Physical Servers Backup Best Practices Configuration
Physical Servers Backup Best Practices Configuration
Servers Backup
Configuration and Best Practices
Matthias Mehrtens
Solutions Architect, Veeam Software
Windows and Physical Servers Backup
Contents
1. Where to look when choosing backup for physical workloads? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Benefits of an application-aware image-based backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Incremental backup forever with change block tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3. Simple yet powerful recovery options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4. Automatic Physical-to-Virtual Conversion (P2V). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5. Multiple backup modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5.1. Entire computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.5.2. Volume-level backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.5.3. File-level backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.5.4. Parallel Disk Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.5. Optional application awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.6. Focus on simple recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2. License editions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3. Management modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1. Standalone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2. Managed by backup server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.3. Managed by agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6. Backup targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
7. Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
9. Protecting Workstations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.1. Automatic Resume of Interrupted Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.2. Backup Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.3. Event-based Scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9.4. CryptoLocker Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 2
Windows and Physical Servers Backup
Most organizations today rely on virtualized IT infrastructures. Veeam® helps them provide and increase
availability of critical workloads running on their systems. Due to various factors, including complex hardware
configurations and compliance regulations, some workloads cannot be virtualized, along with endpoints
(workstations and notebook computers) that might not be entirely protected by leveraging backup solutions
built for virtualized systems. Thus, everyday occurrences such as lapses in connectivity, hardware failures, file
corruption, ransomware or even theft can leave an organization’s data at risk.
Veeam Agents solve these issues by closing the gap that some enterprises face with large, heterogeneous
environments and further enabling workload mobility by delivering availability for cloud-based workloads.
Of course, Veeam Agents can also handle virtual machines and applications that, for example, do not support
a hypervisor snapshot, or for any other reason cannot be protected on the virtualization layer.
This paper describes the main concepts behind Veeam Agent for Microsoft Windows, how agents can
be managed centrally by integration into Veeam Backup & Replication™ and more. It is an updated version
of the paper that was released in 2020 to accommodate new features and changes that have become
available with version 5 of Veeam Agent for Microsoft Windows in February 2021 (alongside Veeam Backup
& Replication v11). In this version, we’ve also included some quotes from experienced community members
to provide a peer perspective to Windows and Linux servers backup, which should give you confidence when
developing the best backup strategy.
We also cover some topics about Veeam Agent for Linux v5 and Veeam Agent for Mac v1.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 3
Windows and Physical Servers Backup
We will dive deeper here into Veeam’s backup and recovery technologies, which we believe are crucial for
timely and reliable physical server backups.
“What I love most about Veeam Agent features is how the scenarios we can create when
combining them really change the game with endpoint data protection. We can create
a single backup job that can be run not just on schedule but triggered by supported business
applications and scripts. If internet connectivity is missing, we can store these backups
locally, ready and waiting to send back the moment we get internet connectivity. With Veeam
Cloud Connect integrated we don’t need to worry about USBs being lost either, we take the
data straight from the user to a trusted datacentre, meeting the 3-2-1-1 capabilities offered
by Veeam Agent. When the time comes that backup recovery is necessary, this can be sent
straight to the user, wherever they are, securely and without IT needing physical access to the
device. Whether it’s a single file that’s been accidentally deleted, or imaging a new device with
all the previous applications and configurations, Veeam Agent delivers.”
– Michael Paul, Technical Consultant, Veeam Legend, VMCA, VCP
Another benefit of an image-based approach is portability of backup files because they can be restored almost
anywhere. This proven Veeam technology provides unique mobility of backups, which allows for moving
workloads from physical to virtual or to cloud and back, simply by leveraging one of the many restore options
provided. The backup files created by Veeam Agent for Microsoft Windows are self-contained. Even without
an existing backup infrastructure, restores are still feasible.
