Despite cloud and virtual environments’ popularity and rapid containers adoption, physical servers and endpoints’ protection remain crucial for a proper backup strategy for many organizations out there. Veeam keeps providing support for those types of systems, ensuring that all Windows, Linux and now Mac workloads can be centrally managed and protected. With the V11 release, we expand this offering even further, so let’s dive into new capabilities and discuss how you can leverage them better in your company.
Catch them all, will you?
Let me please start from a new option within agent management. Prior to V11, administrators had three methods to organize workloads into a Protection Group: by adding them individually, utilizing Active Directory objects and by importing a prepared CSV file with the list of desired computers. While those options were pretty appealing, some security teams didn’t like the requirements they imposed, for example, having access to a remote admin$ share or supplying credentials for inbound SSH connection as well as leaving 22 port at the target device opened at all. So, they needed a different approach and now they’re getting it.
Veeam Backup & Replication v11 has got a new type of Protection Group — “Protection Group with pre-installed agents.” Once created, it’s empty and will later accumulate agent installations after they reach out to the VBR server the first time. Veeam Backup & Replication isn’t in charge really, as it’s a one-way connection with Agent always initiating it, not the other way around. While creating this type of a group, you export a special configuration package, unique for each of the three agents. Every package contains a corresponding agent installation file, a “readme” file with instructions as well as a special .XML file with VBR connection settings. Then, it’s up to a user to install an agent manually or via corporate software distribution system. After installation, the agent will periodically attempt to get to a VBR server and will periodically synchronize in order to get the latest settings and backup policy updates. Backup files created in a result of this action, could stay on an external backup drive of the machine or could be going to the central Veeam Backup & Replication/Cloud Connect repository. Overall, this doesn’t impose previously desired requirements and allows for better flexibility in software distribution.
Veeam Agent for Microsoft Windows v5
Let’s switch gears now and talk about each agent specifically. First, I’d like to touch on “backup from storage snapshots” support in Veeam Agent for Microsoft Windows, operating in the “managed by backup server” mode. We’ve been leveraging native storage snapshots in Veeam Backup & Replication for a long time and truly love this functionality as it allows to reduce the impact on production systems, get rid of unpleasant stun for VMs with intensive I/O load and create backups even during production hours. Now, that is expanded further to the physical world. If you have a storage volume attached to the physical Windows server via FC or iSCSI and a compatible storage, there’s a better backup mode for this setup in V11.
By integrating with the storage system, we remove the impact of performance away from the physical host, offloading it to a proxy server and storage system itself, allowing you to isolate network traffic and to have more restore points because the backup jobs can run more often or frequently. The process is managed by Veeam Backup & Replication server, which is responsible for Veeam VSS hardware provider installation and coordinating all the activities related to transporting snapshots and processing the data from source to the target repository.
Besides that, Veeam Agent for Microsoft Windows got some other improvements, like enhanced VPN support, allowing you to have even more control and avoid extra cost associated with backup operations going over VPN networks. There’s no restriction by default, so make sure to double-check network settings and decide whether you’d like to change it or not.
Another important observation one can make is that backup retention settings for copies going to a central VBR repository is much better aligned with existing VBR settings. It can be set in days now with an optional GFS retention scheme. On top of that, you’re getting a better granularity for a backup scope. For example, personal folders (inside Users) can be selected individually and volumes could be excluded from the backup when needed.
Veeam Agent for Linux v5
Ok, what’s going on in the Linux world? We’re always listening to the feedback coming from the community, and therefore implemented a few frequently requested capabilities, like XATTR support for file-level backup, meaning that extended attributes can now be recovered along the way. We’ve completely revamped a recovery ISO, giving it LUKS and LUKS2 support, advanced LVM configuration, network manager TUI (nmtui), enabling auto-start for SSH server, and a better hardware support based on the latest Debian Live ISO. Overall, we truly believe that bare-metal recoveries don’t have to be troublesome, and you’ll like those improvements should you ever perform this procedure.
However, I believe the most important news here is that this agent is now fully supported by Veeam Service Provider Console v5, something that a lot of MSPs have been waiting for a long time. It makes the managed service offerings much more complete now. Automated deployment, centralized management and monitoring of data protection operations have never been that diverse and simple. By using VSPC v5, providers can achieve deployment and configuration of Veeam Agents on remote machines, manage backup jobs, and monitor the status of data protection operations. And speaking of this Console, it also got yet another agent to manage: new Veeam Agent for Mac.
One more thing…
This release of a new Veeam Agent is a bit unusual if you’ve been following the previous ones. We always love to start from minimum viable product, targeting IT enthusiasts and adding corporate functionality like central management and monitoring later. This time the story is the opposite, the first version of Veeam Agent for Mac is better suited for companies where Veeam is already a go-to data protection solution and they would like to expand this to Mac devices as well. Besides that, service providers will be happy too, especially knowing about agent support in VSPC v5.
Ok, but let’s talk about the product, shall we? It does provide file-level backup & recovery with native APFS snapshots on any MacOS, starting from 10.13 (High Sierra) and up to 11.0 (Big Sur). While it’s not available as a standalone solution and requires a VBR server to generate an installation package and deliver backup policy instructions, it does have a simple GUI for a number of operations. What’s more important to know here is that we’ve been testing plenty of MDM solutions, ensuring you can set up a preferred one and use it for agent distribution. I mentioned above the agent package generated on a VBR server within Protection Group creation — it contains two XML files in a different format with all the necessary information (payload) so that you can compile a mobileconfig file based on it.
Once installed and configured, Agent will be periodically synchronizing with a known VBR server and assume the latest data protection settings enabled there. The protection scope includes user profiles or individual folders and there are plenty of backup targets for various scenarios, including hard drives, shared folders, Veeam backup repositories and Veeam Cloud Connect repositories. Recovery can be performed on Mac itself or via the VBR console.
With the newer generation of Agents, Veeam continues to expand physical data protection capabilities, while ensuring that all companies can benefit from Veeam’s unified approach, flexibility and simplicity. We truly believe you’ll like the updates and they will be beneficial as you continue the never-ending journey of business transformation.