Windows and Physical

Servers Backup
Configuration and Best Practices

Matthias Mehrtens
Solutions Architect, Veeam Software
Windows and Physical Servers Backup

Contents
1. Where to look when choosing backup for physical workloads? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Benefits of an application-aware image-based backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Incremental backup forever with change block tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3. Simple yet powerful recovery options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4. Automatic Physical-to-Virtual Conversion (P2V). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5. Multiple backup modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5.1. Entire computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.5.2. Volume-level backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.5.3. File-level backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.5.4. Parallel Disk Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.5. Optional application awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.6. Focus on simple recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2. License editions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3. Management modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1. Standalone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2. Managed by backup server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.3. Managed by agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

4. Agent installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5. Central agent management and deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

5.1. Protection Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.2. Protection Group with a Flexible Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.3. Agent backup jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

6. Backup targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

7. Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

8. Taking backups off site: Following the 3-2-1 Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

9. Protecting Workstations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.1. Automatic Resume of Interrupted Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.2. Backup Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.3. Event-based Scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9.4. CryptoLocker Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

10. Integration with Storage Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

11. Veeam Agents for other OSes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

11.1. Veeam Agent for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
11.2. Support for MySQL and PostgreSQL databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
11.3. Veeam Agent for Mac. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

About the Author. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

About Veeam Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 2
Windows and Physical Servers Backup

Most organizations today rely on virtualized IT infrastructures. Veeam® helps them provide and increase
availability of critical workloads running on their systems. Due to various factors, including complex hardware
configurations and compliance regulations, some workloads cannot be virtualized, along with endpoints
(workstations and notebook computers) that might not be entirely protected by leveraging backup solutions
built for virtualized systems. Thus, everyday occurrences such as lapses in connectivity, hardware failures, file
corruption, ransomware or even theft can leave an organization’s data at risk.

Veeam Agents solve these issues by closing the gap that some enterprises face with large, heterogeneous
environments and further enabling workload mobility by delivering availability for cloud-based workloads.
Of course, Veeam Agents can also handle virtual machines and applications that, for example, do not support
a hypervisor snapshot, or for any other reason cannot be protected on the virtualization layer.

This paper describes the main concepts behind Veeam Agent for Microsoft Windows, how agents can
be managed centrally by integration into Veeam Backup & Replication™ and more. It is an updated version
of the paper that was released in 2020 to accommodate new features and changes that have become
available with version 5 of Veeam Agent for Microsoft Windows in February 2021 (alongside Veeam Backup
& Replication v11). In this version, we’ve also included some quotes from experienced community members
to provide a peer perspective to Windows and Linux servers backup, which should give you confidence when
developing the best backup strategy.

We also cover some topics about Veeam Agent for Linux v5 and Veeam Agent for Mac v1.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 3
Windows and Physical Servers Backup

1. Where to look when choosing backup for physical

workloads?
Nowadays, physical workload protection might be considered a no-brainer with so many vendors who have
had established solutions for years. However, variety of choice does NOT always mean variety of quality.
There are many key aspects to quality data protection, and it’s hard to provide protection when some of those
aspects are missing. Here at Veeam, we believe that organizations must have multiple options, not only
when it comes to backup modes, but also for recovery options. The ability to both create backups of chosen
granularity and restore them when needed to any suitable medium is crucial for businesses of any size.

We will dive deeper here into Veeam’s backup and recovery technologies, which we believe are crucial for
timely and reliable physical server backups.

“What I love most about Veeam Agent features is how the scenarios we can create when
combining them really change the game with endpoint data protection. We can create
a single backup job that can be run not just on schedule but triggered by supported business
applications and scripts. If internet connectivity is missing, we can store these backups
locally, ready and waiting to send back the moment we get internet connectivity. With Veeam
Cloud Connect integrated we don’t need to worry about USBs being lost either, we take the
data straight from the user to a trusted datacentre, meeting the 3-2-1-1 capabilities offered
by Veeam Agent. When the time comes that backup recovery is necessary, this can be sent
straight to the user, wherever they are, securely and without IT needing physical access to the
device. Whether it’s a single file that’s been accidentally deleted, or imaging a new device with
all the previous applications and configurations, Veeam Agent delivers.”
– Michael Paul, Technical Consultant, Veeam Legend, VMCA, VCP

1.1. Benefits of an application-aware image-based backups

Veeam Agents are leveraging, in principle, the same technology used by Veeam for backing up virtual
workloads: image-based backups that create backup copies of each disk attached to a protected computer.
This benefit enables for very fast and simple backups, as well as fast restores to bare-metal systems such as,
for example, restoring to replaced hardware due to some sort of malfunction of the original computer.

Another benefit of an image-based approach is portability of backup files because they can be restored almost
anywhere. This proven Veeam technology provides unique mobility of backups, which allows for moving
workloads from physical to virtual or to cloud and back, simply by leveraging one of the many restore options
provided. The backup files created by Veeam Agent for Microsoft Windows are self-contained. Even without
an existing backup infrastructure, restores are still feasible.

For application awareness, Veeam Agent for Microsoft Windows adds the same proven guest processing
engine found in Veeam Backup & Replication, which helps bring the power and flexibility you need to ensure
availability for your physical Windows workstations and servers. It also:
• Ensures that enterprise applications are discovered and quiesced during backup
• Provides simple log backup for enterprise databases (MS-SQL and Oracle)
• Allows granular restores of files and applications.