For application awareness, Veeam Agent for Microsoft Windows adds the same proven guest processing
engine found in Veeam Backup & Replication, which helps bring the power and flexibility you need to ensure
availability for your physical Windows workstations and servers. It also:
• Ensures that enterprise applications are discovered and quiesced during backup
• Provides simple log backup for enterprise databases (MS-SQL and Oracle)
• Allows granular restores of files and applications.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 4
Windows and Physical Servers Backup
Quote: “Veeam Agents are a great way to have a unified backup strategy, where all your
workloads are backed up with Veeam regardless of being virtual or physical. It is possible
to do application aware backup of an SQL server, for example, to create consistent backups.
If the server does indeed run database or heavy workloads, it is best to install Veeam’s CBT
(Changed Block Tracking) Driver, which works more efficiently and boosts backup performance.
For added security, you should enable backup encryption.”
– Nico Stein, AVP of IT, Veeam Vanguard, vExpert, Cisco Champion
This technology allows for the creation of very powerful forever incremental backup chains where only one
initial full backup is required. All subsequent backup runs are incremental and process only changes. Then,
as soon as the first full backup expires due to the chosen retention, the oldest incremental backup file will
automatically be merged into the existing full backup file, overwriting the expired blocks (if any) within.
However, the function of creating forever incremental backup chains is optional. For example, it can
be disabled if there are reasons not to go that route and instead create full backup files regularly. This is done
by either reading the complete source data again (active full backup) or by enabling the scheduled creation
of synthetic full backups from existing backup chain files.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 5
Windows and Physical Servers Backup
And all these options are just a few clicks away as shown in Figure 1-2:
Figure 1-2: Restore options in context menu of Agent Backup in Veeam® Backup & Replication Console
1
Only available in conjunction with Veeam Backup & Replication
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 6
Windows and Physical Servers Backup
Quote: “What I like most about Veeam Agent is the restore options, which you get
in combination with Veeam Backup & Replication. Of course, you’re able to do standard
restores, like file-level, application-level or bare-metal, but with Veeam Backup & Replication,
you also get more advanced restore capabilities:
1. Instant VM Recovery to VMware vSphere or Microsoft Hyper-V
2. Restore to Amazon EC2 or Microsoft Azure
Being able to start your backup on a virtualization host or in the cloud extends your possibilities
for many scenarios.
If your physical server or workstation has a hardware error and you can’t wait for replacement,
then why not use your existing virtualization resources or upload it as an EC2 or Azure machine
to the cloud?
This is not just useful during outages. Using Veeam as a migration utility from physical to virtual
or the cloud keeps both the downtime and the admin stress level low.
Finally, if you need to do any critical maintenance or update tasks, you can first evaluate them
virtually in your lab environment, before doing them on your production hardware.”
– Maximilian Maier, Sr. IT Consultant, Veeam Legend, VMCE, VCP
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 7
Windows and Physical Servers Backup
Starting with V11 of Veeam Backup & Replication, it is now possible to exclude volumes (Veeam Agent for
Microsoft Windows v5 only), i.e. all volumes except the ones selected for exclusion will be backed up.
Figure 1-4: Exclusion of Volumes in Veeam® Agent for Microsoft Windows backup jobs
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 8
Windows and Physical Servers Backup
NOTE: If you just want to exclude specific folders from backup, you can still use the volume-level backup,
as it also supports the exclusion of folders including those based on wildcards (only after last backslash
of path) or system environment variables (e.g. %WINDIR%, which typically points to the C:\Windows folder).
V5 of Veeam Agent for Microsoft Windows (Veeam Backup & Replication v11) introduces a new option to make
selection of personal files residing in the users’ profile folders much easier as shown in Figure 1-5.
