Support matrix

Browser	Minimum requirements
Web browser	Internet Explorer (IE) 11 and Edge Mozilla Firefox (Firefox) 70 Google Chrome (Chrome) 78 Note: Druva recommends that you use Firefox or Chrome for accessing the Phoenix Management Console. If you use Internet Explorer, some UI elements might not appear as expected.

Software requirements for files and folders

Phoenix supports the File servers running with Windows and Linux operating systems as well as the network shares. The following table lists the supported platforms that Phoenix can backup and restore files and folders on.

Operating System	File System	Editions
Windows (Standard and Enterprise editions)	New Technology File System (NTFS)	Windows Server 2019 (64-bit) Windows Server 2016 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2012 (64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2008 (64-bit )
Windows (Standard and Enterprise editions)	Resilient File System (ReFS) 1.1, 1.2, 2.0, 3.0, 3.1	Windows Server 2019 (64-bit) Windows Server 2016 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2012 (64-bit)
Windows (Standard edition)	New Technology File System (NTFS)	Windows Small Business Server (SBS) 2011 (64-bit)
Linux	Extended file system (EXT) version 3 and 4 XFS	CentOS 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, and 7.6 (64-bit) Red Hat Enterprise Linux (RHEL) 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, and 7.4, 7.5, and 7.6 (64-bit) Oracle Linux 6.8, 6.9, 6.10, 7.5, 7.6, and 7.7 (64-bit) SUSE Linux Enterprise Server (SLES) 11.4, 12.2, and 12.4 LTS (64-bit)
Ubuntu	Extended file system (EXT) version 3 and 4	Ubuntu 14.04 (64-bit) Ubuntu 16.04 (64-bit) Ubuntu 18.04 LTS (64-bit)

Note: Phoenix also supports the backup of files and folders on the non-VSS partitions such as FAT, FAT32, and exFAT.

Ports and communication protocols for Phoenix

Phoenix communicates with your File servers to backup and restores the data from your File servers. This communication happens through ports and protocols that are secure for communication and transition of data.

Phoenix uses Transport Layer Security (TLS) protocol for establishing a connection and initiating communication between Phoenix components and your File servers.

The following diagram depicts the ports and communication protocols that are used by Phoenix for secure connection and communication during the backup and restore operations.

Software requirements for Hyper-V

This section contains information about the Windows server that Phoenix supports.

Operating System	Editions
Windows	Windows Server 2019 (Standard and Datacenter editions) Windows Server 2016 (Standard and Datacenter editions) Windows Server 2012 R2 (Standard and Datacenter editions) Windows Server 2012 (Standard and Datacenter editions) Windows Server 2008 R2 (Standard and Enterprise editions) Windows Server 2008 (Standard and Enterprise editions)

Note: If you are using SCVMM for managing virtual machines on Windows Server 2008 and Windows Server 2008 R2 hosts:

When you activate the Phoenix agent, select the type as standalone or cluster (based on your setup). Do not select the type as scvmm to register your hosts through SCVMM.

Phoenix does not support registration of Microsoft Windows Server 2008 and Microsoft Windows Server 2008 R2 hosts through SCVMM.

Partition type and file systems for file-level restore (FLR)

Windows:

Primary
Extended
Basic disk (Partition type: MBR/GPT)
Dynamic disk (Partition type: MBR. (simple/spanned volume)

Note: Dynamic Disk with GPT partition type is not supported.

Linux:

LVM (Simple/Spanned/Mirror/Stripped)

File-systems:

NTFS
FAT
FAT32
Ext2/3/4
XFS

Software requirements for FLR proxy

Before you deploy and activate the FLR proxy, ensure that following system requirements on the Hyper-V host are met for the proxy:

Memory: 2 GB
vCPUs: 2

This is a recommended configuration for two restore jobs. If you want to run multiple restore jobs, increase the memory and number of vCPUs.

Ports and communication protocols for Phoenix

Phoenix communicates with your hosts to backup and restore data on your hosts. Phoenix talks to your Hyper-V host through ports and protocols that are secure for communication and transition of data.

