked when deploying a data protection solution is security. While Druva automatically handles the security of information in transit and at rest, there are other security mechanisms that organizations should consider for implementing beyond encryption when it comes to data protection. The following sections discuss the security considerations that organizations should take into account as they implement Phoenix for their data protection solution.

Roles and responsibilities

To prevent privileged users from making unauthorized changes to resources within their organization, Phoenix supports the Role Based Access Control (RBAC) for separation of duties. This capability allows organizations to limit privileged user access to a predefined set of roles and data assets. This RBAC capability makes it possible to create ethical walls to enforce privacy, as well as implement a delegated administration structure to meet customers’ organizational, compliance, or security requirements. To add RBAC in your Phoenix deployment, see Manage administrators .

Global regulatory compliance

As part of your data protection strategy, organizations need to take into account where they operate and what requirements they have on security and availability of the data. With Druva Phoenix, organizations can store data in any of twelve global regions depending on their security, compliance, data access, and availability requirements. While not only a compliance requirement, proximity to data can also help shrink the time it takes to recover in the event of a disaster.

Single sign-on

Phoenix supports SAML which allows organizations to centralized authentication for the administration of their Phoenix environment. This allows Phoenix administrators to leverage existing centralized authentication mechanisms like Okta, Ping Identity, or Active Directory which are already being used today. The use of Single sign-on (SSO) helps to guarantee the availability of access to Phoenix and eliminates local authentication stores which cause audit and compliance headaches as well as create a security risk. To integrate Phoenix with your SSO authentication mechanism, see Configure single sign-on for Phoenix .

Testing your recovery

As part of your data protection strategy, it is important to see if what you are backing up is actually getting backed up, whether part of a normal business continuity and disaster recovery process.

Conclusion

While protecting data in flight and at rest are important security capabilities of any enterprise-level data protection solution, there are definitely more issues to take into account, and more capabilities to take advantage of when it comes to protecting the overall data attack surface. For identifying and implementing more such security considerations for Phoenix, contact Druva Support.