Figure 1-5: Selecting personal file folders in v5 of Veeam Agent for Microsoft Windows
For managed agents (see section 3), there is an additional option to exclude users‘ local OneDrive folders from
backup. As these folders are typically synced to OneDrive cloud storage you possibly want them to be excluded
from backup. You’ll find the option when clicking on the “Advanced” button as shown in Figure 1-6.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 9
Windows and Physical Servers Backup
Parallel disk processing is available and enabled by default in “entire computer” and “volume-level” backup
modes and will be effective only when using a Veeam backup repository or a Veeam Cloud Connect repository
as the backup target. It is possible to tune the level of parallelism or completely disable the feature if needed
(see https://www.veeam.com/kb3157 for details).
Now that we have reviewed the basic concepts of physical workload protection with Veeam, let’s dive deeper
into Veeam Agent for Microsoft Windows: licensing options, centralized agent management and deployment
and several best practices for your environment.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 10
Windows and Physical Servers Backup
2. License editions
Veeam Agent for Microsoft Windows is available in three different license editions:
Free: Provides a simple solution for backing up Windows-based desktops and laptops. Ideal for, but not
limited to, personal use.
Workstation: Entitles you for 24.7.365 technical support and adds features for mobile user protection and
support for remote management; adds the ability to create synthetic full backups and use Veeam Cloud
Connect repositories as backup targets.
Server: All features of Workstation edition, plus full server support via application-aware processing and
server-focused job-scheduler; unlimited amount of backup jobs to any supported target and Veeam Volume
Change Tracking (CBT driver) for Windows Server operating systems.
There are different sets of software components being installed on a workstation or server, depending
on deployment and management requirements, to be protected by Veeam Agent for Microsoft Windows. For
this reason, there are three different modes of operation in which Veeam Agent for Microsoft Windows can
be deployed and managed to provide flexibility for many different use cases.
2
To perform instant recovery to Hyper-V or vSphere and restore to Azure or Amazon, a specific Veeam Backup & Replication license may
be required.
3
If a Veeam backup repository is used as a backup target in standalone mode, source-side encryption is not available. However, encryption
of backup data can be enabled on the Veeam repository instead.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 11
Windows and Physical Servers Backup
3. Management modes
Veeam Backup & Replication allows you to centrally manage every aspect of Veeam Agent for Microsoft
Windows installations. This means that local configuration management components (backup job
management, user interface, restore options, etc.) will not be available locally on the protected machine
because these tasks will be controlled centrally by the Veeam Backup & Replication backup server. This
is referred to as the managed by backup server mode.
On the other hand, if the Veeam Agent for Microsoft Windows installation package is installed manually
on a physical or virtual computer not being managed by Veeam Backup & Replication, more components need
to be available and configurable on the local computer. This is referred to as the standalone mode.
A third option, called managed by agent mode resembles a special mix of the two modes above and is the only
available mode for the workstation edition combined with central management.
Technically, you are free to choose one of the modes described above individually for each protected
computer. But there are, of course, certain scenarios where a specific mode should be the preferred choice.
Here is a brief summary and a list of examples use cases for each mode:
3.1. Standalone
This mode is obviously targeted at protecting standalone computers, both physical and virtual, which are not
part of a centrally managed backup infrastructure. Any user with local administrative permissions will be able
to configure backups and restores as required. Use case examples:
• Personal physical or virtual workstation or server computers at home
• Physical or virtual corporate servers/workstations, which are managed individually
• Virtual computers in public clouds, which are managed individually
Standalone mode is available for all editions of Veeam Agent for Microsoft Windows. Although there is obviously
no central management available for this mode, locally configured backup jobs on an agent computer
in standalone mode can write backup data into backup repositories managed by Veeam Backup & Replication.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 12
Windows and Physical Servers Backup
This mode requires a Veeam Backup & Replication infrastructure to be in place for agent deployment,
configuration and management. Local users of computers protected by Veeam Agent for Microsoft
Windows in this mode have no option to perform or configure backups or restores (there is no UI available
locally). Everything is under the control of the Veeam Backup & Replication backup server that the
computer is managed by.