Phoenix uses Transport Layer Security (TLS) protocol for establishing the connection and initiating communication between Phoenix components and your Hyper-V hosts.

The following diagram depicts the ports and communication protocols that are used by Phoenix for secure connection and communication during the backup and restore operations.

Software requirements for MS SQL servers

Druva categorizes its platform support levels as follows:

Certified Platforms:
A certified platform is fully tested by Quality Assurance (QA) team. Druva certifies these environments and performs regular testing with every cloud release to ensure the functionality works as expected.
Supported Platforms:
A supported platform is not tested by the Druva QA team with every cloud release, however, the functionality should work as expected. Druva will provide support for such platforms. Issues that require time and resources beyond commercial viability may not be addressed.

Certified platforms

Windows Server (64-bit) (Standard and Enterprise editions)	SQL server editions
Windows Server 2019	SQL Server 2019
Windows Server 2016 (x86-64)	SQL Server 2016 SP1 SQL Server 2014
Microsoft Windows Server 2012 R2	SQL Server 2016 SP1 SQL Server 2014 SQL Server 2012 Service Pack (SP) 2 SQL Server 2008 Service Pack (SP) 4 SQL Server 2008 R2 SP 3
Microsoft Windows Server 2012	SQL Server 2016 SP1 SQL Server 2012 SP 2 SQL Server 2008 R2 SP 3 SQL Server 2008 RTM
Microsoft Windows Server 2008 R2 SP 1	SQL Server 2012 SP 2 SQL Server 2008 RTM
Microsoft Windows Server 2008 R2	SQL Server 2008 R2 SP 3 SQL Server 2008 RTM
Microsoft Windows Server 2008 SP 2	SQL Server 2012 SP 2 SQL Server 2008 R2 SP 3 SQL Server 2008 RTM
Microsoft Windows Server 2008	SQL Server 2008 SP 4 SQL Server 2008 RTM

Note: Express editions are not supported.

Prerequisites

Phoenix agent interacts with Volume Shadow Copy Service (VSS) to back up your data. To ensure successful backups from your servers, make sure that the Volume Shadow Copy Service is not disabled.
Druva recommends that you use the Microsoft’s native VSS provider. If you are using a third-party VSS provider, you must configure Phoenix agents to recognize this provider.
Ensure that the SQL Writer Service on your MS-SQL servers is running.
Ensure that the disk space on the drive where your shadow copy storage is located is adequate for the cumulative size of your databases. To know how you can configure VSS to write shadow copies to a separate drive, see Set VSS to write shadow copies to a separate NTFS volume.
Ensure that you enabled Windows authentication for your SQL servers. For more information, see Change Server Authentication Mode.

Ensure that the Local System account has permissions listed in the following table:

Permission	Description
Sysadmin	Required for SQL server backup and restores.

Note: As with any other third-party backup software, Druva Phoenix interfaces with Microsoft Virtual Device Interface (VDI) to back up and restore SQL Database Transaction Logs. To use VDI, SysAdmin role is mandatory.
For more information, see Backup (Transact-SQL), and Restore Statements (Transact - SQL)

If you want to perform log backups for the database, ensure that you set the databases to FULL RECOVERY mode. For more information about modifying recovery mode, refer to View or Change the Recovery Model of a Database.
Phoenix supports backup of availability group databases in MS-SQL Server 2012 onward since Microsoft introduced availability group in SQL 2012.
Ensure that you install Phoenix agent on all primary and secondary nodes in the availability group.
Ensure that you enable the Readable secondary option for the secondary nodes for successful backups from that node.
Ensure that all the nodes in an availability group must have the same Phoenix agent version installed on them.
If you want the Phoenix agent to run under a domain user account:
- Ensure that the domain user is added under the local administrative group of the SQL server
- Ensure that Phoenix agent and SQL Server VSS writer service log on using the same domain user account. (By default both services log on using the local system account.)
- Ensure that Sysadmin right is assigned to the domain user in the SQL server.