NOTE: Application-aware processing is available in the Server edition only.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 4
Windows and Physical Servers Backup

Quote: “Veeam Agents are a great way to have a unified backup strategy, where all your
workloads are backed up with Veeam regardless of being virtual or physical. It is possible
to do application aware backup of an SQL server, for example, to create consistent backups.
If the server does indeed run database or heavy workloads, it is best to install Veeam’s CBT
(Changed Block Tracking) Driver, which works more efficiently and boosts backup performance.
For added security, you should enable backup encryption.”
– Nico Stein, AVP of IT, Veeam Vanguard, vExpert, Cisco Champion

1.2. Incremental backup forever with change block tracking

To avoid transferring all data on all disks every time a backup is performed (such as daily, for example), which
would essentially be required if taking bare images of the computer’s disks without any added intelligence,
Veeam Agent for Microsoft Windows leverages change block tracking on each of the computer’s disks. This
ensures that, after an initial full backup, only blocks that have changed since the last backup run will be read
and transferred to the new incremental backup file (see Figure 1-1).

Figure 1-1: Change block tracking

This technology allows for the creation of very powerful forever incremental backup chains where only one
initial full backup is required. All subsequent backup runs are incremental and process only changes. Then,
as soon as the first full backup expires due to the chosen retention, the oldest incremental backup file will
automatically be merged into the existing full backup file, overwriting the expired blocks (if any) within.

However, the function of creating forever incremental backup chains is optional. For example, it can
be disabled if there are reasons not to go that route and instead create full backup files regularly. This is done
by either reading the complete source data again (active full backup) or by enabling the scheduled creation
of synthetic full backups from existing backup chain files.

1.3. Simple yet powerful recovery options

Any backup solution would be useless if there was no way of restoring from backups. Veeam Agent for
Microsoft Windows provides a comprehensive set of recovery options, including:
• Bare metal restore
Restores the whole system to existing/replaced/new hardware or “empty” virtual machines
• Volume level restore
Restores single or multiple volumes to an existing (same or different) computer or virtual machine

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 5
Windows and Physical Servers Backup

• Export as virtual disk1

Exports single disks as virtual disks that can be attached to virtual machines (Microsoft Hyper-V or VMware
vSphere)
• Instant VM recovery to Microsoft Hyper-V1
Run a Hyper-V virtual machine directly from the backup files created by the agent
• Instant VM recovery to VMware vSphere1
Run a vSphere virtual machine directly from the backup files created by the agent
• Restore to Microsoft Azure1
Restores the computer as a virtual machine in Microsoft Azure IaaS
• Restore to Amazon EC21
Restores the computer as a virtual machine in Amazon Elastic Compute Cloud (EC2) IaaS
• Application item recovery1
Restore single-application items (Microsoft SQL, Oracle, Microsoft Exchange, Active Directory, SharePoint)
• File level recovery
Restores single files or folders back to the original computer or another location

And all these options are just a few clicks away as shown in Figure 1-2:

Figure 1-2: Restore options in context menu of Agent Backup in Veeam® Backup & Replication Console

1
Only available in conjunction with Veeam Backup & Replication

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 6
Windows and Physical Servers Backup

1.4. Automatic Physical-to-Virtual Conversion (P2V)

Have you noticed the two Instant VM Recovery options above? Yes, it’s true: You can restore a backup
of a physical computer taken with Veeam Agent for Microsoft Windows as a virtual machine on either Microsoft
Hyper-V or VMware vSphere. All the required P2V conversion work (e.g. converting the boot disk image into
a bootable virtual disk, exchanging device drivers for storage and network within the Windows OS, etc.)
will be done automatically. These are not only great restoring options but may also be very helpful when
migrating physical computers to virtual machines!

Quote: “What I like most about Veeam Agent is the restore options, which you get
in combination with Veeam Backup & Replication. Of course, you’re able to do standard
restores, like file-level, application-level or bare-metal, but with Veeam Backup & Replication,
you also get more advanced restore capabilities:
1. Instant VM Recovery to VMware vSphere or Microsoft Hyper-V
2. Restore to Amazon EC2 or Microsoft Azure
Being able to start your backup on a virtualization host or in the cloud extends your possibilities
for many scenarios.
If your physical server or workstation has a hardware error and you can’t wait for replacement,
then why not use your existing virtualization resources or upload it as an EC2 or Azure machine
to the cloud?
This is not just useful during outages. Using Veeam as a migration utility from physical to virtual
or the cloud keeps both the downtime and the admin stress level low.
Finally, if you need to do any critical maintenance or update tasks, you can first evaluate them
virtually in your lab environment, before doing them on your production hardware.”
– Maximilian Maier, Sr. IT Consultant, Veeam Legend, VMCE, VCP

1.5. Multiple backup modes

Figure 1-3 shows the backup mode selection dialog of Veeam Agent for Microsoft Windows.

Figure 1-3: Backup modes of an Agent Backup job

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 7
Windows and Physical Servers Backup

1.5.1. Entire computer

This is the recommended mode to create an image-based backup of all disks while deleted, temporary and
page files are automatically excluded from the image to reduce the backup size. It also includes an option
of backing up external USB drives connected to the computer (compatible only with drives that support
Microsoft VSS).

1.5.2. Volume-level backup

The image-level approach still applies when selecting Volume-level backup and explicitly selecting
the volumes for backing up. An example would be if you are backing up only specific data volumes, but
not the boot volume on which Windows resides (or vice versa). However, keep in mind that when the
boot volume is excluded from backup, a bare metal restore of the computer from such backup will not
be available. On the opposite, whenever the boot volume is included, the “System Reserved” or the EFI
volume alongside with a recovery partition (if there is one) will be included in the backup automatically
to enable bare-metal recovery.

Starting with V11 of Veeam Backup & Replication, it is now possible to exclude volumes (Veeam Agent for
Microsoft Windows v5 only), i.e. all volumes except the ones selected for exclusion will be backed up.