Figure 3-2 shows that only backup repositories of the Veeam Backup & Replication infrastructure can be used
as targets. This looks like a limitation compared to standalone mode, but instead it enables a lot more target
options, because Veeam Backup & Replication supports a huge variety of backup targets (many more than the
agent in standalone mode is capable of).
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 13
Windows and Physical Servers Backup
Although all agent configuration options are required to be defined centrally on a Veeam Backup & Replication
backup server, it is the local computer that executes the scheduled backups (even if the backup server is not
available at the time), using its own configuration database and scheduling engine after having pulled its
configuration from the backup server. A local user has a limited UI, which enables the creation of on-demand
backups (in addition to regular backups created based on a centrally defined schedule), as well as performing
file- or volume-level restores. Use case examples include:
• Corporate physical or virtual application or database servers (on-premises or in the public cloud) managed
by dedicated application/database administrators who need the ability to perform on-demand backups/
restores without help from infrastructure/backup operations staff
• Corporate workstations
• Mobile endpoint computers without continuous connection to the corporate network
Managed by agent mode is available for server and workstation editions and starting with v5, it can
be leveraged by the new “Protection Group with flexible scope,” which is covered in section 5.2 of this paper.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 14
Windows and Physical Servers Backup
If, in contrast to the above, configuration and management are conducted centrally as described in the
managed by backup server mode, only a smaller set of components is required, referred to as the lightweight
agent installation type.
Eventually for managed by agent mode, all components of the full agent installation type plus a small
setup/maintenance service (Veeam Installer Service) will be installed. However, all local UI components will
be disabled in this mode (i.e. configuration options can be reviewed but not changed on the local computer),
and Veeam Agent for Microsoft Windows will regularly pull its configuration from a central Veeam Backup &
Replication backup server. Additionally, the ability to manually start an on-demand (out of schedule) backup
as well as several restore options are available via the local agent GUI/CLI and do not require access to the
central Veeam Backup & Replication console.
Figure 4-1: Locally available backup and restore options in managed by agent mode
Regarding installed components, the only difference between managed by agent or standalone modes is the
Veeam Installer Service are not being installed in the latter. The installation of Veeam Agent for Microsoft
Windows, therefore, is still referred to as the full agent type.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 15
Windows and Physical Servers Backup
Table 4-1 provides a quick overview of the two agents’ installation types and the included components related
to the three management modes.
No local UI
No local database
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 16
Windows and Physical Servers Backup
A Protection Group (PG) configures a scope of computers (= members of the PG) and defines if Veeam Agent
for Microsoft Windows should be installed on these members. The scope of a PG can be based on different
sources as shown in Figure 5-1.
When using Active Directory objects as a PG source, it is possible to select container objects such
as organizational units or security groups instead of (or in addition to) individual computer objects. This
is a very powerful option as it follows the dynamics of the chosen container object:
• Whenever a computer is added to the selected container within Active Directory, the PG will respect the
change and the new members of the container will be processed automatically.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 17
Windows and Physical Servers Backup
The same applies when removing computer objects from Active Directory containers:
• Processing of these computers by the PG will cease automatically based on the PG’s schedule.
To add even more flexibility, exclusions can be defined within the PG to skip certain computers and/or containers
from PG processing. Exclusions can also be defined for virtual machines in general (if the PG’s intended scope
is physical computers only), or for computers that have been offline for more than 30 days.
To enable installation of Veeam Agent for Microsoft Windows on the resulting set of members of a Protection
Group, credentials with local admin privileges on these members will be required. These credentials can
be configured to be the same (master account) for all PG members and individually per container, group
or individual computers.
To define when the computers in the scope of the Protection Group should be scanned for changes,
a schedule can be configured in the PG’s configuration dialog. It also allows to select a Distribution server
as part of the Veeam Backup & Replication infrastructure, which will be responsible for pushing the agent
binaries to the PG‘s member computers if the central backup server cannot or should not be uploading these
binaries to the computers directly. The automatic installation and updating of the Veeam Agent for Microsoft
Windows software components can also be disabled if needed (Figure 5-2).
