Acronis – Cyber Protection Service – 21.01 – User Manual

Category: Software and Application User Guides and Manuals

Download user manual for Acronis – Cyber Protection Service – 21.01 – User Manual 
Preview: Below is a preview of the manual as extracted from the PDF file


C y b e r P r o t e c t i o n
V e r s i o n 2 1 . 0 1
Revision: 1/15/2021 U S E R G U I D ETable of contents
1  Cyber Protection service editions and sub-editions 14
1.0.1  Cyber Protect edition 14
1.0.2  Cyber Backup edition 14
1.0.3  Comparison of editions 14
1.0.4  Disaster Recovery add-on 14
2  Software requirements 15
2.1  Supported Cyber Protect features by operating system 15
2.2  Supported web browsers 19
2.3  Supported operating systems and environments 20
2.3.1  Agent for Windows 20
2.3.2  Agent for SQL, Agent for Active Directory, Agent for Exchange (for database backup and
application-aware backup) 20
2.3.3  Agent for Exchange (for mailbox backup) 20
2.3.4  Agent for Office 365 21
2.3.5  Agent for Oracle 21
2.3.6  Agent for Linux 21
2.3.7  Agent for Mac 22
2.3.8  Agent for VMware (Virtual Appliance) 22
2.3.9  Agent for VMware (Windows) 23
2.3.10  Agent for Hyper-V 23
2.3.11  Agent for Virtuozzo 23
2.3.12  Agent for Virtuozzo Hybrid Infrastructure 23
2.4  Supported Microsoft SQL Server versions 23
2.5  Supported Microsoft Exchange Server versions 24
2.6  Supported Microsoft SharePoint versions 24
2.7  Supported Oracle Database versions 24
2.8  Supported SAP HANA versions 24
2.9  Supported virtualization platforms 25
2.9.1  Limitations 28
2.10  Compatibility with encryption software 29
2.10.1  Common installation rule 30
2.10.2  The way of using Secure Zone 30
2.10.3  Common backup rule 30
2.10.4  Software-specific recovery procedures 30
3  Supported file systems 32
23.0.1  Data Deduplication 33
4  Activating the account 34
4.1  Two-factor authentication 34
4.1.1  What if… 35
5  Accessing the Cyber Protection service 36
6  Installing the software 37
6.1  Which agent do I need? 37
6.1.1  Disk space requirements for agents 39
6.2  Preparation 40
6.2.1  Step 1 40
6.2.2  Step 2 40
6.2.3  Step 3 40
6.2.4  Step 4 40
6.2.5  Step 5 41
6.2.6  Step 6 41
6.3  Linux packages 42
6.3.1  Are the required packages already installed? 42
6.3.2  Installing the packages from the repository 43
6.3.3  Installing the packages manually 44
6.4  Proxy server settings 45
6.4.1  In Windows 45
6.4.2  In Linux 47
6.4.3  In macOS 48
6.4.4  In bootable media 49
6.5  Installing agents 49
6.5.1  In Windows 49
6.5.2  In Linux 50
6.5.3  In macOS 51
6.5.4  Changing the logon account on Windows machines 52
6.6  Unattended installation or uninstallation 54
6.6.1  Unattended installation or uninstallation in Windows 54
6.6.2  Unattended installation or uninstallation in Linux 59
6.6.3  Unattended installation and uninstallation in macOS 65
6.7  Registering machines manually 67
6.7.1  Passwords with special characters or blank spaces 70
6.8  Autodiscovery of machines 71
6.8.1  How it works 71
36.8.2  Prerequisites 72
6.8.3  Machine discovery process 72
6.8.4  Autodiscovery and manual discovery 73
6.8.5  Managing discovered machines 78
6.8.6  Troubleshooting 78
6.9  Deploying Agent for VMware (Virtual Appliance) from an OVF template 80
6.9.1  Before you start 80
6.9.2  Deploying the OVF template 80
6.9.3  Configuring the virtual appliance 81
6.10  Deploying Agent for Virtuozzo Hybrid Infrastructure (Virtual Appliance) from a QCOW2
template 82
6.10.1  Before you start 82
6.10.2  Configuring networks in Virtuozzo Hybrid Infrastructure 83
6.10.3  Configuring user accounts in Virtuozzo Hybrid Infrastructure 84
6.10.4  Deploying the QCOW2 template 85
6.10.5  Configuring the virtual appliance 86
6.11  Deploying agents through Group Policy 89
6.11.1  Prerequisites 89
6.11.2  Step 1: Generating a registration token 89
6.11.3  Step 2: Creating the .mst transform and extracting the installation package 90
6.11.4  Step 3: Setting up the Group Policy objects 90
6.12  Updating agents 91
6.13  Preventing unauthorized uninstallation or modification of agents 93
6.14  Uninstalling agents 94
6.14.1  In Windows 94
6.14.2  In Linux 95
6.14.3  In macOS 95
6.14.4  Removing Agent for VMware (Virtual Appliance) 95
6.15  Security settings 96
6.15.1  Automatic updates for components 96
6.15.2  Updating the Cyber Protection definitions by schedule 96
6.15.3  Updating the Cyber Protection definitions on-demand 97
6.15.4  Cache storage 97
6.15.5  Remote connection 97
6.16  Changing the service quota of machines 98
6.17  Cyber Protection services installed in your environment 98
6.17.1  Services installed in Windows 98
46.17.2  Services installed in macOS 99
7  Service console 100
8  Voice control for operations in the console 103
9  Device groups 107
9.1  Built-in groups 107
9.2  Custom groups 107
9.3  Creating a static group 108
9.4  Adding devices to static groups 108
9.5  Creating a dynamic group 108
9.5.1  Search criteria 109
9.5.2  Operators 113
9.6  Applying a protection plan to a group 114
10  Protection plan and modules 115
10.1  Creating a protection plan 115
10.2  Default protection plans 116
10.2.1  Default plan options 117
10.3  Resolving plan conflicts 120
10.3.1  Applying several plans to a device 120
10.3.2  Resolving plan conflicts 120
10.4  Operations with protection plans 121
11  #CyberFit Score for machines 123
11.1  How it works 123
11.1.1  #CyberFit scoring mechanism 123
11.2  Running a #CyberFit Score scan 127
12  Backup and recovery 129
12.1  Backup 129
12.2  Protection plan cheat sheet 131
12.3  Selecting data to back up 133
12.3.1  Selecting disks/volumes 133
12.3.2  Selecting files/folders 136
12.3.3  Selecting system state 138
12.3.4  Selecting ESXi configuration 138
12.4  Continuous data protection (CDP) 139
12.5  Selecting a destination 145
12.5.1  Advanced storage option 146
12.5.2  About Secure Zone 146
12.6  Schedule 149
512.6.1  Backup schemes 149
12.6.2  Additional scheduling options 150
12.6.3  Schedule by events 152
12.6.4  Start conditions 154
12.7  Retention rules 160
12.7.1  What else you need to know 161
12.8  Replication 161
12.8.1  Usage examples 161