Software requirements for NAS devices

Druva provides vendor-agnostic support for NAS devices. The supported protocol for SMB and NAS shares is as mentioned below. Phoenix can perform backup and restore provided your configuration adheres to the following NAS proxy mappings.

Share type on the NAS device	NAS device is mapped to	Shares discovered
CIFS/SMB	Windows NAS proxy	CIFS/SMB
NFS	Linux NAS proxy	NFS
CIFS/SMB and NFS	Windows NAS proxy	CIFS/SMB
CIFS/SMB and NFS	Linux NAS proxy	NFS
CIFS/SMB and NFS	Windows NAS proxy and Linux NAS proxy	CIFS/SMB and NFS

Note:

The NAS proxy must be version 4.8.16-98358 or later for share auto-discovery to work.

Phoenix validates the NAS device credentials before adding the NAS device. Ensure that you have valid device credentials.

Permissions for NAS auto-discovery

Software requirements for NAS proxy

Since you install the NAS proxy on a Windows or Linux server, the server must comply with the following requirements.

Operating System	Edition	Support Considerations
Windows	Windows Server 2019 (64-bit) Windows Server 2016 R2 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2008 R2 (64-bit)	Phoenix supports backup and restore from all SMB share versions supported on the respective Windows Server version.
Linux	CentOS 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, and 7.6 (64-bit) Ubuntu 14.04, 16.04 , 18.04 LTS (64-bit) Red Hat Enterprise Linux (RHEL) 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.4 , 7.5, and 7.6 (64-bit) Oracle Linux 6.8, 6.9, 6.10, 7.5, 7.6, and 7.7 (64-bit) SUSE Linux Enterprise Server (SLES) 11.4 and 12.2 (64-bit)	Phoenix supports backup and restore from all NFS share versions supported on the respective Linux Server version and variants.

Ports and communication protocols for Phoenix

Phoenix communicates with your NAS shares to back up and restore the data. This occurs through ports and protocols that are secure for communication and transition of data. Phoenix uses Transport Layer Security (TLS) protocol to establish a connection and initiate communication between Phoenix components and your NAS device.

The following diagram depicts the ports and communication protocols that Phoenix uses for secure connection and communication during the backup and restore operations.

Software requirements for Oracle

Phoenix supports the following Oracle instances:

Standalone instance

Oracle Database Versions	Host Operating Systems (64-bit)
Oracle Database 19c (19.3.0.0.0) - 64-bit production	Oracle Linux 7.x Red Hat Enterprise Linux Server 7.x
Oracle Database 18c (18.3.0.0.0) - 64-bit production	Oracle Linux 7.x
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64-bit production	CentOS 7.x Red Hat Enterprise Linux Server 7.x Oracle Linux Server 7.x Windows Server 2016
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64-bit production	Red Hat Enterprise Linux Server 7.2-7.7 Red Hat Enterprise Linux Server 6.7 Oracle Linux Server 6.10 Windows Server 2012 R2 Standard Edition Windows Server 2008

Note: Phoenix can also back up and restore Oracle instances running on Solaris. For more information, contact Druva Support.

Real Application Cluster

Oracle Database Versions	Host Operating Systems (64-bit)
Oracle Database 19c (19.3.0.0.0) - 64-bit production	Red Hat Enterprise Linux Server 7.x Oracle Linux Server 7.x
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64-bit production	Oracle Linux Server 7.x
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64-bit production	CentOS 6.4 and later, 7.x Oracle Linux Server 6.x, 7.x

System requirements for the Phoenix Backup Store

Phoenix supports the following Oracle instances:

Standalone instance

Oracle Database Versions	Host Operating Systems (64-bit)
Oracle Database 19c (19.3.0.0.0) - 64-bit production	Oracle Linux 7.x Red Hat Enterprise Linux Server 7.x
Oracle Database 18c (18.3.0.0.0) - 64-bit production	Oracle Linux 7.x
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64-bit production	CentOS 7.x Red Hat Enterprise Linux Server 7.x Oracle Linux Server 7.x Windows Server 2016
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64-bit production	Red Hat Enterprise Linux Server 7.2-7.7 Red Hat Enterprise Linux Server 6.7 Oracle Linux Server 6.10 Windows Server 2012 R2 Standard Edition Windows Server 2008

Note: Phoenix can also back up and restore Oracle instances running on Solaris. For more information, contact Druva Support.

