The best method to protect the Veeam Backup & Replication configuration is Configuration Backup, which is built-in and enabled by default. The default configuration for Configuration Backup is to occur once a day at 10 AM, writing to the Default Backup Repository. After you create the first Repository, Veeam Backup & Replication will prompt you to ask if you'd like to change the Configuration Backup to use that new Repository.
Review the Configuration Backup settings and consider:
- Reconfigure the Configuration Backup to send the configuration backup files (.bco) to a secure location that will not be lost if the Veeam Backup Server is lost.
Example: Don't store the configuration backup files on the C:\ of the Veeam Backup Server, as losing that would cause a loss of the software and the configuration backup.
- Enable encryption for the Configuration Backup to make restoring the backup configuration a smoother experience. When restoring from a configuration backup, all accounts stored in the credentials manager are restored. If the Configuration Backup was not encrypted, you would have to enter each account password manually. After enabling the encryption option, Veeam Backup & Replication will create encrypted configuration backups containing the passwords stored in the credentials manager. So that when you restore, you will not have to enter passwords for credentials records again (unless the passwords for credentials records have changed by the time of restore).
For an added layer of protection, a File Copy job can be set up to duplicate the backup configuration (.bco) files from one location to another.