SUMMARY
How to configure Sharepoint Backups with Unitrends
ISSUE
How to safely protect a Sharepoint Server?
Well, no matter if it is a VM or physical, or, a Single/Simple server or a Farm, per Microsoft, there's only one right answer, and Unitrends automates and implements that method for you.
RESOLUTION
The only supported way to protect SharePoint is to use native integrated sharepoint backups.
Microsoft provides this function in their SharePoint Admin UI. This is just a UI feature that integrates into Powershell, and leverages SharePoint Powershell backup administration (on 2007 this is done via stsadmin.exe, not pewrshell). Unitrends SharePoint Protection via installed agent on a SharePoint Administration server integrated with that native service to perform a Microsoft supported Sharepoint Backup Operation.
For specific instructions on how to configure SharePoint backups with Unitrends, See the Admin Guide > Application Backups > SharePoint Backup Requirements and Considderations
Note: DO NOT run SQL backups of the SQL components of SharePoint databases. Protection of SQL components of sharepoint is handled by the SharePoint Powershell component already. Independent SQL backups will break SQL transaction chain ownership and cause sharepoint to require a new full backup when that occurs.
TASKS
- Register your SharePoint Central Administration Server to Unitrends. This will deploy the current Unitrends Agent using Agent push if possible (if not manually deploy the agent and register the client separately). Ensure a valid Windows Trust Credential is entered after registration is manual installation is required. .
- Configure Unitrends Sharepoint Trust Credentials for the SharePoint object found on Configure > Protected Assets. This is likely not the same user used to install the agent, but will be a Sharepoint Admin user. The recommended user is a domain user SPECIFICALLY named SPFarmBackup (This is a "secret" default user that on creation inherits proper permissions in sharepoint), but other users may be able to be configured.
- The SharePoint credential user must be a domain admin and local admin of every server in the Sharepoint Farm, and must have the "logon as a batch job" and "logon as a service" rights
- SharePoint Admin and Timer services on all servers in the farm must use the same credential (typically local system). If another user is used, it must have local admin rights and be a member of all necessary Sharepoint security groups (such documentation differs by server and is maintained by Microsoft, for best use, use local system permissions for these services)
- Ensure ALL servers in the sharepoint farm can create an SMBv1 CIFS connection to the target location (Unitrends Appliance IP/samba). This is normally not an issue but may be if some Sharepoint Servers are deployed in DMZ network segments. Note, SMBv1 is a Microsoft requirement for Sharepoint. Sharepoint even in 2016 servers does not yet support SMBv2/3. We eagerly await a change on this from Microsoft.
- Log onto the Central Admin Server as the Sharepoint user chosen for the Unitrends Credential user
- Log onto the Sharepoint Admin Site as the Unitrends Credential User
- Perform a backup from Microsoft's UI to the target Unitrends Samba share.
- Assuming the above is successful, delete the files created in samba and configure a Unitrends Backup job, which will not also be successful. If the above failed, engage Microsoft or a Microsoft partner for further assistance as Sharepoint configuration is failing to use it;s own integrated tools properly. Unitrends can only back up a sharepoint server successfully if Microsoft itself can as we leverage the exact same powershell single-command-line process.
NOTES
Just in case the question is unclear, and we're asked this all the time, can you "safely" back up a sharepoint server using VM backups? The answer is "only if you manually stop all sharepoint services on all farm members first" or, in other words, you should never snapshot a production running SharePoint Server for any reason. Not for backup, and not for live motion or replication of a VM. Always protect a Sharepoint Server using file level and Sharepoint Level native integration exclusively.
Additional note about SharePoint recovery. Single/Simple SharePoint deployments prior to 2016 can support direct recovery to the original servers. However, a Farm server, whether single server deployed or distributed, sharepoint cannot be directly recovered to (Granular object recovery capability is available to Enterprise plus users of Kroll who upgrade to Kroll Exchange and SharePoint edition separately). To recover a farm, do not restore the server from backup, instead, deployment of a new farm is required. See Microsoft documentation for farm level recovery processes. This is a Microsoft restriction Unitrends cannot work around. "Single" is no longer an option in SharePoint 2016+, all servers are farms.