Real Application Cluster

Oracle Database Versions	Host Operating Systems (64-bit)
Oracle Database 19c (19.3.0.0.0) - 64-bit production	Red Hat Enterprise Linux Server 7.x Oracle Linux Server 7.x
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64-bit production	Oracle Linux Server 7.x
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64-bit production	CentOS 6.4 and later, 7.x Oracle Linux Server 6.x, 7.x

Ports and communication protocols for Phoenix

The Phoenix Backup Store takes incoming requests on port 9090. Since the RMAN communicates with the Phoenix Backup Store API to check the status, ensure that the port 9090 on the Phoenix Backup Store can take incoming requests over http.

In addition, ensure that the firewall allows RMAN to write to the backup mount on the Phoenix Backup Store. To check which ports you need to open on the RMAN host, run:


rpcinfo -p | grep nfs

Phoenix Cloud communicates with the Phoenix Backup Store to backup and restore data on it. To backup and restore data, the Phoenix Cloud communicates to the Phoenix Backup Store through ports and protocols that are secure for communication and transition of data.

Phoenix uses Transport Layer Security (TLS) protocol for establishing the connection and initiating communication between Phoenix components.

The following diagram depicts the ports and communication protocols that are used by Phoenix for secure connection and communication during the backup and restore operations.

Note: If a firewall is set up, allow outbound TCP/IP traffic to *.druva.com through port 443.

Software requirements for VMware

Support Matrix

Ports and communication protocols for Phoenix

Ports and communication protocols

Software requirements for Phoenix CloudCache

The following table lists the system requirements for deploying Phoenix CloudCache.

Operating system	Editions
Windows	Windows Server 2012 R2 Standard Edition (64-bit) Windows Server 2016 (64-bit)

Ports and communication protocols for Phoenix

Phoenix CloudCache communicates with your servers and Phoenix Cloud to back up and restore the data. This communication happens through ports and protocols that are secure for communication and transition of data.

Phoenix CloudCache uses Transport Layer Security (TLS) protocol to establish a connection and initiate communication with Phoenix components.

The following diagram depicts the ports and communication protocols that are used by Phoenix CloudCache for secure connection and communication during the backup and restore operations.

Hardware requirements

The Phoenix agent installer, VMware backup proxy appliance, Hyper-V FLR proxy appliance, Phoenix Backup Store package, and the CloudCache installer are available at http://downloads.druva.com/phoenix/.

You can also download the installer at the time of registering servers.

Prerequisites for Phoenix agent

This section contains the prerequisites for the Phoenix agent. This configuration is applicable for one backup or restore job at a time. Applies to:

Hyper-V virtual machines
Files on a server
MS-SQL servers

Hardware requirements for installing Phoenix agent

Hardware	Minimum requirements
CPU	Three Cores or, Three vCPUs if the agent is installed on a virtual machine
RAM	3 GB
Free space	On Windows and Linux servers, 2% of the total source data is utilized for Phoenix application data. This application data is stored in the following locations: Windows 2012 Server C:\ProgramData\Phoenix Windows 2008 Server C:\ProgramData\Phoenix Linux /var/log/Phoenix /var/Phoenix On Windows servers, a minimum 10% of each volume size that you want to backup for Volume Shadow Copy Service (VSS) snapshots.

Hardware requirements for Hyper-V FLR proxy

Before you deploy and activate the FLR proxy, ensure that following system requirements on the Hyper-V host are met for the proxy:

Memory: 2 GB
vCPUs: 2

This is a recommended configuration for two restore jobs. If you want to run multiple restore jobs, increase the memory and number of vCPUs.