12.8.2  Supported locations 162
12.9  Encryption 162
12.9.1  Encryption in a protection plan 162
12.9.2  Encryption as a machine property 163
12.9.3  How the encryption works 164
12.10  Notarization 164
12.10.1  How to use notarization 165
12.10.2  How it works 165
12.11  Starting a backup manually 165
12.12  Default backup options 165
12.13  Backup options 166
12.13.1  Availability of the backup options 166
12.13.2  Alerts 168
12.13.3  Backup consolidation 169
12.13.4  Backup file name 170
12.13.5  Backup format 173
12.13.6  Backup validation 174
12.13.7  Changed block tracking (CBT) 175
12.13.8  Cluster backup mode 175
12.13.9  Compression level 177
12.13.10  Error handling 177
12.13.11  Fast incremental/differential backup 178
12.13.12  File filters 179
12.13.13  File-level backup snapshot 180
12.13.14  Forensic data 181
12.13.15  Log truncation 189
12.13.16  LVM snapshotting 190
12.13.17  Mount points 190
12.13.18  Multi-volume snapshot 191
612.13.19  Performance and backup window 191
12.13.20  Physical Data Shipping 195
12.13.21  Pre/Post commands 196
12.13.22  Pre/Post data capture commands 197
12.13.23  Scheduling 199
12.13.24  Sector-by-sector backup 200
12.13.25  Splitting 200
12.13.26  Task failure handling 201
12.13.27  Task start conditions 201
12.13.28  Volume Shadow Copy Service (VSS) 202
12.13.29  Volume Shadow Copy Service (VSS) for virtual machines 203
12.13.30  Weekly backup 203
12.13.31  Windows event log 203
12.14  Recovery 204
12.14.1  Recovery cheat sheet 204
12.14.2  Safe recovery 205
12.14.3  Creating bootable media 207
12.14.4  Startup Recovery Manager 207
12.14.5  Recovering a machine 209
12.14.6  Prepare drivers 216
12.14.7  Check access to the drivers in bootable environment 216
12.14.8  Automatic driver search 217
12.14.9  Mass storage drivers to install anyway 217
12.14.10  Recovering files 219
12.14.11  Recovering system state 224
12.14.12  Recovering ESXi configuration 224
12.14.13  Recovery options 225
12.15  Operations with backups 233
12.15.1  The Backup storage tab 233
12.15.2  Mounting volumes from a backup 234
12.15.3  Deleting backups 235
12.16  Protecting Microsoft applications 236
12.16.1  Protecting Microsoft SQL Server and Microsoft Exchange Server 236
12.16.2  Protecting Microsoft SharePoint 236
12.16.3  Protecting a domain controller 237
12.16.4  Recovering applications 237
12.16.5  Prerequisites 238
712.16.6  Database backup 239
12.16.7  Application-aware backup 245
12.16.8  Mailbox backup 246
12.16.9  Recovering SQL databases 248
12.16.10  Recovering Exchange databases 251
12.16.11  Recovering Exchange mailboxes and mailbox items 253
12.16.12  Changing the SQL Server or Exchange Server access credentials 260
12.17  Protecting mobile devices 260
12.17.1  Supported mobile devices 260
12.17.2  What you can back up 260
12.17.3  What you need to know 261
12.17.4  Where to get the Cyber Protect app 261
12.17.5  How to start backing up your data 262
12.17.6  How to recover data to a mobile device 262
12.17.7  How to review data via the service console 262
12.18  Protecting Hosted Exchange data 264
12.18.1  What items can be backed up? 264
12.18.2  What items can be recovered? 264
12.18.3  Selecting mailboxes 264
12.18.4  Recovering mailboxes and mailbox items 265
12.19  Protecting Office 365 data 267
12.19.1  Why back up Office 365 data? 267
12.19.2  Agent for Office 365 267
12.19.3  Limitations 269
12.19.4  Required user rights 269
12.19.5  Using the locally installed Agent for Office 365 269
12.19.6  Using the cloud Agent for Office 365 272
12.20  Protecting G Suite data 293
12.20.1  What does G Suite protection mean? 293
12.20.2  Supported G Suite editions 293
12.20.3  Required user rights 293
12.20.4  About the backup schedule 294
12.20.5  Limitations 294
12.20.6  Adding a G Suite organization 294
12.20.7  Protecting Gmail data 295
12.20.8  Protecting Google Drive files 299
12.20.9  Protecting Shared drive files 303
812.20.10  Notarization 306
12.21  Protecting Oracle Database 307
12.22  Protecting SAP HANA 307
12.23  Protecting websites and hosting servers 307
12.23.1  Protecting websites 307
12.23.2  Protecting web hosting servers 311
12.24  Special operations with virtual machines 311
12.24.1  Running a virtual machine from a backup (Instant Restore) 311
12.24.2  Working in VMware vSphere 315
12.24.3  Backing up clustered Hyper-V machines 332
12.24.4  Limiting the total number of simultaneously backed-up virtual machines 332
12.24.5  Machine migration 333
12.24.6  Windows Azure and Amazon EC2 virtual machines 334
13  Disaster recovery 336
13.1  About Cyber Disaster Recovery Cloud 336
13.1.1  The key functionality 336
13.2  Software requirements 337
13.2.1  Supported operating systems 337
13.2.2  Supported virtualization platforms 337
13.2.3  Limitations 338
13.3  Set up the disaster recovery functionality 338
13.4  Create a disaster recovery protection plan 339
13.4.1  Recovery server default parameters 340
13.4.2  Cloud network infrastructure 343
13.5  Setting up connectivity 344
13.5.1  Networking concepts 344
13.5.2  Initial connectivity configuration 352
13.5.3  Network management 354
13.6  Setting up recovery servers 361
13.6.1  How failover and failback work 361
13.6.2  Recovery server lifecycle 362
13.6.3  Creating a recovery server 364
13.6.4  Performing a test failover 366
13.6.5  Performing a failover 367
13.6.6  Performing a failback 369
13.6.7  Working with encrypted backups 370
13.7  Setting up primary servers 370
913.7.1  Creating a primary server 371
13.7.2  Operations with a primary server 372
13.8  Managing the cloud servers 372
13.9  Backing up the cloud servers 373
13.10  Orchestration (runbooks) 374
13.10.1  Why use runbooks? 374
13.10.2  Creating a runbook 374
13.10.3  Operations with runbooks 376
14  Antimalware and web protection 378
14.1  Antivirus and Antimalware protection 378
14.1.1  Antimalware features 378
14.1.2  Scanning types 378
14.1.3  Antivirus and Antimalware protection settings 379
14.2  Active Protection 388
14.3  Windows Defender Antivirus and Microsoft Security Essentials 389
14.3.1  Schedule scan 389