Figure 1-4: Exclusion of Volumes in Veeam® Agent for Microsoft Windows backup jobs

1.5.3. File-level backup

For situations where it is not required or not possible to follow the image-level backup approach at all,
Veeam Agent for Microsoft Windows can be configured to create file-level backups instead. However, this
approach will reduce backup performance as the file system’s file table needs to be checked for changed
files to create incremental backups. And if, for example, a large file has been changed only in parts since
the last backup was taken (such as 100 MB of changes within a 10 GB file), the whole amount of file data
(10 GB in this case) would need to be processed and transferred because there would be no change block
tracking available in file-level backup mode. This increases the amount of data to be processed by factor 100,
compared to an image-based backup in this example.File-level backup adds the ability to include/exclude
specific files or folders by specifying file masks (like, for example, *.log) or system environment variables. This
Veeam knowledge base article explains the variety of combinations when using wildcards and/or environment
variables: https://www.veeam.com/kb3236

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 8
Windows and Physical Servers Backup

NOTE: If you just want to exclude specific folders from backup, you can still use the volume-level backup,
as it also supports the exclusion of folders including those based on wildcards (only after last backslash
of path) or system environment variables (e.g. %WINDIR%, which typically points to the C:\Windows folder).

V5 of Veeam Agent for Microsoft Windows (Veeam Backup & Replication v11) introduces a new option to make
selection of personal files residing in the users’ profile folders much easier as shown in Figure 1-5.

Figure 1-5: Selecting personal file folders in v5 of Veeam Agent for Microsoft Windows

For managed agents (see section 3), there is an additional option to exclude users‘ local OneDrive folders from
backup. As these folders are typically synced to OneDrive cloud storage you possibly want them to be excluded
from backup. You’ll find the option when clicking on the “Advanced” button as shown in Figure 1-6.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 9
Windows and Physical Servers Backup

Figure 1-6: Exclude OneDrive folders

1.5.4. Parallel Disk Processing

Starting with Veeam Agent for Microsoft Windows v4 (alongside Veeam Backup & Replication v10), Veeam
introduced parallel disk processing into the product, which helps drastically reducing backup processing time
of computers with multiple disks, as all disks will be backed up simultaneously instead of one after another.

Parallel disk processing is available and enabled by default in “entire computer” and “volume-level” backup
modes and will be effective only when using a Veeam backup repository or a Veeam Cloud Connect repository
as the backup target. It is possible to tune the level of parallelism or completely disable the feature if needed
(see https://www.veeam.com/kb3157 for details).

1.5.5. Optional application awareness

There might sometimes be reasons to disable application awareness within the Veeam Agent for Microsoft
Windows configuration. This results in applications on the computer not being brought to a consistent state
(quiesced) before the actual backup starts and will create a crash consistent backup only. Please be aware
that, although this approach still creates recoverable backups, some restore options will not be available,
some applications (especially databases) might suffer from corrupt or inconsistent application data after being
restored from such a backup and some might not even start at all for the same reason.

1.5.6. Focus on simple recovery

As a result, it is advised to always think twice before bypassing any of the basic concepts by not using the
Entire computer backup mode. In most cases, such a configuration will reduce the number and/or simplicity
of restore options you probably need in case there has been an outage or failure that requires recovering from
backup. As time is always short in such emergency situations, the more restore options that are available and
the simpler they are, the easier and faster the whole recovery process will be.

Now that we have reviewed the basic concepts of physical workload protection with Veeam, let’s dive deeper
into Veeam Agent for Microsoft Windows: licensing options, centralized agent management and deployment
and several best practices for your environment.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 10
Windows and Physical Servers Backup

2. License editions
Veeam Agent for Microsoft Windows is available in three different license editions:

Free: Provides a simple solution for backing up Windows-based desktops and laptops. Ideal for, but not
limited to, personal use.

Workstation: Entitles you for 24.7.365 technical support and adds features for mobile user protection and
support for remote management; adds the ability to create synthetic full backups and use Veeam Cloud
Connect repositories as backup targets.

Server: All features of Workstation edition, plus full server support via application-aware processing and
server-focused job-scheduler; unlimited amount of backup jobs to any supported target and Veeam Volume
Change Tracking (CBT driver) for Windows Server operating systems.

Table 2-1 provides a quick feature comparison of these editions:

Free Workstation Server

Instant recovery to Hyper-V or vSphere VM Yes2 Yes Yes

Restore to Azure or Amazon EC2 Yes 2

Yes Yes

Source-side encryption Yes3 Yes3 Yes3

Synthetic full backups Yes Yes

Remote configuration and management Yes Yes

Application-aware processing Yes

Transaction log processing Yes

File indexing and catalog search Yes

CBT driver (Server OS only) Yes

24.7.365 technical support Yes Yes

Table 2-1: Editions overview

For more details, read this comparison guide. https://www.veeam.com/veeam_vaw_val_vam_11_editions_

comparison_ds.pdf.

There are different sets of software components being installed on a workstation or server, depending
on deployment and management requirements, to be protected by Veeam Agent for Microsoft Windows. For
this reason, there are three different modes of operation in which Veeam Agent for Microsoft Windows can
be deployed and managed to provide flexibility for many different use cases.

