Veeam Agents provide the ability to back up and restore workloads which prohibit the use of a virtual machine backup (e.g. physical computers, public cloud vms, vms which snapshots cannot be created for). Veeam Backup & Replication lets you centrally deploy and manage Veeam Agent for Microsoft Windows and Veeam Agent for Linux on computers in your infrastructure from within the Veeam Backup & Replication console.
The central management of Veeam Agents involves additional elements in the console:
- Protection Group - Container in the Veeam Backup & Replication inventory aimed to combine protected computers (e.g. by type or workload etc.)
- Agent Backup Job - Scheduled on the backup server similar as VM backup jobs. One job can be used to process one or more Protection Groups and/or individual computers.
- Backup Policy - Describes configuration of individual Veeam Agent backup jobs scheduled on protected computers (in contrast to Agent Backup Jobs scheduled on the backup server). Settings from a Backup Policy can be applied to one or more individual computers or computers added to the inventory as part of a Protection Group.
For detailed descriptions of the purpose, setup, usage and behavior of these elements please refer to the Veeam Agent Management Guide.
The purpose of Protection Groups within Veeam Backup & Replication is to specify computers on which Veeam Agents should be installed and managed. The selection of computers within a particular Protection Group can be based either on individual IP addresses, Microsoft Active Directory objects (entire domain, container, organizational unit, group, computer or cluster) or computers listed in a CSV file. Each Protection Group requires a unique name for display under the “Physical & Cloud Infrastructure” node on the Inventory page of the Backup & Replication console. Additionally, there are predefined Protection Groups (manually added, unmanaged, out of date, offline, untrusted). For details please refer to the Veeam Agent Management Guide.
Within each manually created Protection Group there are two configuration options within the Protection Group’s configuration dialog that should be reviewed:
Checkbox: Install backup agent automatically (plus sub-options on the “Options” page of the dialog)
Checkbox: Run discovery when I click Finish (on the “Summary” page of the dialog)
Both checkboxes are ticked by default. That leads to the installation of Veeam Agent components on the computers targeted by the Protection Group after clicking the Finish button. “Discovery” updates the Protection Group’s member list and deploys the Veeam Installer Service. Based on the “Install backup agent automatically” setting and its sub-options, additional software components will be installed on the targeted computers.
Best practice: review and uncheck these checkboxes in environments with strict software deployment/maintenance rules and processes. Veeam agents can also be pre-installed by 3rd party software. It might even be preferred to disable scheduled rescan of Protection Groups as described here.