14.3.2  Default actions 390
14.3.3  Real-time protection 390
14.3.4  Advanced 390
14.3.5  Exclusions 391
14.4  URL filtering 391
14.4.1  How it works 392
14.4.2  URL filtering configuration workflow 394
14.4.3  URL filtering settings 394
14.5  Quarantine 399
14.5.1  How do files get into the quarantine folder? 400
14.5.2  Managing quarantined files 400
14.5.3  Quarantine location on machines 401
14.6  Corporate whitelist 401
14.6.1  Automatic adding to the whitelist 401
14.6.2  Manual adding to the whitelist 401
14.6.3  Adding quarantined files to the whitelist 402
14.6.4  Whitelist settings 402
14.7  Antimalware scan of backups 402
14.7.1  How to configure backup scanning in the cloud 403
15  Protection of collaboration and communication applications 404
16  Vulnerability assessment and patch management 405
1016.1  Supported Microsoft and third-party products 405
16.1.1  Supported Microsoft products 405
16.1.2  Supported third-party products for Windows OS 406
16.2  Vulnerability assessment 406
16.2.1  How it works 406
16.2.2  Vulnerability assessment settings 407
16.2.3  Managing found vulnerabilities 408
16.2.4  Vulnerability assessment for Linux machines 410
16.3  Patch management 410
16.3.1  How it works 411
16.3.2  Patch management settings 412
16.3.3  Managing list of patches 415
16.3.4  Automatic patch approval 416
16.3.5  Manual patch approval 419
16.3.6  On-demand patch installation 419
16.3.7  Patch lifetime in the list 420
17  Software inventory 421
17.1  Enabling the software inventory scanning 421
17.2  Running a software inventory scan manually 422
17.3  Browsing the software inventory 422
17.4  Viewing the software inventory of a single device 424
18  Hardware inventory 426
18.1  Enabling the hardware inventory scanning 426
18.2  Running a hardware inventory scan manually 426
18.3  Browsing the hardware inventory 427
18.4  Viewing the hardware of a single device 429
19  Remote desktop access 431
19.1  Remote access (RDP and HTML5 clients) 431
19.1.1  How it works 432
19.1.2  How to connect to a remote machine 434
19.1.3  How to run a remote assistance session 434
19.2  Share a remote connection with users 434
20  Remote wipe 436
21  Smart protection 437
21.1  Threat feed 437
21.1.1  How it works 437
21.1.2  Deleting all alerts 439
1121.2  Data protection map 440
21.2.1  How it works 440
21.2.2  Managing the detected unprotected files 440
21.2.3  Data protection map settings 441
22  The Plans tab 443
22.1  Protection plan 443
22.2  Backup scanning plan 443
22.3  Backup plans for cloud applications 444
23  Monitoring 446
23.1  Cyber Protection 447
23.2  Protection status 447
23.2.1  Protection status 447
23.2.2  Discovered machines 448
23.3  #CyberFit Score by machine 449
23.4  Disk health forecast 449
23.4.1  How it works 450
23.4.2  Disk health widgets 450
23.4.3  Disk health status alerts 453
23.5  Data protection map 453
23.6  Vulnerability assessment widgets 454
23.6.1  Vulnerable machines 454
23.6.2  Existing vulnerabilities 455
23.7  Patch installation widgets 455
23.7.1  Patch installation status 455
23.7.2  Patch installation summary 456
23.7.3  Patch installation history 456
23.7.4  Missing updates by categories 456
23.8  Backup scanning details 457
23.9  Recently affected 457
23.10  Cloud applications 458
23.11  Software inventory table widget 459
23.12  Hardware inventory and Hardware details table widgets 459
24  Reports 460
24.0.1  Adding a report 461
24.0.2  Editing a report 461
24.0.3  Scheduling a report 462
24.0.4  Exporting and importing the report structure 463
1224.0.5  Downloading a report 463
24.0.6  Dumping the report data 463
25  Troubleshooting 464
Glossary 465
Index 468
131  Cyber Protection service editions and sub-
editions
With its editions and sub-editions, the Cyber Protection service provides protection that meets the
needs and budget of different partners and customers.
The following editions are available:
  l Cyber Protect
  l Cyber Backup
1.0.1  Cyber Protect edition
This edition is licensed per workload—that is, according to the number of protected machines,
regardless of the size of backed-up data.
Within the Cyber Protect edition, the following sub-editions are available:
  l Cyber Protect Essentials
  l Cyber Protect Standard
  l Cyber Protect Advanced
  l Cyber Backup Standard
1.0.2  Cyber Backup edition
This edition is licensed per GB—that is, according to the size of backed-up data, regardless of the
number of protected machines.
In the Cyber Backup edition, there are no sub-editions—only Cyber Backup Standard offering items
are available.
1.0.3  Comparison of editions
The number and scope of the available features depend on the edition of Cyber Protection service.
For a detailed comparison between the features in each edition and sub-edition, refer to Compare
Acronis Cyber Protection Editions.
1.0.4  Disaster Recovery add-on
The Disaster Recovery add-on provides recovery functionality designed for companies that have high
requirements for the Recovery Time Objective (RTO). This add-on is available only with the Cyber
Protect edition.
Note
The Disaster recovery add-on cannot be used with the Cyber Protect Essentials sub-edition.
142  Software requirements
2.1  Supported Cyber Protect features by operating
system
The Cyber Protect features are supported on the following operating systems:
  l Windows: Windows 7 Service Pack 1 and later, Windows Server 2008 R2 Service Pack 1 and later.
Windows Defender Antivirus management is supported on Windows 8.1 and later.
  l Linux: CentOS 6.10, 7.8+, CloudLinux 6.10, 7.8+, Ubuntu 16.04.7+, where plus refers to minor
versions of these distributions.
Other Linux distributions and versions might be supported, but have not been tested.
  l macOS: 10.13.x and later (only Antivirus and Antimalware protection is supported).
Important
The Cyber Protect features are only supported for machines on which a protection agent is installed.
For virtual machines protected in agentless mode, for example by Agent for Hyper-V, Agent for
VMware, or Agent for Virtuozzo Hybrid Infrastructure, only backup is supported.