2
To perform instant recovery to Hyper-V or vSphere and restore to Azure or Amazon, a specific Veeam Backup & Replication license may
be required.
3
If a Veeam backup repository is used as a backup target in standalone mode, source-side encryption is not available. However, encryption
of backup data can be enabled on the Veeam repository instead.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 11
Windows and Physical Servers Backup

3. Management modes
Veeam Backup & Replication allows you to centrally manage every aspect of Veeam Agent for Microsoft
Windows installations. This means that local configuration management components (backup job
management, user interface, restore options, etc.) will not be available locally on the protected machine
because these tasks will be controlled centrally by the Veeam Backup & Replication backup server. This
is referred to as the managed by backup server mode.

On the other hand, if the Veeam Agent for Microsoft Windows installation package is installed manually
on a physical or virtual computer not being managed by Veeam Backup & Replication, more components need
to be available and configurable on the local computer. This is referred to as the standalone mode.

A third option, called managed by agent mode resembles a special mix of the two modes above and is the only
available mode for the workstation edition combined with central management.

Technically, you are free to choose one of the modes described above individually for each protected
computer. But there are, of course, certain scenarios where a specific mode should be the preferred choice.
Here is a brief summary and a list of examples use cases for each mode:

3.1. Standalone

Figure 3-1: Standalone mode without central management

This mode is obviously targeted at protecting standalone computers, both physical and virtual, which are not
part of a centrally managed backup infrastructure. Any user with local administrative permissions will be able
to configure backups and restores as required. Use case examples:
• Personal physical or virtual workstation or server computers at home
• Physical or virtual corporate servers/workstations, which are managed individually
• Virtual computers in public clouds, which are managed individually

Standalone mode is available for all editions of Veeam Agent for Microsoft Windows. Although there is obviously
no central management available for this mode, locally configured backup jobs on an agent computer
in standalone mode can write backup data into backup repositories managed by Veeam Backup & Replication.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 12
Windows and Physical Servers Backup

3.2. Managed by backup server

Figure 3-2: Managed by backup server mode

This mode requires a Veeam Backup & Replication infrastructure to be in place for agent deployment,
configuration and management. Local users of computers protected by Veeam Agent for Microsoft
Windows in this mode have no option to perform or configure backups or restores (there is no UI available
locally). Everything is under the control of the Veeam Backup & Replication backup server that the
computer is managed by.

Figure 3-2 shows that only backup repositories of the Veeam Backup & Replication infrastructure can be used
as targets. This looks like a limitation compared to standalone mode, but instead it enables a lot more target
options, because Veeam Backup & Replication supports a huge variety of backup targets (many more than the
agent in standalone mode is capable of).

Use case examples:

• Physical or virtual corporate servers/clusters, centrally managed
• Public cloud VMs or clusters with central management
• VMs that cannot be protected via virtualization-focused backup solutions due to the lack of snapshot
support/capability of applications (i.e. Veeam Agent for Microsoft Windows picks up where Veeam Backup &
Replication VM backups might not be suitable)
• Managed by backup server mode is available for the server edition only and is the only mode that supports
the protection of Microsoft Failover Clusters (see https://www.veeam.com/kb2463 for details).

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 13
Windows and Physical Servers Backup

3.3. Managed by agent

Being a mix of the two previous modes, this mode is built for the protection of computers that require
central backup/restore capabilities and management, but equally require a local user to be able to have
some control. It’s also suitable for computers that do not have a permanent network connection to the
central backup infrastructure.

Although all agent configuration options are required to be defined centrally on a Veeam Backup & Replication
backup server, it is the local computer that executes the scheduled backups (even if the backup server is not
available at the time), using its own configuration database and scheduling engine after having pulled its
configuration from the backup server. A local user has a limited UI, which enables the creation of on-demand
backups (in addition to regular backups created based on a centrally defined schedule), as well as performing
file- or volume-level restores. Use case examples include:
• Corporate physical or virtual application or database servers (on-premises or in the public cloud) managed
by dedicated application/database administrators who need the ability to perform on-demand backups/
restores without help from infrastructure/backup operations staff
• Corporate workstations
• Mobile endpoint computers without continuous connection to the corporate network

Managed by agent mode is available for server and workstation editions and starting with v5, it can
be leveraged by the new “Protection Group with flexible scope,” which is covered in section 5.2 of this paper.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 14
Windows and Physical Servers Backup

4. Agent installation types

As the standalone mode obviously handles all management and configuration tasks locally on the protected
computer, it requires the complete installation of all Veeam Agent for Microsoft Windows components. This
includes a local database engine to store configuration and job information (leveraging Microsoft SQL Express
LocalDB) and is referred to as the full agent installation type.

If, in contrast to the above, configuration and management are conducted centrally as described in the
managed by backup server mode, only a smaller set of components is required, referred to as the lightweight
agent installation type.

Eventually for managed by agent mode, all components of the full agent installation type plus a small
setup/maintenance service (Veeam Installer Service) will be installed. However, all local UI components will
be disabled in this mode (i.e. configuration options can be reviewed but not changed on the local computer),
and Veeam Agent for Microsoft Windows will regularly pull its configuration from a central Veeam Backup &
Replication backup server. Additionally, the ability to manually start an on-demand (out of schedule) backup
as well as several restore options are available via the local agent GUI/CLI and do not require access to the
central Veeam Backup & Replication console.

Figure 4-1: Locally available backup and restore options in managed by agent mode

Regarding installed components, the only difference between managed by agent or standalone modes is the
Veeam Installer Service are not being installed in the latter. The installation of Veeam Agent for Microsoft
Windows, therefore, is still referred to as the full agent type.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 15
Windows and Physical Servers Backup

Table 4-1 provides a quick overview of the two agents’ installation types and the included components related
to the three management modes.