For environments where the deployment of agents should not be handled by the Veeam backup server
at all, Veeam introduced a new type of Protection Group for “Computers with pre-installed agents” with V11
of Veeam® Backup & Replication (see last option in Figure 51). Let’s have a look at this new type (also called
“Protection Group with a Flexible Scope”) in more detail.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 18
Windows and Physical Servers Backup
Protection Groups of this type will create an installation package of the Veeam Agent you choose, and it will
also create a configuration file containing all information the agent needs to find and authenticate against
the backup server. Once this package is installed and configured with this configuration file, the agent will
synchronize with the backup server and pull the configuration of the managed by agent backup policy that
targets this PG on a regular basis. The installation will always be of type full agent as described in section 4,
and these PGs can only be used in backup jobs of type managed by agent (see section 3.3).
Centrally managed agent backup jobs are created and configured on the Veeam Backup & Replication backup
server. These jobs let you choose between the already discussed managed by backup server and managed
by agent modes as shown in Figure 5-3.
Figure 5-3: New Agent Backup Job dialog in Veeam Backup & Replication console
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 19
Windows and Physical Servers Backup
Note that only jobs of type Server or Failover cluster (i.e. for agents with Server edition license) provide the
ability to enable application-aware processing, shown on the Guest Processing page of the wizard dialog.
The last step of the backup job configuration wizard shows the powerful scheduling options available
in backup jobs managed by Veeam Backup & Replication (Figure 5-5).
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 20
Windows and Physical Servers Backup
6. Backup targets
If you are familiar with Veeam Backup & Replication, you already know that many different targets can
be used to store your valuable backup data. Veeam Agent for Microsoft Windows also supports a variety
of configurable backup targets, depending on the management mode, as shown in Table 6-1.
Local storage + — +
Shared folder + +4 +
Deduplication appliance6 + + +
Microsoft OneDrive + — —
Table 6-1: Backup targets
4
If configured as backup repository in Veeam Backup & Replication
5
For limitations and requirements regarding Cloud Connect repositories read more here: https://helpcenter.veeam.com/docs/
agentforwindows/userguide/cloud_connect.html
6
If configured as backup repository in Veeam Backup & Replication. Read more about supported systems and configuration requirements
here: https://helpcenter.veeam.com/docs/backup/vsphere/deduplicating_storage_appliances.html
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 21
Windows and Physical Servers Backup
7. Encryption
To add extra protection to the backup data created by Veeam Agent for Microsoft Windows, to, for example,
comply with legal regulations or corporate policies, you can choose to encrypt backup files in the Advanced
Settings of the job’s backup target configuration as shown in Figure 7-1.
All that’s required is a password, which you need to remember for decrypting and restoring encrypted backup
data. An optional hint phrase can be stored along with the password itself, which can help you recall the
password when you need it most.
If a Veeam backup repository is selected as the backup target of a Veeam Agent for Microsoft Windows
backup job in standalone mode, encryption cannot be configured in the agent’s job settings (Figure 7-2). This
is because encryption of data located in Veeam backup repositories is managed by the administrators working
with Veeam Backup & Replication.
Figure 7-2: Local encryption is not available for Veeam backup repositories
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 22
Windows and Physical Servers Backup
That said, encryption can still be enabled for these agent backup files, but it must be configured by the
backup administrator within the repository’s “Access Permissions” settings (Figure 7-3).
NOTE: The setting highlighted in Figure 7-3 only applies to backups of agents in the standalone mode.
