Veeam Agent Free and SSH Service – Secure Backup Access and Configuration Guide

introduction

Data protection is more than just backups; it's about the last line of defense for enterprise security. Veeam incorporates security into every detail of its products through a zero-trust design philosophy.

In any system, obtaining account credentials is the starting point for hacker attacks, and backup systems are no exception. Storing and managing accounts carries certain security risks, so when designing and configuring systems, reducing unnecessary automatic remembering and saving of account information is a crucial security measure. In backup solutions, Veeam Agent for Linux introduces passwordless account management, which significantly enhances system security. This approach eliminates the need to store account information within the system, effectively reducing potential security vulnerabilities and data breach risks. This passwordless management mechanism not only elevates backup security but also simplifies administrator workflows. For specific systems, it can even avoid using the SSH management protocol, making the overall system more secure and reliable.

When managing remote backups in Linux and Windows environments, enabling SSH service for Veeam Agent Free ensures secure communication and control. This method allows IT administrators to perform automated, remote, and encrypted backup operations without exposing systems to unnecessary risks.

This guide explains how to configure SSH access in Veeam Agent Free, why it matters, and best practices for maintaining backup security.

Additionally, for environments where bastion hosts manage root passwords, this deployment method can adapt to constantly changing account credentials, eliminating the need to modify stored passwords in the backup system.

How It Works

Before deploying Veeam Agent for Linux, administrators first install Veeam's deployment service package and a temporary certificate on the Linux machine. With this service package in place, when VBR initiates an Agent push/management operation, it detects this component on the Linux system. After establishing a connection with this component, it checks the necessary certificates. If it's a temporary certificate, VBR will issue a formal certificate to replace the current temporary one. Thereafter, VBR will use this valid certificate to communicate with the Linux machine, managing and installing the relevant Agent components. This entire process completely eliminates the need to enter the Linux machine's administrator username and password on the backup server.

Step-by-Step Guide

Now, follow me step-by-step to see how to use this feature.

Step 1: 

First, you need to export the pre-installation software package and temporary certificate from VBR using the following PowerShell command:

 
Generate-VBRBackupServerDeployerKit -ExportPath "C:\Users\Administrator\Documents"

Click the hamburger icon (three horizontal lines) in the top left corner of the VBR server, find the PowerShell menu under Console, enter the above command, and you will obtain this Deployer Kit.

In the exported directory, you will see the files:

• client-cert.pem
• server-cert.p12
• veeamdeployment_12.2.0.334_amd64.deb
• veeamdeployment-12.2.0.334-1.x86_64.rpm
• VeeamDeploymentSvc.mmp

Among them, the rpm package is for Red Hat-based systems, and the deb package is for Debian-based systems. Depending on the system, you need to copy client-cert.pem, server-cert.p12, and either the rpm or deb package to the target Linux machine.

Step 2: 

Run the command to install the rpm package:

 
yum install veeamdeployment-12.2.0.334-1.x86_64.rpm

Step 3: 

Then run the command to install the certificate:

 
/opt/veeam/deployment/veeamdeploymentsvc --install-server-certificate server-cert.p12
/opt/veeam/deployment/veeamdeploymentsvc --install-certificate client-cert.pem
/opt/veeam/deployment/veeamdeploymentsvc --restart

Step 4: 

Return to the VBR console and create a protection group. In the protection group creation wizard, when adding a Linux host, select "Connect using certificate-based authentication." After adding, you can use the "Test Now" button to check connectivity. When using certificate-based authentication mode, VBR will no longer require any SSH service to deploy Veeam Agent for Linux.

Step 5: 

Once everything is normal, you can complete the creation of the Protection Group and push the Agent as usual. During the push process, VBR will update the temporary certificate on the target server, replacing it with a formal communication certificate, and install the Transport service.

Benefits of Using SSH with Veeam Agent Free:

• Secure data transfer and command execution.

• Allows remote management for Linux backups.

• Integrates easily with Veeam Backup & Replication for central control.

• Supports key-based authentication, reducing password risks.

👉 Related reading: Secure Veeam Backup & Replication Login – Complete Guide

That's all for this security tip on Linux Agent management. I hope it helps with your IT system's security. In the next issue, I'll show you how to use passwordless management for Windows systems.