Full agent Lightweight agent

Standalone Veeam Agent for Microsoft Windows —

Full local UI and scheduling engine

Local database (MS SQL Express LocalDB)

CBT driver (optional, servers only)

MS SQL Express LocalDB, Mgmt. Objects and CLR

Types

Managed — Veeam Installer Service

by backup
server Veeam Agent for Microsoft Windows

No local UI

No local database

CBT driver (optional, servers only)

Managed Veeam Installer Service —

by agent
Veeam Agent for Microsoft Windows

Local scheduling engine

Local database (MS SQL Express LocalDB)

Configuration and schedules pulled from central

backup server

Configuration options disabled in local GUI

CBT driver (optional, servers only)

MS SQL Express LocalDB, Mgmt. Objects and CLR

Types
Table 4-1: Installed components based on management mode

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 16
Windows and Physical Servers Backup

5. Central agent management and deployment

Veeam Backup & Replication offers complete control over protection of computers using Veeam Agent
for Microsoft Windows, covering deployment of the agent software, as well as management of agent
configurations, schedules, backup targets and recoveries.

5.1. Protection Groups

Two of the main goals of any central management effort in IT is to standardize configurations across many
computers and to deploy, manage, control and enforce these standards in a simple way. In Veeam Backup &
Replication, Protection Groups are the starting point to execute standardization tasks for all computers using
Veeam Agent for Microsoft Windows, both physical and virtual.

A Protection Group (PG) configures a scope of computers (= members of the PG) and defines if Veeam Agent
for Microsoft Windows should be installed on these members. The scope of a PG can be based on different
sources as shown in Figure 5-1.

Figure 5-1: Protection Group types

When using Active Directory objects as a PG source, it is possible to select container objects such
as organizational units or security groups instead of (or in addition to) individual computer objects. This
is a very powerful option as it follows the dynamics of the chosen container object:
• Whenever a computer is added to the selected container within Active Directory, the PG will respect the
change and the new members of the container will be processed automatically.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 17
Windows and Physical Servers Backup

The same applies when removing computer objects from Active Directory containers:
• Processing of these computers by the PG will cease automatically based on the PG’s schedule.

To add even more flexibility, exclusions can be defined within the PG to skip certain computers and/or containers
from PG processing. Exclusions can also be defined for virtual machines in general (if the PG’s intended scope
is physical computers only), or for computers that have been offline for more than 30 days.

To enable installation of Veeam Agent for Microsoft Windows on the resulting set of members of a Protection
Group, credentials with local admin privileges on these members will be required. These credentials can
be configured to be the same (master account) for all PG members and individually per container, group
or individual computers.

To define when the computers in the scope of the Protection Group should be scanned for changes,
a schedule can be configured in the PG’s configuration dialog. It also allows to select a Distribution server
as part of the Veeam Backup & Replication infrastructure, which will be responsible for pushing the agent
binaries to the PG‘s member computers if the central backup server cannot or should not be uploading these
binaries to the computers directly. The automatic installation and updating of the Veeam Agent for Microsoft
Windows software components can also be disabled if needed (Figure 5-2).

Figure 5-2: Protection Group discovery and deployment options

For environments where the deployment of agents should not be handled by the Veeam backup server
at all, Veeam introduced a new type of Protection Group for “Computers with pre-installed agents” with V11
of Veeam® Backup & Replication (see last option in Figure 51). Let’s have a look at this new type (also called
“Protection Group with a Flexible Scope”) in more detail.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 18
Windows and Physical Servers Backup

5.2. Protection Group with a Flexible Scope

The main use cases for this type of PG are the following:
• You already have a working solution for software distribution and want to use it to distribute and install
the Veeam Agent software, instead of establishing yet another software distribution just for the sake
of installing backup agents.
• For some reason, you don’t want to store the passwords of local administrator accounts (which are required
to install software on any computer) in the credential manager of Veeam Backup & Replication.
• You don’t have the full list of computers that you want to protect at the time you are creating the PG, and
this list can neither be provided by Active Directory nor via CSV file (e.g. by third party CMDB).
• You want to create a PG for Apple Mac computers, leveraging the new Veeam Agent for Mac (as this is the
only PG type in Veeam Backup & Replication v11 that can be used for Mac computers).

Protection Groups of this type will create an installation package of the Veeam Agent you choose, and it will
also create a configuration file containing all information the agent needs to find and authenticate against
the backup server. Once this package is installed and configured with this configuration file, the agent will
synchronize with the backup server and pull the configuration of the managed by agent backup policy that
targets this PG on a regular basis. The installation will always be of type full agent as described in section 4,
and these PGs can only be used in backup jobs of type managed by agent (see section 3.3).

5.3. Agent backup jobs

To create backups of computers that have been added to Protection Groups, at least one agent backup job
is required, because the backup job defines the backup scope, schedule as well as the target where the backup
data will be stored.

Centrally managed agent backup jobs are created and configured on the Veeam Backup & Replication backup
server. These jobs let you choose between the already discussed managed by backup server and managed
by agent modes as shown in Figure 5-3.

Figure 5-3: New Agent Backup Job dialog in Veeam Backup & Replication console

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 19
Windows and Physical Servers Backup

Note that only jobs of type Server or Failover cluster (i.e. for agents with Server edition license) provide the
ability to enable application-aware processing, shown on the Guest Processing page of the wizard dialog.

Figure 5-4: Guest processing options of a Server job

The last step of the backup job configuration wizard shows the powerful scheduling options available
in backup jobs managed by Veeam Backup & Replication (Figure 5-5).

Figure 5-5: Job scheduling options for managed by server jobs

(Please note that there are different options available for standalone or managed by agent jobs, see Figure 9-2)

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 20
Windows and Physical Servers Backup

6. Backup targets
If you are familiar with Veeam Backup & Replication, you already know that many different targets can
be used to store your valuable backup data. Veeam Agent for Microsoft Windows also supports a variety
of configurable backup targets, depending on the management mode, as shown in Table 6-1.