Cyber Protect features Windows Linux macOS
Default protection plans
Remote Workers Yes No No
Office Workers (third-party antivirus) Yes No No
Office Workers (Cyber Protectantivirus) Yes No No
Cyber Protect Essentials (only for Cyber Protect Essentials
edition)
Yes No No
Forensic backup
Collecting memory dump Yes No No
Snapshot of running processes Yes No No
Forensic backup for machines with one drive without
reboot
Yes No No
Notarization of local image forensic backup Yes No No
Notarization of cloud image forensic backup Yes No No
Continuous data protection (CDP)
CDP for files and folders Yes No No
15CDP for changed files via application tracking Yes No No
Autodiscovery and remote installation
Network-based discovery Yes No No
Active Directory-based discovery Yes No No
Template-based discovery (importing machines from a file) Yes No No
Manual adding of devices Yes No No
Active Protection
Process Injects detection Yes No No
Automatic recovery of affected files from the local cache Yes Yes No
Self-defense for Acronis backup files Yes No No
Self-defense for Acronis software Yes No No
Trusted/blocked process management Yes No No
Processes/folders exclusions Yes Yes No
Ransomware detection based on a process behavior (AI-
based)
Yes No No
Cryptomining process detection based on process
behavior
Yes No No
External drives protection (HDD, flash drives, SD cards) Yes No No
Network folder protection Yes Yes No
Server-side protection Yes No No
Zoom, Cisco Webex, Citrix Workspace, and Microsoft
Teams protection
Yes No No
Antivirus and Antimalware protection
Fully-integrated Active Protection functionality Yes No No
Real-time antimalware protection Yes No Yes
Static analysis for portable executable files Yes No Yes*
On-demand antimalware scanning Yes No Yes
Network folder protection Yes No No
Server-side protection Yes No No
Scan of archive files Yes No Yes
16Scan of removable drives Yes No Yes
Scan of only new and changed files Yes No Yes
File/folder exclusions Yes No Yes**
Processes exclusions Yes No No
Behavioral analysis engine Yes No No
Exploit prevention Yes No No
Quarantine Yes No Yes
Quarantine auto clean-up Yes No Yes
URL filtering (http/https) Yes No No
Corporate-wide whitelist Yes No Yes
Windows Defender Antivirus management Yes No No
Microsoft Security Essentials management Yes No No
Registering and managing Antivirus and Antimalware
protection via Windows Security Center
Yes No No
Exploit prevention in antivirus and antimalware protection Yes No No
Vulnerability and configuration assessment
Vulnerability assessment for Windows Yes No No
Vulnerability assessments of Cyber Infrastructure
(Linux)***
No Yes No
Vulnerability assessment for 3rd-party Windows
applications
Yes No No
Patch management
Patch auto-approval Yes No No
Patch auto-installation Yes No No
Patch testing Yes No No
Manual patch installation Yes No No
Patch scheduling Yes No No
Fail-safe patching: backup of machine before installing
patches as part of protection plan
Yes No No
Cancelation of a machine reboot if a backup is running Yes No No
17Data protection map
Adjustable definition of important files Yes No No
Scanning machines to find unprotected files Yes No No
Unprotected locations overview Yes No No
Ability to start the protection action from the Data
protection map widget (Protect all files action)
Yes No No
Disk health
AI-based HDD and SSD health control Yes No No
Smart protection plans based on Acronis Cyber Protection Operations Center (CPOC) alerts
Threat feed Yes No No
Remediation wizard Yes No No
Backup scanning
Antimalware scan of image backups as part of backup plan Yes No No
Scanning of image backups for malware in cloud Yes No No
Malware scan of encrypted backups Yes No No
Safe recovery
Antimalware scanning with Antivirus and Antimalware
protection during the recovery process
Yes No No
Safe recovery for encrypted backups Yes No No
Remote desktop connection
Connection via HTML5-based client Yes No No
Connection via native Windows RDP client Yes No No
Remote assistance Yes No No
#CyberFit Score
#CyberFit Score status Yes No No
#CyberFit Score standalone tool Yes No No
#CyberFit Score recommendations Yes No No
Management options
Upsell scenarios to promote Cyber Protect editions Yes Yes Yes
18Web-based centralized and remote management console Yes Yes Yes
Protection options
Remote wipe (Windows 10 only) Yes No No
Cyber Protect Monitor
Cyber Protect Monitor app Yes No Yes
Protection status for Zoom Yes No No
Protection status for Cisco Webex Yes No No
Protection status for Citrix Workspace Yes No No
Protection status for Microsoft Teams Yes No No
Software inventory
Software inventory scanning Yes No Yes
Software inventory monitoring Yes No Yes
Hardware inventory
Hardware inventory scanning Yes No Yes
Hardware inventory monitoring Yes No Yes
* Static analysis for portable executable files is supported only for scheduled scans on macOS.
** File/folder exclusions are only supported for the case when you specify files and folders that will
not be scanned by real-time protection or scheduled scans on macOS.
*** The vulnerability assessment depends on the availability of official security advisories for specific
distribution, for example https://lists.centos.org/pipermail/centos-announce/,
https://lists.centos.org/pipermail/centos-cr-announce/, and others.
2.2  Supported web browsers
The web interface supports the following web browsers:
  l Google Chrome 29 or later
  l Mozilla Firefox 23 or later
  l Opera 16 or later
  l Windows Internet Explorer 11 or later
  l Microsoft Edge 25 or later
  l Safari 8 or later running in the macOS and iOS operating systems
In other web browsers (including Safari browsers running in other operating systems), the user
interface might be displayed incorrectly or some functions may be unavailable.
192.3  Supported operating systems and environments
2.3.1  Agent for Windows
Windows XP Professional SP1 (x64), SP2 (x64), SP3 (x86)
Windows Server 2003 SP1/2003 R2 and later – Standard and Enterprise editions (x86, x64)
Windows Small Business Server 2003/2003 R2
Windows Vista – all editions
Windows Server 2008 – Standard, Enterprise, Datacenter, Foundation, and Web editions (x86, x64)
Windows Small Business Server 2008
Windows 7 – all editions
Windows Server 2008 R2 – Standard, Enterprise, Datacenter, Foundation, and Web editions
Windows Home Server 2011
Windows MultiPoint Server 2010/2011/2012
Windows Small Business Server 2011 – all editions
Windows 8/8.1 – all editions (x86, x64), except for the Windows RT editions
Windows Server 2012/2012 R2 – all editions
Windows Storage Server 2003/2008/2008 R2/2012/2012 R2/2016
Windows 10 – Home, Pro, Education, Enterprise, IoT Enterprise and LTSC (formerly LTSB) editions
Windows Server 2016 – all installation options, except for Nano Server
Windows Server 2019 – all installation options, except for Nano Server
2.3.2  Agent for SQL, Agent for Active Directory, Agent for Exchange
(for database backup and application-aware backup)
Each of these agents can be installed on a machine running any operating system listed above and a
supported version of the respective application.
2.3.3  Agent for Exchange (for mailbox backup)
Windows Server 2008 – Standard, Enterprise, Datacenter, Foundation, and Web editions (x86, x64)
Windows Small Business Server 2008
Windows 7 – all editions
Windows Server 2008 R2 – Standard, Enterprise, Datacenter, Foundation, and Web editions
20Windows MultiPoint Server 2010/2011/2012
Windows Small Business Server 2011 – all editions
Windows 8/8.1 – all editions (x86, x64), except for the Windows RT editions
Windows Server 2012/2012 R2 – all editions
Windows Storage Server 2008/2008 R2/2012/2012 R2
Windows 10 – Home, Pro, Education, and Enterprise editions
Windows Server 2016 – all installation options, except for Nano Server
Windows Server 2019 – all installation options, except for Nano Server
2.3.4  Agent for Office 365
Windows Server 2008 – Standard, Enterprise, Datacenter, Foundation, and Web editions (x64 only)
Windows Small Business Server 2008
Windows Server 2008 R2 – Standard, Enterprise, Datacenter, Foundation, and Web editions
Windows Home Server 2011
Windows Small Business Server 2011 – all editions
Windows 8/8.1 – all editions (x64 only), except for the Windows RT editions
Windows Server 2012/2012 R2 – all editions
Windows Storage Server 2008/2008 R2/2012/2012 R2/2016 (x64 only)
Windows 10 – Home, Pro, Education, and Enterprise editions (x64 only)
Windows Server 2016 – all installation options (x64 only), except for Nano Server
Windows Server 2019 – all installation options (x64 only), except for Nano Server
2.3.5  Agent for Oracle
Windows Server 2008R2 – Standard, Enterprise, Datacenter, and Web editions (x86, x64)
Windows Server 2012R2 – Standard, Enterprise, Datacenter, and Web editions (x86, x64)
Linux – any kernel and distribution supported by Agent for Linux (listed below)
2.3.6  Agent for Linux
Linux with kernel from 2.6.9 to 5.7 and glibc 2.3.4 or later, including the following x86 and x86_64
distributions:
Red Hat Enterprise Linux 4.x, 5.x, 6.x, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7. 7.8, 8.0*, 8.1*, 8.2*
21Ubuntu 9.10, 10.04, 10.10, 11.04, 11.10, 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04, 15.10,
16.04, 16.10, 17.04, 17.10, 18.04, 18.10, 19.04, 19.10, 20.04
Fedora 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31
SUSE Linux Enterprise Server 10 and 11
SUSE Linux Enterprise Server 12 – supported on file systems, except for Btrfs
Debian 4, 5, 6, 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.11, 9.0, 9.1, 9.2,
9.3, 9.4, 9.5, 9.6, 9.7, 9.8, 10
CentOS 5.x, 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, 8.2
Oracle Linux 5.x, 6.x, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8, 8.0, 8.1, 8.2 – both Unbreakable Enterprise
Kernel and Red Hat Compatible Kernel
CloudLinux 5.x, 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 8.2
ClearOS 5.x, 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6
ALT Linux 7.0
Before installing the product on a system that does not use RPM Package Manager, such as an
Ubuntu system, you need to install this manager manually; for example, by running the following
command (as the root user): apt-get install rpm
* Configurations with Stratis are not supported.