 How to Back Up Your iPhone to a Computer – Complete Guide for Windows and Mac Users

Introduction

Losing your phone can be stressful—but losing your photos, contacts, and messages is even worse. The best way to protect your personal data is to back up your iPhone to a computer regularly.

Whether you use a Windows PC or a Mac, this guide will show you how to easily create and manage local iPhone backups using iTunes or Finder, ensuring your data stays safe even without iCloud.

---

1. Why You Should Back Up Your iPhone to a Computer

Backing up to your computer has several advantages over iCloud:

• Unlimited storage (depends on your hard drive space).

• Faster backup speed, especially for large files.

• Offline access—no need for an internet connection.

• Extra privacy, since your backup stays local.

📌 According to Apple Support, iTunes and Finder backups include nearly all your data, such as app data, settings, messages, and photos.

---

2. How to Back Up Your iPhone on a Windows PC (Using iTunes)

Step 1: Install the latest version of iTunes from the Apple website.
Step 2: Connect your iPhone to the computer using a USB cable.
Step 3: Open iTunes and click the iPhone icon in the top-left corner.
Step 4: Under Backups, select “This Computer” and click “Back Up Now.”
Step 5: Wait for the process to complete, then verify under Preferences → Devices.

💡 Tip: You can enable “Encrypt local backup” to include passwords and health data.

---

3. How to Back Up Your iPhone on a Mac (Using Finder)

If you’re using macOS Catalina or later, you’ll back up your iPhone through Finder instead of iTunes.

Steps:

1. Connect your iPhone via cable.

2. Open Finder, then select your iPhone under Locations.

3. Under Backups, choose Back up all data on your iPhone to this Mac.

4. Click Back Up Now to start the process.

---

4. How to Restore from a Computer Backup

To restore your data:

1. Connect your iPhone to the same computer used for backup.

2. In iTunes or Finder, select Restore Backup.

3. Choose your latest backup file and click Restore.

👉 Related reading: Veeam File-Level Recovery – Open VM Backup Solution

---

5. Best Practices for iPhone Data Protection

• Back up at least once a month.

• Store backups on an external drive for extra protection.

• Use encryption for added security.

• Combine local and cloud backups for redundancy.

For advanced users, tools like iMazing or AnyTrans offer additional management features such as selective backups, app transfer, and device cloning.

---

Conclusion

Regularly backing up your iPhone to a computer is one of the simplest yet most powerful ways to protect your valuable data.

Whether you use iTunes on Windows or Finder on Mac, following these steps ensures your photos, messages, and settings are safe even if your phone is lost or damaged.

Start today—because your data is worth protecting.

 

Hidden Shortcuts in Veeam Backup & Replication (VBR) – Boost Efficiency Like a Pro

Introduction

Most administrators use Veeam Backup & Replication (VBR) every day—but few know the hidden shortcuts that can significantly speed up management tasks. These built-in tricks improve efficiency, simplify navigation, and make backup operations smoother.

In this article, we’ll reveal the hidden VBR shortcuts, console tricks, and best practices that can turn you into a Veeam power user.

Why Learn Veeam Shortcuts?

Veeam’s interface is designed for usability, but keyboard shortcuts and hidden console functions allow experienced users to work faster.

Benefits include:

• Save time on daily backup administration.

• Quickly access logs, job settings, and reports.

• Enhance accuracy by avoiding repetitive clicks.

📌 According to Veeam’s Knowledge Base, using built-in console shortcuts reduces operational workload by up to 30% in large environments.

[Ctrl] + Right Mouse Click

In many operations, you can use Ctrl + Right Mouse Click to bring up special menus. Generally, if you don't hold down the Ctrl key, you won't see these hidden menus when you right-click normally.

Performing a brand new job in the NAS backup

Normal NAS file backups in Veeam are forever-incremental backups. However, some users still need to perform a brand new full backup. Veeam also provides this function in NAS backups. Simply select the backup job you want to execute, hold down the Ctrl key, and then right-click. The full backup button will then appear.