Standalone Managed by Backup Managed by Agent

Server

Local storage + — +

Shared folder + +4 +

Veeam backup repository + + +

Veeam Cloud Connect repository5 + + +

Deduplication appliance6 + + +

Microsoft OneDrive + — —
Table 6-1: Backup targets

4
If configured as backup repository in Veeam Backup & Replication
5
For limitations and requirements regarding Cloud Connect repositories read more here: https://helpcenter.veeam.com/docs/
agentforwindows/userguide/cloud_connect.html
6
If configured as backup repository in Veeam Backup & Replication. Read more about supported systems and configuration requirements
here: https://helpcenter.veeam.com/docs/backup/vsphere/deduplicating_storage_appliances.html

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 21
Windows and Physical Servers Backup

7. Encryption
To add extra protection to the backup data created by Veeam Agent for Microsoft Windows, to, for example,
comply with legal regulations or corporate policies, you can choose to encrypt backup files in the Advanced
Settings of the job’s backup target configuration as shown in Figure 7-1.

Figure 7-1: Encryption setting

All that’s required is a password, which you need to remember for decrypting and restoring encrypted backup
data. An optional hint phrase can be stored along with the password itself, which can help you recall the
password when you need it most.

If a Veeam backup repository is selected as the backup target of a Veeam Agent for Microsoft Windows
backup job in standalone mode, encryption cannot be configured in the agent’s job settings (Figure 7-2). This
is because encryption of data located in Veeam backup repositories is managed by the administrators working
with Veeam Backup & Replication.

Figure 7-2: Local encryption is not available for Veeam backup repositories

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 22
Windows and Physical Servers Backup

That said, encryption can still be enabled for these agent backup files, but it must be configured by the
backup administrator within the repository’s “Access Permissions” settings (Figure 7-3).

Figure 7-3: Encryption settings in a Veeam backup repository

NOTE: The setting highlighted in Figure 7-3 only applies to backups of agents in the standalone mode.
When using managed by agent or managed by backup server jobs, this setting will be ignored and only the
encryption settings in the job configuration will apply.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 23
Windows and Physical Servers Backup

8. Taking backups off site: Following the 3-2-1 Rule

You are very likely already familiar with the 3-2-1 Rule of data protection:

Always create 3 copies of your data.

Store these copies on 2 different media types.

Move 1 copy offsite.

To help you follow this rule with Veeam Agent for Microsoft Windows, there is a special type of backup copy
job available in Veeam Backup & Replication, which enables copying of agent backup data to a secondary
Veeam repository. This function is well known in Veeam Backup & Replication for backups of virtual machines
and has been there for a long time. However, you can process backups created by Veeam Agent for Microsoft
Windows only with backup copy jobs for Microsoft Windows computer backups. You cannot add a Veeam
Agent backup as an additional source of a backup copy job that processes VM backups.

Figure 8-1: Backup copy

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 24
Windows and Physical Servers Backup

9. Protecting Workstations
It is always a challenge to protect users’ workstations as soon as they are not located directly beside your
central backup infrastructure, i.e. if they are not well connected to your data center or sometimes are even
completely offline during prolonged periods of time. But this is a very common situation these days when you
think of home office workers, travelling notebook users, or even remote corporate locations which might have
some local infrastructure, but backups still need to be stored centrally (e.g. because of corporate or legal
requirements, lack of backup storage in the remote office, etc.).

For the deployment of Veeam Agent for Microsoft Windows on such remote computers, we already mentioned the
possibility of using Distribution servers in the section about Protection Groups to create a distributed deployment
infrastructure. But what are the options for workstations with an unreliable or sometimes unavailable connection
to the central backup target? Well, let’s have a look at what Veeam Agent for Microsoft Windows is offering in such
situations for standalone workstation agents as well as for managed by agent policies!

9.1. Automatic Resume of Interrupted Backups

If the network connection to the backup target gets lost during the processing of a backup job, Veeam Agent
for Microsoft Windows will try to resume its work as soon as the connection has been re-established. These
resume operations will be retried over a period of max 23 hours (for scheduled job launches only); i.e. after
this time the workstation agent will give up and mark the job as failed.

This “resume the backup” processing works automatically in the background and it will only transfer backup
data which hasn’t been transferred already, by keeping track of each transferred block (updating the local
“block map” once per minute). If the backup job is targeting local storage, shared folder or Microsoft
OneDrive, it will also resume automatically on returning from power saving modes (sleep, hibernate) which
may have interrupted the backup run (for details and prerequisites, please see https://helpcenter.veeam.com/
docs/agentforwindows/userguide/scheduled_backup_retry.html).

9.2. Backup Cache

If the backup target is not reachable when a backup job starts, an optional local cache can be used as a staging
location for the backup data. This enables the job to run normally, and the cache will be synchronized to the
original backup target as soon as connectivity resumes. The cache synchronization process works very
similar to the “resume the backup” process described above, i.e. it will try to resume in case of intermittent
connections or when returning from power save modes.

A suitable location of the cache can be selected automatically by Veeam Agent for Microsoft Windows, but
it is also possible to manually configure a folder where backup data should be cached. Be aware that for
agents managed by Veeam Backup & Replication via backup by agent policy, the manual selection must
be available for all workstations the policy will be applied to! That’s why the automatic selection might
be a better choice as it will select the best suitable volume for each workstation individually. Figure 9-1 shows
the cache configuration options of such a policy (for more details about the automatic cache placement,
please visit https://helpcenter.veeam.com/docs/backup/agents/backup_cache.html).