2.3.7  Agent for Mac
OS X Mavericks 10.9
OS X Yosemite 10.10
OS X El Capitan 10.11
macOS Sierra 10.12
macOS High Sierra 10.13
macOS Mojave 10.14
macOS Catalina 10.15
macOS Big Sur 11
2.3.8  Agent for VMware (Virtual Appliance)
This agent is delivered as a virtual appliance for running on an ESXi host.
VMware ESXi 4.1, 5.0, 5.1, 5.5, 6.0, 6.5, 6.7
222.3.9  Agent for VMware (Windows)
This agent is delivered as a Windows application for running in any operating system listed above for
Agent for Windows with the following exceptions:
  l 32-bit operating systems are not supported.
  l Windows XP, Windows Server 2003/2003 R2, and Windows Small Business Server 2003/2003 R2
are not supported.
2.3.10  Agent for Hyper-V
Windows Server 2008 (x64 only) with Hyper-V role, including Server Core installation mode
Windows Server 2008 R2 with Hyper-V role, including Server Core installation mode
Microsoft Hyper-V Server 2008/2008 R2
Windows Server 2012/2012 R2 with Hyper-V role, including Server Core installation mode
Microsoft Hyper-V Server 2012/2012 R2
Windows 8, 8.1 (x64 only) with Hyper-V
Windows 10 – Pro, Education, and Enterprise editions with Hyper-V
Windows Server 2016 with Hyper-V role – all installation options, except for Nano Server
Microsoft Hyper-V Server 2016
Windows Server 2019 with Hyper-V role – all installation options, except for Nano Server
Microsoft Hyper-V Server 2019
2.3.11  Agent for Virtuozzo
Virtuozzo 6.0.10, 6.0.11, 6.0.12, 7.0.13, 7.0.14
2.3.12  Agent for Virtuozzo Hybrid Infrastructure
Virtuozzo Hybrid Infrastructure 3.5, 4.0
2.4  Supported Microsoft SQL Server versions
  l Microsoft SQL Server 2019
  l Microsoft SQL Server 2017
  l Microsoft SQL Server 2016
  l Microsoft SQL Server 2014
  l Microsoft SQL Server 2012
  l Microsoft SQL Server 2008 R2
23  l Microsoft SQL Server 2008
  l Microsoft SQL Server 2005
2.5  Supported Microsoft Exchange Server versions
  l Microsoft Exchange Server 2019 – all editions.
  l Microsoft Exchange Server 2016 – all editions.
  l Microsoft Exchange Server 2013 – all editions, Cumulative Update 1 (CU1) and later.
  l Microsoft Exchange Server 2010 – all editions, all service packs. Mailbox backup and granular
recovery from database backups are supported starting with Service Pack 1 (SP1).
  l Microsoft Exchange Server 2007 – all editions, all service packs. Mailbox backup and granular
recovery from database backups are not supported.
2.6  Supported Microsoft SharePoint versions
Cyber Protection supports the following Microsoft SharePoint versions:
  l Microsoft SharePoint 2013
  l Microsoft SharePoint Server 2010 SP1
  l Microsoft SharePoint Foundation 2010 SP1
  l Microsoft Office SharePoint Server 2007 SP2*
  l Microsoft Windows SharePoint Services 3.0 SP2*
*In order to use SharePoint Explorer with these versions, you need a SharePoint recovery farm to
attach the databases to.
The backups or databases from which you extract data must originate from the same SharePoint
version as the one where SharePoint Explorer is installed.
2.7  Supported Oracle Database versions
  l Oracle Database version 11g, all editions
  l Oracle Database version 12c, all editions.
Only single-instance configurations are supported.
2.8  Supported SAP HANA versions
HANA 2.0 SPS 03 installed in RHEL 7.6 running on a physical machine or VMware ESXi virtual
machine.
Because SAP HANA does not support recovery of multitenant database containers by using storage
snapshots, this solution supports SAP HANA containers with only one tenant database.
242.9  Supported virtualization platforms
The following table summarizes how various virtualization platforms are supported.
Platform Backup at a hypervisor level (agentless backup) Backup from inside
a guest OS
VMware
VMware vSphere
versions: 4.1, 5.0,
5.1, 5.5, 6.0, 6.5, 6.7,
7.0
VMware vSphere
editions:
VMware vSphere
Essentials*
VMware vSphere
Essentials Plus*
VMware vSphere
Standard*
VMware vSphere
Advanced
VMware vSphere
Enterprise
VMware vSphere
Enterprise Plus
+ +
VMware vSphere
Hypervisor (Free
ESXi)**
  +
VMware Server
(VMware Virtual
server)
VMware Workstation
VMware ACE
VMware Player
  +
Microsoft
Windows Server
2008 (x64) with
Hyper-V
+ +
25Windows Server
2008 R2 with Hyper-
V
Microsoft Hyper-V
Server 2008/2008 R2
Windows Server
2012/2012 R2 with
Hyper-V
Microsoft Hyper-V
Server 2012/2012 R2
Windows 8, 8.1 (x64)
with Hyper-V
Windows 10 with
Hyper-V
Windows Server
2016 with Hyper-V –
all installation
options, except for
Nano Server
Microsoft Hyper-V
Server 2016
Windows Server
2019 with Hyper-V –
all installation
options, except for
Nano Server
Microsoft Hyper-V
Server 2019
Microsoft Virtual PC
2004 and 2007
Windows Virtual PC
  +
Microsoft Virtual
Server 2005
  +
Citrix
Citrix XenServer
4.1.5, 5.5, 5.6, 6.0,
6.1, 6.2, 6.5, 7.0, 7.1,
7.2, 7.3, 7.4, 7.5
  Only fully virtualized
(aka HVM) guests.
Paravirtualized (aka
PV) guests are not
supported.