After performing this full backup, a situation slightly different from a regular virtual machine full backup/synthetic full backup will occur: the previous backup data will be moved to Disk(Imported), and the new backup chain will replace the old one, becoming the new active NAS forever-incremental backup chain.

Oracle/SAP HANA Backup Job Force Delete

After configuring and running Oracle or SAP HANA backup jobs, VBR will display jobs of type Oracle Rman backup or SAP Backup. Right-clicking these jobs will show a Delete option, but this Delete option requires first deleting the RMAN or SAP HANA backup archives. If you don't want to delete the archives but only want to remove the backup job, you can use Ctrl+right-click to access the Force Delete option.

SOBR's Run tiering job now

I think many friends must be troubled by the rigid setting of uploading data to the cloud every 4 hours. Actually, there's a hidden right-click menu. Hold down Ctrl and right-click on the Scale-Out Backup Repository, and you'll discover this button to immediately run the Tiering job.

Directional Arrow Keys

In VBR's Jobs section, double-clicking each backup job allows you to view the latest execution details. However, if you want to look at older historical jobs, you might get lost in VBR's console. A slightly more complex method is to open the History panel and manually search for the desired date, or use keyword filters.

Actually, you don't need to open the History panel at all. VBR provides a way to view historical jobs directly from each job's details screen. Simply press the left and right arrow keys on the detailed task information interface to browse through past records. While not as flexible as selecting from the History panel, this method is excellent for quick troubleshooting.

Other Hidden Right-Click Menus

In some interfaces, there are hidden right-click menus that are not easy to discover but can be very useful. In most cases, these right-click operations are designed not to interfere with normal user actions, which is why they aren't easily noticeable.

Right-click in the SureBackup Statistics window

Double-click a SureBackup Job to open the Statistics window, where you can see the success or failure status of each VM from the last job execution. In addition to this static view, there is a hidden Start button. By selecting any VM in the Statistics window, you can not only view the execution details in the log below, but also right-click to Start this Datalab again.

This Start button is primarily used for troubleshooting when SureBackup fails. After clicking Start, the Session log will indicate that SureBackup has switched to Troubleshooting mode. In this mode, the SureBackup Job will not be terminated immediately upon success or failure—it will remain running until manually stopped. Please ensure that after troubleshooting or use, you press the Stop button to end it.

Backups stored in a backup repository containing a Capacity Tier

Typically, when you right-click on a backup in the Backups properties dialog, a regular backup repository will only have a "Copy Path" button. This is designed to allow us to quickly locate the corresponding .vbk or .vib file within the file system.

However, in some cases, if the Scale-Out Backup Repository (SOBR) includes a Capacity Tier and certain conditions are met, right-clicking on these backup files will bring up a new context menu.

This restarts the management console without rebooting the host.

👉 Related reading: Making VBR Login More Secure – Complete Guide

Conclusion

These hidden shortcuts in Veeam Backup & Replication may seem small, but together they deliver huge time savings for IT administrators.

By mastering VBR console shortcuts and PowerShell automation, you can work smarter, reduce errors, and maximize productivity in your backup environment.

Try integrating these techniques into your daily workflow—you’ll notice immediate performance improvements and smoother Veeam operations.

 Backup Software: Agent vs Agentless – Which Solution is Better for Your IT Environment?

Introduction

Choosing between agent-based and agentless backup software can significantly impact your IT infrastructure’s performance, complexity, and cost.

This guide explains the key differences, advantages, and best practices for each method—helping you determine which backup strategy suits your VMware, Hyper-V, or cloud environment best.

Virtualization technology is a revolutionary force in the IT world. Similarly, in the backup domain, the concept of agentless backup, introduced with the adoption of virtualization, continues to challenge traditional technologies. However, as a pair of contradictory technologies—agent-based backup and agentless backup—their respective advantages and disadvantages are quite pronounced. Yet, Veeam's agentless backup technology leverages the best of both worlds, achieving application awareness while performing agentless backups.