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 25
Windows and Physical Servers Backup

Figure 9-1: Backup Cache options of a managed by agent policy

Please note that for standalone agents the Backup Cache option is available for all supported backup
targets except “local storage” (where it wouldn’t make any sense). However, for agents being controlled via
a managed by agent policy, caching is available only when targeting a Veeam repository or a Veeam Cloud
Connect repository. Cache can neither be used with file-level backup mode (unless it’s configured for image-
based processing as described in section “Multiple backup modes”)

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 26
Windows and Physical Servers Backup

9.3. Event-based Scheduling

Taking a closer look at the scheduling options for either standalone agents or jobs/policies of type
“Workstation”, you will notice there are more settings available to create a much more flexible backup
schedule that not only depends on time of day, weekdays, etc.

Figure 92 shows all selectable scheduling options of agents with a workstation license (i.e. using backup jobs
of type „workstation“; this also applies to free standalone agents).

Figure 9-2: Scheduling options of a managed by agent policy or standalone agent

These settings provide great flexibility for e.g. travelling users or home office workers, because usually such
users have very individual working schedules, and a “static” backup schedule (e.g. daily at a fixed time of day)
is most likely not suitable.

Most of the options shown in Figure 9-2 are self-explaining, but let’s have a closer look at the setting “When
backup target is connected.” This simply means that Veeam Agent for Microsoft Windows will start the backup
job as soon as the configured backup target becomes available. This just works for local storage (e.g. plugging
in an external USB storage device) as well as for targets reachable via network (e.g. a shared folder on a NAS
or file server, a backup repository that requires a VPN connection to be reachable, etc.). Imagine a travelling
user who is working on documents while offline; the backup of his computer will start immediately as soon
as he gets home or into his hotel room and connects to the corporate VPN!

When using the “local storage” target option (see Table 6-1) and configuring a folder located on a removable
storage device (e.g. USB key) as the backup target, the backup processing will start automatically as soon
as the device has been plugged into the computer.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 27
Windows and Physical Servers Backup

9.4. CryptoLocker Protection

Removable storage devices being used as a backup target should be physically disconnected from the
computer after backup processing finishes. This means the backup data will be safe offline and cannot
be tampered with by any malicious software. Veeam Agent for Microsoft Windows can help you follow this
recommendation by automatically ejecting the removable storage device when it completes the backup (see
the optional setting “Eject removable storage once backup is completed” in Figure 9-2 above).

Combined with the “When backup target is connected” scheduling option, the task of backing up your remote
or travelling workstation becomes as easy. Backup starts when the device is plugged in, and the device will
be automatically ejected after the backup completes. Even if you forget to physically unplug the device,
its contents will no longer be available to the operating system (it’s in a dismounted state), and thus will
be protected from any ransomware or crypto locker attack.

Another way is to combine these options with the setting “Once backup is taken, computer should Sleep/
Hibernate/Shutdown,” and that’s how I use it to create a daily backup of my home workstation:
1. At the end of my workday, I close all my documents/applications and plugin the USB key I configured as the
backup target. The backup starts immediately.
2. I lock the screen and leave the computer running.
3. Veeam Agent for Microsoft Windows creates a backup on my USB key and ejects it afterwards.
4. Veeam Agent for Microsoft Windows shuts down the computer.
5. First thing on the next morning: Unplug the USB key before starting the computer.

Now, that’s easy, isn’t it?

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 28
Windows and Physical Servers Backup

10. Integration with Storage Snapshots

A feature that was introduced with V11 of Veeam Backup & Replication is the capability to create “off-
host” backups of SAN based storage snapshots of volumes mounted to computers running Veeam Agent
for Microsoft Windows v5.

Figure 10-1: Veeam Agent for Microsoft Windows storage snapshot integration

Figure 10-1 illustrates how the integration works: The server on the upper left runs Veeam Agent for
Microsoft Windows and has a volume mounted from an external storage system, in addition to its local,
directly attached volumes (e.g. the OS volume). The storage system has been integrated into Veeam Backup
& Replication’s storage infrastructure, and the check box “Block storage for Microsoft Windows servers” has
been enabled in the settings as shown in the NetApp example in Figure 10-2.

Figure 10-2: Storage settings for NetApp system integrated into Veeam Backup & Replication

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 29
Windows and Physical Servers Backup

Additionally, a Veeam backup proxy server has been added/configured to the Veeam backup infrastructure
which has access to the storage system (Figure 10-3).

Figure 10-3: Backup Proxy to access the storage system integrated into Veeam Backup & Replication

The final bit must be configured within the managed by server backup job. Here, you have to enter the
advanced settings of the “Storage” step of the configuration wizard and check the box “Enable backup
from storage snapshots” as shown in Figure 10-4. You can also select here if proxies should be assigned
automatically during each job run, or if you want to restrict the job to utilize only a set of proxies of your
choice, and what to do in case the snapshot processing fails (either failover to “normal” mode or end job with
a status of “failed”).

Figure 10-4: Backup job setting to enable storage snapshot integration

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 30
Windows and Physical Servers Backup

When running the job, the log will show whether everything works as desired, as you can see in Figure 10-5.
This screenshot was actually taken from the run of a 2-node failover cluster job where a SAN-based volume
was used as a cluster disk. You can see that it works just fine (taking the storage volume snapshot while
processing the current owner node).

Figure 10-5: While processing the owner node, SAN based cluster disk E: has been backed up via an off-host storage
snapshot while system volume C: was backed up “the usual way.”

