Before You Begin
Before creating a protection group, consider the following prerequisites and limitations:
- [Not applicable to protection groups for pre-installed Veeam Agents] When Veeam Backup & Replication performs discovery of protected computers, Veeam Backup & Replication connects to every computer added to the protection group. If you instruct Veeam Backup & Replication to perform discovery immediately after the protection group is created, make sure that all computers added to the protection group are powered on and may be accessed over the network. Otherwise, Veeam Backup & Replication will be unable to connect to a protected computer and perform the required operations on this computer.
- A protection group for pre-installed Veeam Agents is the only protection group that allows to protect the following computers:
- Unix computers with Veeam Agent for IBM AIX or Veeam Agent for Oracle Solaris installed
- macOS computers with Veeam Agent for Mac installed
- A protection group for pre-installed Veeam Agents offers a limited set of deployment and management operations. To learn more, see Working with Protection Groups for Pre-Installed Veeam Agents and Managing Protected Computers Added to Protection Group for Pre-Installed Veeam Agents.
- A protection group that includes Microsoft Active Directory objects can include objects from one domain only. To add to the inventory computers that reside in another domain, you need to create a separate protection group and include in this protection group the necessary objects from that domain.
- Veeam Backup & Replication automatically excludes from the protection scope Active Directory objects of the Group type that exist in a parent Active Directory object (organization unit, container or entire domain) specified in the protection group settings. To instruct Veeam Backup & Replication to process a group, you must select this group explicitly in the protection group settings.
- You cannot add and/or exclude universal and domain local groups to/from protection groups that include Microsoft Active Directory objects. Only global groups are supported.
- [Not applicable to protection groups for pre-installed Veeam Agents] It is recommended that you do not add a computer to a protection group by specifying a dynamic IP address assigned to this computer. If such computer receives another IP address from a DHCP server, Veeam Backup & Replication will be unable to discover the computer and perform on this computer operations defined in the protection group settings.
- [Not applicable to protection groups for pre-installed Veeam Agents] It is recommended that you do not add a computer to a protection group by specifying a public IP address assigned to this computer. If you add such computer to a backup policy targeted at a cloud repository, the name of the subtenant account created for the computer can contain the public IP address. This IP address will be visible to the Veeam Cloud Connect service provider who has access to subtenant account settings.
- We recommend that you include each computer in one protection group only. For example, if you have added an Active Directory container to a protection group, it is not recommended to add a computer that exists in this container to another protection group. Adding computers to multiple protection groups with different computer discovery and Veeam Agent deployment settings will result in additional load on the backup server.
- You can add a cluster only to a protection group that includes Microsoft Active Directory objects. You cannot add clusters to protection groups that include individual computers or computers specified in a CSV file.
- When you configure a protection group for a cluster, do not exclude nodes of this cluster from a protection scope. Otherwise, Veeam Backup & Replication will not have complete information about all clustered servers.
- [Not applicable to protection groups for pre-installed Veeam Agents] To deploy Veeam Installer Service and Veeam Agent for Microsoft Windows on a protected computer, Veeam Backup & Replication uses the administrative share (admin$) of the target computer. An account that you plan to use to connect to a computer included in the protection group must have access to the administrative share.
Note that in client Microsoft Windows OSes access to the administrative share is forbidden by default for local accounts. You can enable this option with a registry key. For details, see this Microsoft KB article.
- Veeam Backup & Replication does not support usage of a Linux account for which system settings modify shell output results to connect to a computer included in the protection group. For example, this includes Linux accounts with the modified PS1 shell variable.