Disks, partitions, and files supported for File Level Restore (FLR) on Hyper-V hosts

Item	Certified
Disk Types	Thin Thick
Partition Tables	MBR GPT (Linux)
Partition Types	Primary Extended LDM (Only Simple and Spanned Volumes with MBR) LVM (Simple/Spanned/Mirror/Striped)
File Systems	NTFS FAT FAT32 Ext2/3/4 XFS
File Type	Regular Files Sparse Files Hidden Files

Hardware requirements for NAS shares

The following table describes the hardware specifications that the Phoenix agent requires to run one backup or restore job at a time:

Hardware	Minimum Requirement
CPU	Three Cores or, Three vCPUs if the agent is installed on a virtual machine
RAM	3 GB
Free space	On Windows and Linux servers, 2% of the total source data is utilized for the Phoenix application data. This application data is stored in the following locations: Windows 2012 Server C:\ProgramData\Phoenix Windows 2008 Server C:\ProgramData\Phoenix Linux /var/log/Phoenix /var/Phoenix

By default, the Phoenix agent is configured to run three backup sets in parallel.

Hardware requirements for VMware

This table lists the minimum requirements for deploying a backup proxy that is available as a virtual appliance.

Backup proxy requirements

Backup proxy is available as a virtual appliance. Deploying backup proxy creates a virtual machine with the configuration that is listed in this table. Ensure that your VMware setup can assign resources to support this requirement.

For more information, see Prerequisites to install the backup proxy.

Hardware requirements for the Phoenix Backup Store

You can set up a Phoenix Backup Store on:

An Ubuntu server: Deploy the Debian package that Druva provides on an Ubuntu server and use the Ubuntu server as a Phoenix Backup Store.
A VMware setup: Deploy the Open Virtual Appliance (OVA) package that Druva provides on a supported VMware/ESXi host and start the virtual machine. Use this virtual machine as a Phoenix Backup Store.
Amazon Web Services (AWS): Deploy the Debian package that Druva provides on an EC2 instance with Ubuntu operating system to use the EC2 instance as a Phoenix Backup Store.

The following sections provide a recommended configuration of a system that you can use as a Phoenix Backup Store.

Ubuntu server as a Phoenix Backup Store

This table provides a recommended configuration of the Ubuntu server on which you deploy the Debian package to use the server as a Phoenix Backup Store.

Hardware/Software	Specification
Operating system	Ubuntu 18.04 (64-bit)
CPU	8 Cores
RAM	6 GB
Hard disks	At-least 300 GB.
ZFS pool configuration	RAIDZ (Requires at-least three disks) You can create a ZFS pool with less than three disks using RAID0 configuration.
ZFS compression	LZ4
ZFS deduplication	Off
ZFS record size	128 KB

A virtual machine on a VMware vCenter/ESXi as a Phoenix Backup Store

The following table describes the recommended configuration of the virtual machine that you create using the OVA package that Druva provides, and use it as a Phoenix Backup Store.

Hardware/Software	Specification
vCenter/ESXi versions	6.7/6.5/6.0
vCPU	8 Cores
RAM	8 GB
Virtual disk	The OVA contains 3 virtual disks. Two disks of 100 GB capacity each to create the ZFS pool for backup and the third disk (sdd) of 200 GB capacity for restore.
ZFS pool configuration	RAIDZ (Requires at-least three virtual disks) You can create a ZFS pool with the two attached disks using RAID0 configuration.
ZFS compression	LZ4
ZFS deduplication	Off
ZFS record size	128 KB

Note: Phoenix also supports PBS deployment on the vCenter/ESXi version 7.0. For more details, contact Druva Support.

An AWS EC2 instance as a Phoenix Backup Store

The following table describes the recommended configuration of the AWS EC2 instance on which you can deploy the Debian package and use it as a Phoenix Backup Store.