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 31
Windows and Physical Servers Backup

11. Veeam Agents for other OSes

Everything in this paper up to this point was about Veeam Agent for Microsoft Windows, but Veeam provides
agents for other platforms/OSes, too! Here’s a list of all the available Veeam Agents as of the release
of Veeam Backup & Replication v11:
• Veeam Agent for Microsoft Windows v5
• Veeam Agent for Linux v5
• Veeam Agent for Mac v1
• Veeam Agent for IBM AIX v2
• Veeam Agent for Oracle Solaris v2

Let’s briefly cover the Linux and Mac versions and have a look at what’s different compared to the Windows agent.

11.1. Veeam Agent for Linux

Veeam’s Linux agent has almost the same capabilities as the Windows version, the main differences are:
• In Linux, there is no 100% equivalent of the VSS technology available (and the existing equivalents vary
on system configuration, distribution, file system used, etc.). This is why Veeam provides its own snapshot
mechanism by installing a kernel driver (“veeamsnap”) alongside the product.
• Microsoft SQL application awareness is currently not available for Microsoft SQL on Linux.
• Parallel disk processing as described in section 1.5.4 is currently not available, i.e. multiple volumes will
be processed sequentially.
• The installation types “lightweight” and “full” as shown in Table 4-1 are also available based
on management mode, but their components are different:
• There is no dedicated Veeam Installer Service in the Veeam Agent for Linux; instead, there is only one
service named “veeamservice” that takes care of everything agent-related.
• There is no CBT driver available for Veeam Agent for Linux. This functionality is embedded into the
“veeamsnap” driver mentioned above.
• The Agent’s local UI is text-based, so that it’s also usable in remote SSH-sessions (secure shell sessions).
• The local database is not built on Microsoft SQL Express but relies on an instance of SQLite (database
is by default located in folder /var/lib/veeam). This does not require an additional product installation
but is already embedded in the code of the agent product itself.
• To perform a bare metal recovery, the required recovery medium cannot be created via the console
of Veeam Backup & Replication. Instead, you can create it directly on the agent computer7 or download
bare metal recovery ISO files for many Linux distributions by visiting https://www.veeam.com/linux-
backup-download.html (on this page, select your Linux distribution/architecture and you will find recovery
media in the “Additional Downloads” section).

There are also unique features available only with Veeam Agent for Linux:

7
See also https://helpcenter.veeam.com/docs/agentforlinux/userguide/val_first_steps_iso.html?ver=50. You can also start the creation
process by entering the Agent’s UI and selecting “Misc / Patch Recovery Media.”

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 32
Windows and Physical Servers Backup

11.2. Support for MySQL and PostgreSQL databases

This feature ensures that databases are in a consistent state before taking the local volume snapshot and
backup. It is using native API calls to these products, leveraging their existing mechanisms to start and stop
a specific backup mode or to create database checkpoints. Configuration can be set either on the agent itself
(when using standalone mode), or centrally on the Veeam Backup & Replication backup server (when using
managed mode).

Figure 11-1: MySQL and PostgreSQL settings in standalone Veeam Agent for Linux

Figure 11-2: MySQL and PostgreSQL settings of Veeam Agent for Linux job/policy on backup server

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 33
Windows and Physical Servers Backup

11.3. Veeam Agent for Mac

This product was released with Veeam Backup & Replication v11 and is the youngest member of the Veeam
Agent family. In the current version, there are the following limitations compared to the Windows/Linux agent:
• Only file-level backup mode is available (no volume-level or “entire computer”). This also means there
is currently no capability to do a bare metal restore of a Mac computer from a Veeam Agent for Mac
backup — only file restores.
• Protection Group support is currently only the PG type “flexible scope” (see section 5.2). Related to this,
Veeam Agent for Mac cannot be deployed via Veeam Backup & Replication — it must be installed either
manually, or via a third-party software distribution solution.
• When managed by a Veeam Backup & Replication backup server, only backup jobs of the “managed
by agent” mode can be used for this agent.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 34
Windows and Physical Servers Backup

Conclusion
Ensuring timely and reliable backups for ALL workloads is a must but is challenging with the many possible
configurations for virtual AND physical environments.

Veeam Agents offer a great solution because they:

• Significantly reduce deployment and management operations with simple to organize, automate and
deploy Veeam Agents at scale in protection groups designed to be customized and flexible.
• Reduce production impact by combining change block tracking, parallel disk processing and storage
snapshot integrations to provide the performance needed to process server-extensive data sets.
• Stay agile and highly available without sacrificing your data protection. Flexibility is key in recovery from
bare metal to applications and all the way down to files — Veeam has what you need to succeed.

To see all these best practices in action, start a free 30-day trial.

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 35
Windows and Physical Servers Backup

About the Author

As a Solutions Architect at Veeam, Matthias is helping customers and

partners with planning, designing and implementing strategies and
solutions to protect mission-critical workloads. Matthias holds an advanced
degree in physics and has been in the IT industry for more than 20 years
in several operations, management and consultancy positions.

About Veeam Software

Veeam is the leader in Backup solutions that deliver Modern Data Protection™. Veeam provides a single
platform for modernizing backup, accelerating hybrid cloud and securing data. With 400,000+ customers
worldwide, including 82% of the Fortune 500 and 69% of Global 2,000, Veeam customer-satisfaction
scores are the highest in the industry at 3.5x the average. Veeam’s 100% channel ecosystem includes global
partners, as well as HPE, NetApp, Cisco and Lenovo as exclusive resellers. Veeam has offices in more than
30 countries. To learn more, visit https://www.veeam.com or follow Veeam on Twitter @veeam.

Please leave your feedback at our dedicated Veeam Community Forum!

© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 36