26Red Hat and Linux
Red Hat Enterprise
Virtualization (RHEV)
2.2, 3.0, 3.1, 3.2, 3.3,
3.4, 3.5, 3.6
Red Hat
Virtualization (RHV)
4.0, 4.1
  +
Kernel-based Virtual
Machines (KVM)
  +
Parallels
Parallels
Workstation
  +
Parallels Server 4
Bare Metal
  +
Oracle
Oracle VM Server
3.0, 3.3, 3.4
  Only fully virtualized
(aka HVM) guests.
Paravirtualized (aka
PV) guests are not
supported.
Oracle VM
VirtualBox 4.x
  +
Nutanix
Nutanix Acropolis
Hypervisor (AHV)
20160925.x through
20180425.x
  +
Virtuozzo
Virtuozzo 6.0.10,
6.0.11, 6.0.12
+ Virtual machines
only. Containers are
not supported.
Virtuozzo 7.0.13,
7.0.14
Ploop containers only. Virtual machines are not supported. Virtual machines
only. Containers are
not supported.
Virtuozzo 7.5 + Virtual machines
only. Containers are
not supported.
27Virtuozzo Hybrid Infrastructure
Virtuozzo Hybrid
Infrastructure 3.5,
4.0
+ +
Amazon
Amazon EC2
instances
  +
Microsoft Azure
Azure virtual
machines
  +
* In these editions, the HotAdd transport for virtual disks is supported on vSphere 5.0 and later. On
version 4.1, backups may run slower.
** Backup at a hypervisor level is not supported for vSphere Hypervisor because this product
restricts access to Remote Command Line Interface (RCLI) to read-only mode. The agent works during
the vSphere Hypervisor evaluation period while no serial key is entered. Once you enter a serial key,
the agent stops functioning.
2.9.1  Limitations
  l Fault tolerant machines
Agent for VMware backs up a fault tolerant machine only if fault tolerance was enabled in VMware
vSphere 6.0 and later. If you upgraded from an earlier vSphere version, it is enough to disable and
enable fault tolerance for each machine. If you are using an earlier vSphere version, install an agent
in the guest operating system.
  l Independent disks and RDM
Agent for VMware does not back up Raw Device Mapping (RDM) disks in physical compatibility
mode or independent disks. The agent skips these disks and adds warnings to the log. You can
avoid the warnings by excluding independent disks and RDMs in physical compatibility mode from
the protection plan. If you want to back up these disks or data on these disks, install an agent in
the guest operating system.
  l Pass-through disks
Agent for Hyper-V does not back up pass-through disks. During backup, the agent skips these
disks and adds warnings to the log. You can avoid the warnings by excluding pass-through disks
from the protection plan. If you want to back up these disks or data on these disks, install an agent
in the guest operating system.
  l Hyper-V guest clustering
Agent for Hyper-V does not support backup of Hyper-V virtual machines that are nodes of a
Windows Server Failover Cluster. A VSS snapshot at the host level can even temporarily disconnect
28the external quorum disk from the cluster. If you want to back up these machines, install agents in
the guest operating systems.
  l In-guest iSCSI connection
Agent for VMware and Agent for Hyper-V do not back up LUN volumes connected by an iSCSI
initiator that works within the guest operating system. Because the ESXi and Hyper-V hypervisors
are not aware of such volumes, the volumes are not included in hypervisor-level snapshots and are
omitted from a backup without a warning. If you want to back up these volumes or data on these
volumes, install an agent in the guest operating system.
  l Linux machines containing logical volumes (LVM)
Agent for VMware and Agent for Hyper-V do not support the following operations for Linux
machines with LVM:
 
o
P2V migration, V2P migration, and V2V migration from Virtuozzo. Use Agent for Linux to create
the backup and bootable media to recover.
 
o
Running a virtual machine from a backup created by Agent for Linux.
  l Encrypted virtual machines (introduced in VMware vSphere 6.5)
 
o
Encrypted virtual machines are backed up in an unencrypted state. If encryption is critical to
you, enable encryption of backups when creating a protection plan.
 
o
Recovered virtual machines are always unencrypted. You can manually enable encryption after
the recovery is complete.
 
o
If you back up encrypted virtual machines, we recommend that you also encrypt the virtual
machine where Agent for VMware is running. Otherwise, operations with encrypted machines
may be slower than expected. Apply the VM Encryption Policy to the agent`s machine by
using vSphere Web Client.
 
o
Encrypted virtual machines will be backed up via LAN, even if you configure the SAN transport
mode for the agent. The agent will fall back on the NBD transport because VMware does not
support SAN transport for backing up encrypted virtual disks.
  l Secure Boot
 
o
VMware virtual machines: (introduced in VMware vSphere 6.5) Secure Boot is disabled after a
virtual machine is recovered as a new virtual machine. You can manually enable this option after
the recovery is complete. This limitation applies to VMware.
 
o
Hyper-V virtual machines: For all GEN2 VMs, Secure Boot is disabled after the virtual machine is
recovered to both new virtual machine or an existing virtual machine.
  l ESXi configuration backup is not supported for VMware vSphere 7.0.
2.10  Compatibility with encryption software
There are no limitations on backing up and recovering data that is encrypted by file-level encryption
software.
Disk-level encryption software encrypts data on the fly. This is why data contained in the backup is
not encrypted. Disk-level encryption software often modifies system areas: boot records, or partition
29tables, or file system tables. These factors affect disk-level backup and recovery, the ability of the
recovered system to boot and access to Secure Zone.
You can back up the data encrypted by the following disk-level encryption software:
  l Microsoft BitLocker Drive Encryption
  l McAfee Endpoint Encryption
  l PGP Whole Disk Encryption.
To ensure reliable disk-level recovery, follow the common rules and software-specific
recommendations.
2.10.1  Common installation rule
The strong recommendation is to install the encryption software before installing the protection
agents.
2.10.2  The way of using Secure Zone
Secure Zone must not be encrypted with disk-level encryption. This is the only way to use Secure
Zone:
 1. Install the encryption software; then, install the agent.
 2. Create Secure Zone.
 3. Exclude Secure Zone when encrypting the disk or its volumes.
2.10.3  Common backup rule
You can do a disk-level backup in the operating system.
2.10.4  Software-specific recovery procedures
Microsoft BitLocker Drive Encryption
To recover a system that was encrypted by BitLocker:
 1. Boot from the bootable media.
 2. Recover the system. The recovered data will be unencrypted.
 3. Reboot the recovered system.
 4. Turn on BitLocker.
If you only need to recover one partition of a multi-partitioned disk, do so under the operating
system. Recovery under bootable media may make the recovered partition undetectable for
Windows.
McAfee Endpoint Encryption and PGP Whole Disk Encryption
You can recover an encrypted system partition by using bootable media only.
30If the recovered system fails to boot, rebuild Master Boot Record as described in the following
Microsoft knowledge base article: https://support.microsoft.com/kb/2622803
313  Supported file systems
A protection agent can back up any file system that is accessible from the operating system where the
agent is installed. For example, Agent for Windows can back up and recover an ext4 file system if the
corresponding driver is installed in Windows.
The following table summarizes the file systems that can be backed up and recovered (bootable
media supports only recovery). The limitations apply to both the agents and bootable media.