When using managed by agent or managed by backup server jobs, this setting will be ignored and only the
encryption settings in the job configuration will apply.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 23
Windows and Physical Servers Backup
To help you follow this rule with Veeam Agent for Microsoft Windows, there is a special type of backup copy
job available in Veeam Backup & Replication, which enables copying of agent backup data to a secondary
Veeam repository. This function is well known in Veeam Backup & Replication for backups of virtual machines
and has been there for a long time. However, you can process backups created by Veeam Agent for Microsoft
Windows only with backup copy jobs for Microsoft Windows computer backups. You cannot add a Veeam
Agent backup as an additional source of a backup copy job that processes VM backups.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 24
Windows and Physical Servers Backup
9. Protecting Workstations
It is always a challenge to protect users’ workstations as soon as they are not located directly beside your
central backup infrastructure, i.e. if they are not well connected to your data center or sometimes are even
completely offline during prolonged periods of time. But this is a very common situation these days when you
think of home office workers, travelling notebook users, or even remote corporate locations which might have
some local infrastructure, but backups still need to be stored centrally (e.g. because of corporate or legal
requirements, lack of backup storage in the remote office, etc.).
For the deployment of Veeam Agent for Microsoft Windows on such remote computers, we already mentioned the
possibility of using Distribution servers in the section about Protection Groups to create a distributed deployment
infrastructure. But what are the options for workstations with an unreliable or sometimes unavailable connection
to the central backup target? Well, let’s have a look at what Veeam Agent for Microsoft Windows is offering in such
situations for standalone workstation agents as well as for managed by agent policies!
This “resume the backup” processing works automatically in the background and it will only transfer backup
data which hasn’t been transferred already, by keeping track of each transferred block (updating the local
“block map” once per minute). If the backup job is targeting local storage, shared folder or Microsoft
OneDrive, it will also resume automatically on returning from power saving modes (sleep, hibernate) which
may have interrupted the backup run (for details and prerequisites, please see https://helpcenter.veeam.com/
docs/agentforwindows/userguide/scheduled_backup_retry.html).
A suitable location of the cache can be selected automatically by Veeam Agent for Microsoft Windows, but
it is also possible to manually configure a folder where backup data should be cached. Be aware that for
agents managed by Veeam Backup & Replication via backup by agent policy, the manual selection must
be available for all workstations the policy will be applied to! That’s why the automatic selection might
be a better choice as it will select the best suitable volume for each workstation individually. Figure 9-1 shows
the cache configuration options of such a policy (for more details about the automatic cache placement,
please visit https://helpcenter.veeam.com/docs/backup/agents/backup_cache.html).
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 25
Windows and Physical Servers Backup
Please note that for standalone agents the Backup Cache option is available for all supported backup
targets except “local storage” (where it wouldn’t make any sense). However, for agents being controlled via
a managed by agent policy, caching is available only when targeting a Veeam repository or a Veeam Cloud
Connect repository. Cache can neither be used with file-level backup mode (unless it’s configured for image-
based processing as described in section “Multiple backup modes”)
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 26
Windows and Physical Servers Backup
Figure 92 shows all selectable scheduling options of agents with a workstation license (i.e. using backup jobs
of type „workstation“; this also applies to free standalone agents).
These settings provide great flexibility for e.g. travelling users or home office workers, because usually such
users have very individual working schedules, and a “static” backup schedule (e.g. daily at a fixed time of day)
is most likely not suitable.
Most of the options shown in Figure 9-2 are self-explaining, but let’s have a closer look at the setting “When
backup target is connected.” This simply means that Veeam Agent for Microsoft Windows will start the backup
job as soon as the configured backup target becomes available. This just works for local storage (e.g. plugging
in an external USB storage device) as well as for targets reachable via network (e.g. a shared folder on a NAS
or file server, a backup repository that requires a VPN connection to be reachable, etc.). Imagine a travelling
user who is working on documents while offline; the backup of his computer will start immediately as soon
as he gets home or into his hotel room and connects to the corporate VPN!