Hardware/Software	Specification
Instance type	c5.4xlarge
Operating system	Ubuntu 18.04 (64-bit)
CPU	16 Cores
RAM	16 GB
EBS Volume	At-least 500 GB on a ThroughPut optimized HDD (ST1).
ZFS pool configuration	RAIDZ (Requires at-least three volumes) You can create a ZFS pool with less than three volumes using RAID0 configuration.
ZFS compression	LZ4
ZFS deduplication	Off
ZFS record size	128 KB

Hardware requirements for Phoenix CloudCache

Prerequisite	Minimum Requirement
CPU	64-bit, quad-core processor
RAM	8 GB or greater
Network Traffic rules	Outgoing network traffic: Phoenix CloudCache connects to Phoenix cloud using port 443. Incoming network traffic: Phoenix agents connect to Phoenix CloudCache using port 443.
Firewall	If a firewall is enabled, allow all outgoing TCP/IP traffic to port 443 for "*.druva.com".
Web proxy	Druva supports the following proxy types: HTTP socks4 socks5 For more information see: Configure Web proxy

Note: Phoenix does not support 4K native drives in the CloudCache environment. We recommend you to use 512 native drives for backup.

To use Phoenix CloudCache 3.3-7649 or later, install the following agents on the servers that you want to protect:

Linux RPM version 4.6.1-7433 or later.
Windows 64/32 bit agent version 4.6.1-7430 or later.

If you do not use the recommended agents, the following errors will be displayed:

PHOENIX 146 error for agent.
KeyError 101 error for CloudCache.

Network requirements

Field	Requirement
Network Traffic rules	Phoenix agent: Phoenix agents connect to Phoenix Cloud using port 443. Phoenix CloudCache: Phoenix CloudCache connects to Phoenix Cloud using port 443. Phoenix agents connect to Phoenix CloudCache using port 443. Phoenix Backup Store Phoenix Backup Store connects to the Phoenix Cloud using port 443.
Firewall	For all the agents and CloudCache: If the firewall is enabled, allow all outbound TCP/IP traffic to *.druva.com through port 443.
Web proxy	Druva supports the following proxy types: http socks4 socks5 For more information see: Configure web proxy for Windows Configure web proxy for Linux Configure web proxy for CloudCache Configure web proxy for the Phoenix Backup Store

For more information, see Sizing for backup proxy.

Security considerations

One thing that is often overlooked when deploying a data protection solution is security. While Druva automatically handles the security of information in transit and at rest, there are other security mechanisms that organizations should consider for implementing beyond encryption when it comes to data protection. The following sections discuss the security considerations that organizations should take into account as they implement Phoenix for their data protection solution.

Roles and responsibilities

To prevent privileged users from making unauthorized changes to resources within their organization, Phoenix supports the Role Based Access Control (RBAC) for separation of duties. This capability allows organizations to limit privileged user access to a predefined set of roles and data assets. This RBAC capability makes it possible to create ethical walls to enforce privacy, as well as implement a delegated administration structure to meet customers’ organizational, compliance, or security requirements. To add RBAC in your Phoenix deployment, see Manage administrators .

Global regulatory compliance

As part of your data protection strategy, organizations need to take into account where they operate and what requirements they have on security and availability of the data. With Druva Phoenix, organizations can store data in any of twelve global regions depending on their security, compliance, data access, and availability requirements. While not only a compliance requirement, proximity to data can also help shrink the time it takes to recover in the event of a disaster.

Single sign-on

Phoenix supports SAML which allows organizations to centralized authentication for the administration of their Phoenix environment. This allows Phoenix administrators to leverage existing centralized authentication mechanisms like Okta, Ping Identity, or Active Directory which are already being used today. The use of Single sign-on (SSO) helps to guarantee the availability of access to Phoenix and eliminates local authentication stores which cause audit and compliance headaches as well as create a security risk. To integrate Phoenix with your SSO authentication mechanism, see Configure single sign-on for Phoenix .

Testing your recovery

As part of your data protection strategy, it is important to see if what you are backing up is actually getting backed up, whether part of a normal business continuity and disaster recovery process.

Conclusion

While protecting data in flight and at rest are important security capabilities of any enterprise-level data protection solution, there are definitely more issues to take into account, and more capabilities to take advantage of when it comes to protecting the overall data attack surface. For identifying and implementing more such security considerations for Phoenix, contact Druva Support.