1. What Is Agent-Based Backup?

This IT term is difficult to define clearly and precisely, which often leads to ambiguity in our daily technical discussions. Sometimes we talk about agents in a broad sense, and other times in a narrow sense. I tried to find a definition on Baidu Baike but came up empty-handed. On Wikipedia, there is a definition for a Software Agent, but it only lists some characteristics that such an agent should possess based on a common understanding:

• Persistent Operation - Typically remains running, even when idle, staying in a wait state.
• Autonomous Operation - Can operate without human intervention or interaction.
• Application Interaction Capability - Can interact with other programs, activate other modules, communicate, and collaborate.

Upon closer reflection, the agent software used in traditional agent-based backup does indeed fit these characteristics of what an Agent should be.

An agent-based backup requires installing a small software agent inside every system you want to protect.

Advantages:

• Deep visibility into applications and operating systems.

• Ideal for databases, mail servers, and legacy systems.

Disadvantages:

• Higher maintenance and update complexity.

• Increased CPU and memory overhead on each host.

📌 Example: Veeam Agent for Windows is a common solution for granular physical or endpoint protection (Veeam Docs).

2. What Is Agentless Backup?

Virtualization backup technology does not require installing any such programs within any operating system; therefore, backups do not depend on the system's running state.

Application awareness, on the other hand, involves automatically running a process within the operating system during the backup process to handle application awareness, ensure consistency, and manage file system consistency. It then closes the application and exits. This process is merely an optional step during backup execution and is entirely different from the aforementioned agent program.

Consequently, the problems typically faced by agent programs also apply to backup agents:

• You constantly need to manually install agent programs on newly deployed virtual machines (we consider push installations convenient, but they still count as a form of "manual" work, requiring remote or local configuration);
• During software updates, you need to upgrade the agent on every single machine.
• In large-scale, long-term operations, you also need to consider using some software to monitor these agents—what we call an "agent babysitter"—to ensure they don't suddenly stop working without anyone noticing;
• All of these consume computing resources—CPU, memory, network, storage—continuously, and often redundantly.

The process that backup software uses for application-level awareness runs for just a few minutes at the start of the backup and then immediately shuts down and exits. Therefore, it completely avoids all the issues mentioned above. No need for per-deployment installation, no updates, no long-running monitoring.

What's more interesting is that in today's IT world, the more you run, the greater the risk. When we have no applications running, we are in the safest possible state. Each additional application increases the risk of attack by hackers, viruses, or ransomware. Reducing the number of continuously running applications on each system adds a layer of security to our infrastructure.

Furthermore, if a system is shut down, an agent program that needs to be running to perform backups is completely useless. A backup target going offline is a common sight in traditional backup software interfaces. In such cases, the only thing a backup administrator can do is to find the application or infrastructure administrator to boot up the operating system. With agentless technology, backups remain unaffected even when the system is powered off. And during the restore process, the backup software's diverse granular recovery options can still be performed manually, making it a perfect solution for both backup and restore.

Agentless backup performs backups remotely without installing software on each system. It connects via APIs, hypervisor integrations, or remote protocols.

Advantages:

• Easier to deploy and manage across large environments.

• Less system impact and faster backups.

• Works perfectly for VMware, Hyper-V, and cloud workloads.

Disadvantages:

• Limited application-level recovery in some cases.

• May not capture OS-specific logs or configurations.

👉 Related reading: Free Backup for VMware and Hyper-V with Vinchin

3. More Drawbacks of Traditional Backup Agents

Data backups that utilize agent technology overwhelmingly rely on the network. When we design DMZ zones for security isolation and enforce strict inbound/outbound rules, we suddenly realize that to implement this backup insurance, we must have a data stream into the DMZ zone to extract data. This breaks the originally completely isolated architecture, undermining the carefully designed, perfect structure.

Agentless application insertion technology is completely different from traditional agents. When performing application awareness, this execution can be carried out at the hypervisor level via VIX without requiring network connectivity. Therefore, in the design philosophy of backup software, it can bring an extra layer of security to backups in DMZ zones.

4. Which Backup Type Should You Choose?

Environment	Recommended Method	Why
Virtual Machines (VMware/Hyper-V)	Agentless	Easy to manage, faster
Physical Servers	Agent-based	Better for app-level consistency
Cloud Workloads	Agentless (API-based)	Scalable, cost-efficient
Legacy Systems	Agent-based	Required for deeper integration

For modern virtualized or hybrid environments, agentless backup is preferred due to efficiency and scalability. However, agent-based backup remains essential for mission-critical applications.