When using the “local storage” target option (see Table 6-1) and configuring a folder located on a removable
storage device (e.g. USB key) as the backup target, the backup processing will start automatically as soon
as the device has been plugged into the computer.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 27
Windows and Physical Servers Backup
Combined with the “When backup target is connected” scheduling option, the task of backing up your remote
or travelling workstation becomes as easy. Backup starts when the device is plugged in, and the device will
be automatically ejected after the backup completes. Even if you forget to physically unplug the device,
its contents will no longer be available to the operating system (it’s in a dismounted state), and thus will
be protected from any ransomware or crypto locker attack.
Another way is to combine these options with the setting “Once backup is taken, computer should Sleep/
Hibernate/Shutdown,” and that’s how I use it to create a daily backup of my home workstation:
1. At the end of my workday, I close all my documents/applications and plugin the USB key I configured as the
backup target. The backup starts immediately.
2. I lock the screen and leave the computer running.
3. Veeam Agent for Microsoft Windows creates a backup on my USB key and ejects it afterwards.
4. Veeam Agent for Microsoft Windows shuts down the computer.
5. First thing on the next morning: Unplug the USB key before starting the computer.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 28
Windows and Physical Servers Backup
Figure 10-1: Veeam Agent for Microsoft Windows storage snapshot integration
Figure 10-1 illustrates how the integration works: The server on the upper left runs Veeam Agent for
Microsoft Windows and has a volume mounted from an external storage system, in addition to its local,
directly attached volumes (e.g. the OS volume). The storage system has been integrated into Veeam Backup
& Replication’s storage infrastructure, and the check box “Block storage for Microsoft Windows servers” has
been enabled in the settings as shown in the NetApp example in Figure 10-2.
Figure 10-2: Storage settings for NetApp system integrated into Veeam Backup & Replication
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 29
Windows and Physical Servers Backup
Additionally, a Veeam backup proxy server has been added/configured to the Veeam backup infrastructure
which has access to the storage system (Figure 10-3).
Figure 10-3: Backup Proxy to access the storage system integrated into Veeam Backup & Replication
The final bit must be configured within the managed by server backup job. Here, you have to enter the
advanced settings of the “Storage” step of the configuration wizard and check the box “Enable backup
from storage snapshots” as shown in Figure 10-4. You can also select here if proxies should be assigned
automatically during each job run, or if you want to restrict the job to utilize only a set of proxies of your
choice, and what to do in case the snapshot processing fails (either failover to “normal” mode or end job with
a status of “failed”).
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 30
Windows and Physical Servers Backup
When running the job, the log will show whether everything works as desired, as you can see in Figure 10-5.
This screenshot was actually taken from the run of a 2-node failover cluster job where a SAN-based volume
was used as a cluster disk. You can see that it works just fine (taking the storage volume snapshot while
processing the current owner node).
Figure 10-5: While processing the owner node, SAN based cluster disk E: has been backed up via an off-host storage
snapshot while system volume C: was backed up “the usual way.”
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 31
Windows and Physical Servers Backup
Let’s briefly cover the Linux and Mac versions and have a look at what’s different compared to the Windows agent.
There are also unique features available only with Veeam Agent for Linux:
7
See also https://helpcenter.veeam.com/docs/agentforlinux/userguide/val_first_steps_iso.html?ver=50. You can also start the creation
process by entering the Agent’s UI and selecting “Misc / Patch Recovery Media.”
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 32
Windows and Physical Servers Backup
Figure 11-1: MySQL and PostgreSQL settings in standalone Veeam Agent for Linux
Figure 11-2: MySQL and PostgreSQL settings of Veeam Agent for Linux job/policy on backup server
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 33
Windows and Physical Servers Backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 34
Windows and Physical Servers Backup
Conclusion
Ensuring timely and reliable backups for ALL workloads is a must but is challenging with the many possible
configurations for virtual AND physical environments.
To see all these best practices in action, start a free 30-day trial.
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 35
Windows and Physical Servers Backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 36