To coordinate proper VSS and indexing activities, Veeam Backup & Replication deploys a small executable file inside a VM. It is installed only during VSS quiescence procedure and removed immediately after the processing is finished (depending on the selected option, during the backup job or after it is finished), thus producing low impact on VM performance and stability. To learn more, please refer to Veeam Backup & Replication User Guide.
In the Guest OS credentials section, you need to specify an account with sufficient privileges for deploying this executable file on the guest OS (Windows or Linux). You can select credentials from the list, or click the ‘+’ sign to add new credentials.
- For Windows guest OS - you should supply user account (name and password) with local administrative rights on target VM, and optional description. Credentials must be specified in the following format:
- For Active Directory accounts — DOMAIN\Username
- For local accounts — Username or HOST\Username
- For Linux guest OS - you should supply username, password, and SSH port (default is 22). Use corresponding options to elevate specified account to root and to add it to sudoers file automatically. In the sudoers file, enable the NOPASSWD:ALL option for the user account that you want to elevate to root (otherwise, jobs addressing a Linux server will fail as sudo will request the password).
For VM guest OS indexing of Linux-based VMs, a user account with root privileges on the VM is required. It is recommended that you create a separate user account for work with Veeam Backup & Replication on the Linux-based VM, grant root privileges to this account and specify settings of this account in the Guest OS Credentials section.
It is also recommended to avoid additional commands output for the specified user (like messages echoed from within ~/.bashrc or command traces before execution), because they may affect Linux VM processing.
Linux Public Key
Another option is to use Linux public key (PubKey). This method eliminates the need to supply password at each login, helps to protect against malicious applications like keyloggers, thus strengthening security, and simplifies launch of automated tasks, decreasing administrative load in Linux environments. For this method, a user needs to create a pair of keys:
- Private key is stored on the client (user’s) machine – that is, on the machine where Veeam Backup & Replication runs – usually in the encrypted form. To decrypt a private key, you will need to supply a passphrase specified at key creation.
- Public key is stored on the server (Linux VM) in a special authorized_keys file that contains a list of public keys.
If you plan to use Linux public key for authentication, make sure you have created private and public keys and stored them appropriately: private key on the client side (Veeam backup server) and public key on the server side (Linux VM). You should also have the passphrase for the private key, if it is encrypted. If you select to use Linux PubKey credentials, you should specify the following:
- Passphrase for private key
- Private key stored on the client side (Veeam backup server)
- SSH port (default is 22)
- Non-root account elevation options
Special Credentials for VM
By default, for all VMs in the list Veeam Backup & Replication uses common credentials you provided in the Guest OS credentials section.
- If a different account should be used to deploy the agent inside a specific VM, select the VM in the list, click Set User button and enter custom guest OS credentials.
- To discard custom credentials for a VM, select it in the list and click the Remove button.
To customize settings of a VM added to the job as part of a container, the VM should be included in the list as a standalone instance. For that, click Add VM and choose a VM whose settings you want to customize.