File system
Supported by
Limitations
Agents
Bootable media for
Windows and Linux
Bootable
media for
Mac
FAT16/32
All
agents
+ +
No limitations
NTFS + +
ext2/ext3/ext4 + –
HFS+
Agent
for Mac
– +
APFS – +
  l Supported starting with
macOS High Sierra 10.13
  l Disk configuration should be
re-created manually when
recovering to a non-original
machine or bare metal.
JFS
Agent
for Linux
+ –
  l Files cannot be excluded
from a disk backup
  l Fast incremental/ differential
backup cannot be enabled ReiserFS3 + –
ReiserFS4 + –
  l Files cannot be excluded
from a disk backup
  l Fast incremental/ differential
backup cannot be enabled
  l Volumes cannot be resized
during a recovery
ReFS
All
agents
+ +
XFS + +
Linux swap
Agent
for Linux
+ – No limitations
exFAT
All
agents
+
Bootable media cannot
+
  l Only disk/volume backup is
supported
  l Files cannot be excluded
32be used for recovery if
the backup is stored on
exFAT
from a backup
  l Individual files cannot be
recovered from a backup
The software automatically switches to the sector-by-sector mode when backing up drives with
unrecognized or unsupported file systems (for example, Btrfs). A sector-by-sector backup is possible
for any file system that:
  l is block-based
  l spans a single disk
  l has a standard MBR/GPT partitioning scheme
If the file system does not meet these requirements, the backup fails.
3.0.1  Data Deduplication
In Windows Server 2012 and later, you can enable the Data Deduplication feature for an NTFS
volume. Data Deduplication reduces the used space on the volume by storing duplicate fragments of
the volume`s files only once.
You can back up and recover a data deduplication–enabled volume at a disk level, without limitations.
File-level backup is supported, except when using Acronis VSS Provider. To recover files from a disk
backup, either run a virtual machine from your backup, or mount the backup on a machine running
Windows Server 2012 or later, and then copy the files from the mounted volume.
The Data Deduplication feature of Windows Server is unrelated to the Acronis Backup Deduplication
feature.
334  Activating the account
When an administrator creates an account for you, an email message is sent to your email address.
The message contains the following information:
  l Your login. This is the user name that you use to log in. Your login is also shown on the account
activation page.
  l Account activation button. Click the button and set the password for the account. Ensure that
your password is at least nine characters long.
If your administrator has enabled two-factor authentication, you will be prompted to set up two-
factor authentication for your account.
4.1  Two-factor authentication
Two-factor authentication provides extra protection from unauthorized access to your account.
When two-factor authentication is set up, you are required to enter your password (the first factor)
and a one-time code (the second factor) to log in to the service console. The one-time code is
generated by a special application that must be installed on your mobile phone or another device
that belongs to you. Even if someone finds out your login and password, they still will not be able to
login without access to your second-factor device.
The one-time code is generated based on the device`s current time and the secret provided by the
Cyber Protection service as the QR code or alphanumeric code. During the first login, you need to
enter this secret to the authentication application.
To set up two-factor authentication for your account
 1. Choose the second-factor device.
Most commonly it is a mobile phone, but you can also use a tablet, laptop, or desktop.
 2. Ensure that the device time settings are correct and reflect the actual current time. Ensure that the
device locks itself after a period of inactivity.
 3. Install the authentication application on the device. The recommended applications are Google
Authenticator or Microsoft Authenticator.
 4. Go to the service console login page and set your password.
The service console shows the QR code and the alphanumeric code.
 5. Save the QR code and the alphanumeric code in any convenient way (such as, print out the screen,
write down the code, or save the screenshot in cloud storage). If you lose the second-factor
device, you will be able to reset the two-factor authentication by using these codes.
 6. Open the authentication application, and then do one of the following:
  l Scan the QR code
  l Manually enter the alphanumeric code to the application
The authentication application generates a one-time code. A new code will be generated every 30
seconds.
 7. Return to the service console login page and enter the generated code.
34A one-time code is valid for 30 seconds. If you wait longer than 30 seconds, use the next
generated code.
When logging in the next time, you can select the checkbox Trust this browser…. If you do this, the
one-time code will not be required when you log in by using this browser on this machine.
4.1.1  What if…
…I lost the second-factor device?
If you have a trusted browser, you will be able to log in by using this browser. Nevertheless, when you
have a new device, repeat steps 1-3 and 6-7 of the above procedure by using the new device and the
saved QR code or alphanumeric code.
If you have not saved the code, ask the administrator or service provider to reset the two-factor
authentication for your account, and then repeat steps 1-3 and 6-7 of the above procedure by using
the new device.
…I want to change the second-factor device?
When logging in, click the Reset two-factor authentication settings link, confirm the operation
by entering the one-time code, and then repeat the above procedure by using the new device.
355  Accessing the Cyber Protection service
You can log in to the Cyber Protection service if you activated your account.
To log in to the Cyber Protection service
 1. Go to the Cyber Protection service login page. The login page address was included in the
activation email message.
 2. Type the login, and then click Next.
 3. Type the password, and then click Next.
 4. If you have the administrator role in the Cyber Protection service, click Cyber Protection.
Users who do not have the administrator role log in directly to the service console.
The timeout period for the service console is 24 hours for active sessions and 1 hour for idle sessions.
To reset your password
 1. Go to the Cyber Protection service login page.
 2. Type your login, and then click Next.
 3. Click Forgot password?
 4. Confirm that you want further instructions by clicking Send.
 5. Follow the instructions in the email that you have received.
 6. Set up your new password. Ensure that your password is at least eight characters long.
You can change the language of the web interface by clicking the account icon in the top-right corner.
If Cyber Protection is not the only service you are subscribed to, you can switch between the
services by using the icon in the top-right corner. Administrators can also use this icon for
switching to the management portal.
If you are subscribed to any of the Cyber Protection editions, you can send feedback about the
product from the service console. In the left navigation menu, click Send feedback, fill in the fields,
attach files (if any) and click Send.
366  Installing the software
6.1  Which agent do I need?
Selecting an agent depends on what you are going to back up. The table below summarizes the
information, to help you decide.
In Windows, Agent for Exchange, Agent for SQL, Agent for Active Directory, and Agent for Oracle
require that Agent for Windows is also installed. Thus, if you install, for example, Agent for SQL, you
also will be able to back up the entire machine where the agent is installed.
It is recommended to install Agent for Windows when you install also Agent for VMware (Windows)
and Agent for Hyper-V.
In Linux, Agent for Oracle and Agent for Virtuozzo require that Agent for Linux (64-bit) is also
installed. These three agents share one installer.
What are you going to
back up?
Which agent
to install?
Where to install it?
Physical machines
Physical machines
running Windows
Agent for
Windows
On the machine that will be backed up.
Physical machines
running Linux
Agent for Linux
Physical machines
running macOS
Agent for Mac
Applications
SQL databases Agent for SQL On the machine running Microsoft SQL Server.
Exchange databases Agent for
Exchange
On the machine running the Mailbox role of Microsoft
Exchange Server.*
Microsoft Office 365
mailboxes
Agent for
Office 365
On a Windows machine that is connected to the Internet.