5. Combining Both for Best Results

A hybrid approach can deliver the best of both worlds:

• Use agentless backup for general VM protection.

• Deploy agents only where necessary (e.g., databases, ERP systems).

This approach simplifies management while maintaining granular recovery capabilities.

📖 For additional insights, see Gartner’s Data Protection Market Guide on backup technologies and trends.

Conclusion

The debate between agent vs agentless backup software isn’t about which is universally better—it’s about choosing what fits your infrastructure.

For large-scale VMware and Hyper-V environments, agentless backup provides simplicity and scalability. Meanwhile, agent-based backup remains vital for detailed application-level restores.

By understanding both approaches, you can design a balanced data protection strategy that ensures reliability, performance, and compliance.

An Alternative Method to Defend Against Ransomware – Advanced Data Protection Strategies

Introduction

Ransomware remains one of the biggest cybersecurity threats to businesses today. Even organizations with strong firewalls and antivirus software are not immune.

To ensure full resilience, IT administrators must explore alternative methods to defend against ransomware, going beyond traditional endpoint protection to secure data backups, isolate networks, and strengthen recovery plans.

1. The Rising Threat of Ransomware

According to Cybersecurity Ventures, ransomware attacks are expected to cost businesses over $265 billion annually by 2031. Attackers target backups, encrypt data, and demand payment, leaving companies helpless without recovery options.

Traditional defenses (antivirus, intrusion detection) are no longer enough — you need a layered, backup-driven defense strategy.

2. Alternative Ransomware Defense: Immutable Backups

Immutable backups are the backbone of a modern ransomware protection plan. These backups cannot be modified or deleted, even by administrators.

Best practices:

• Store critical backups in immutable storage (e.g., Veeam Hardened Repositories or cloud object storage).

• Use air-gapped or offline backup copies.

• Test recovery regularly to ensure data integrity.

👉 Related reading: Making VBR Login More Secure – Complete Guide to Veeam Authentication

3. Offline Storage

Today, I want to share an unconventional data storage method with everyone: using a rotating system of external hard drives for backup storage. This approach is quite creative and rarely used by administrators. Typically, such rotation methods are more common with optical discs and tapes, and are rarely used with external hard drives. It's important to note that this method isn't a foolproof solution that lets you rest easy; it's more of an unconventional workaround for using offline drives.

Scenario and Requirements:

- A portable hard drive enclosure that allows for easy drive swapping—the faster, the better. Generally, interfaces like USB 3, USB-C, or eSATA are good choices, with USB 3 and USB-C being more universal.

- Multiple high-capacity mechanical hard drives, preferably 7200 RPM SATA drives, which are usually compatible with these portable enclosures.

- Backup data is written to each drive in rotation based on a set cycle, and the backup administrator removes the drives periodically for offline storage.

Achieved Outcomes:

- As long as the data hasn't been tampered with or encrypted before going offline, the data on the drive is secure once offline.

- The backup data on each drive is self-contained and doesn't depend on other drives.

- Each drive contains its own metadata configuration file for reading information during data usage.

- Compared to tapes, this method has advantages: data usage and restoration are more straightforward.

4. Network Isolation and Zero Trust Architecture

Prevent ransomware from spreading by implementing Zero Trust principles:

• Limit network access with role-based security.

• Segment networks to isolate critical workloads.

• Disable unnecessary protocols like SMB and RDP.

📌 Refer to CISA’s Zero Trust Maturity Model for detailed recommendations.

5. Leverage Backup Software with Built-in Security

Tools like Veeam Backup & Replication or Vinchin Backup & Recovery offer ransomware defense through:

• Immutable repositories

• Encrypted backups

• Multi-factor authentication for console access

• Built-in anomaly detection

Conclusion

The best way to defend against ransomware isn’t just prevention—it’s resilient recovery. By combining immutable backups, network isolation, and layered protection, organizations can guarantee data safety even after an attack.

The future of cybersecurity depends on proactive data protection — make sure your backup and recovery strategies are ready.