Depending on the desired functionality, you may or may not
need to install Agent for Office 365. For more information,
refer to “Protecting Office 365 data”.
Microsoft Office 365
OneDrive files and
SharePoint Online sites
— This data can be backed up only by an agent that is installed
in the cloud. For more information, refer to “Protecting Office
365 data”.
G Suite Gmail mailboxes,
Google Drive files, and
Shared drive files
— This data can be backed up only by an agent that is installed
in the cloud. For more information, refer to “Protecting G
Suite”.
37Machines running Active
Directory Domain
Services
Agent for
Active
Directory
On the domain controller.
Machines running Oracle
Database
Agent for
Oracle
On the machine running Oracle Database.
Virtual machines
VMware ESXi virtual
machines
Agent for
VMware
(Windows)
On a Windows machine that has network access to vCenter
Server and to the virtual machine storage.**
Agent for
VMware
(Virtual
Appliance)
On the ESXi host.
Hyper-V virtual machines Agent for
Hyper-V
On the Hyper-V host.
Virtuozzo virtual
machines and
containers***
Agent for
Virtuozzo
On the Virtuozzo host.
Virtuozzo Hybrid
Infrastructure virtual
machines
Agent for
Virtuozzo
Hybrid
Infrastructure
On the Virtuozzo Hybrid Infrastructure host.
Virtual machines hosted
on Amazon EC2
The same as
for physical
machines****
On the machine that will be backed up.
Virtual machines hosted
on Windows Azure
Citrix XenServer virtual
machines
Red Hat Virtualization
(RHV/RHEV)
Kernel-based Virtual
Machines (KVM)
Oracle virtual machines
Nutanix AHV virtual
machines
Mobile devices
Mobile devices running Mobile app for On the mobile device that will be backed up.
38Android Android
Mobile devices running
iOS
Mobile app for
iOS
*During the installation, Agent for Exchange checks for enough free space on the machine where it
will run. Free space equal to 15 percent of the biggest Exchange database is temporarily needed
during a granular recovery.
**If your ESXi uses a SAN attached storage, install the agent on a machine connected to the same
SAN. The agent will back up the virtual machines directly from the storage rather than via the ESXi
host and LAN. For detailed instructions, refer to “Agent for VMware – LAN-free backup”.
***For Virtuozzo 7, only ploop containers are supported. Virtual machines are not supported.
****A virtual machine is considered virtual if it is backed up by an external agent. If an agent is
installed in the guest system, the backup and recovery operations are the same as with a physical
machine. Nevertheless, the machine is counted as virtual when you set quotas for the number of
machines.
6.1.1  Disk space requirements for agents
Agent Disk space required for installation
Agent for Windows 1.2 GB
Agent for Linux 2 GB
Agent for Mac 900 MB
Agent for SQL and Agent for Windows 1.2 GB
Agent for Exchange and Agent for Windows 1.3 GB
Agent for Office 365 500 MB
Agent for Active Directory and Agent for Windows 2 GB
Agent for VMware and Agent for Windows 1.5 GB
Agent for Hyper-V and Agent for Windows 1.5 GB
Agent for Virtuozzo and Agent for Linux 1 GB
Agent for Virtuozzo Hybrid Infrastructure 700 MB
Agent for Oracle and Agent for Windows 2.2 GB
Agent for Oracle and Agent for Linux 2 GB
39Backup operations require about 1 GB of RAM per 1 TB of archive size. The memory consumption
may vary, depending on the amount and type of data being processed by the agents
Bootable media or a disk recovery with a reboot requires at least 1 GB of memory.
6.2  Preparation
6.2.1  Step 1
Choose an agent, depending on what you are going to back up. For more information on the possible
choices, refer to Which agent do I need?
6.2.2  Step 2
Ensure that there is enough free space on your hard drive to install an agent. For detailed information
about the required space, refer to Disk space requirements for agents.
6.2.3  Step 3
Download the setup program. To find the download links, click All devices > Add.
The Add devices page provides web installers for each agent that is installed in Windows. A web
installer is a small executable file that downloads the main setup program from the Internet and
saves it as a temporary file. This file is deleted immediately after the installation.
If you want to store the setup programs locally, download a package containing all agents for
installation in Windows by using the link at the bottom of the Add devices page. Both 32-bit and 64-
bit packages are available. These packages enable you to customize the list of components to install.
These packages also enable unattended installation, for example, via Group Policy. This advanced
scenario is described in Deploying agents through Group Policy.
To download Agent for Office 365 setup program, click the account icon in the top-right corner, and
then click Downloads > Agent for Office 365.
Installation in Linux and macOS is performed from ordinary setup programs.
All setup programs require an Internet connection to register the machine in the Cyber Protection
service. If there is no Internet connection, the installation will fail.
6.2.4  Step 4
Cyber Protect features require Microsoft Visual C++ 2017 Redistributable. Please ensure that it is
already installed on your machine or install it before installing the agent. After the installation of
Microsoft Visual C++, a restart may be required. You can find the Microsoft Visual C++ Redistributable
package here https://support.microsoft.com/help/2999226/update-for-universal-c-runtime-in-
windows.
406.2.5  Step 5
Verify that your firewalls and other components of your network security system (such as a proxy
sever) allow both inbound and outbound connections through the following TCP ports.
  l 443 and 8443 These ports are used for accessing the service console, registering the agents,
downloading the certificates, user authorization, and downloading files from the cloud storage.
  l 7770…7800 The agents use these ports to communicate with the backup management server.
  l 44445 and 55556 The agents use these ports for data transfer during backup and recovery.
If a proxy server is enabled in your network, refer to the “Proxy server settings” section to understand
whether you need to configure these settings on each machine that runs a protection agent.
The minimum Internet connection speed required for managing an agent from the cloud is 1 Mbit/s
(not to be confused with the data transfer rate acceptable for backing up to the cloud). Consider this
if you use a low-bandwidth connection technology such as ADSL.
TCP ports required for backup and replication of VMware virtual machines
  l TCP 443 Agent for VMware (both Windows and Virtual Appliance) connects to this port on the ESXi
host/vCenter server to perform VM management operations, such as create, update, and delete
VMs on vSphere during backup, recovery, and VM replication operations.
  l TCP 902 Agent for VMware (both Windows and Virtual Appliance) connects to this port on the ESXi
host to establish NFC connections to read/write data on VM disks during backup, recovery, and VM
replication operations.
  l TCP 3333 If the Agent for VMware (Virtual Appliance) is running on the ESXi host/cluster that is the
target for VM replication, VM replication traffic does not go directly to the ESXi host on port 902.
Instead, the traffic goes from the source Agent for VMware to TCP port 3333 on the Agent for
VMware (Virtual Appliance) located on the target ESXi host/cluster.
The source Agent for VMware that reads data from the original VM disks can be anywhere else and
can be of any type: Virtual Appliance or Windows.
The service that is responsible for accepting VM replication data on the target Agent for VMware
(Virtual Appliance) is called “Replica disk server.” This service is responsible for the WAN
optimization techniques, such as traffic compression and deduplication during VM replication,
including replica seeding (see Seeding an initial replica). When no Agent for VMware (Virtual
Appliance) is running on the target ESXi host, this service is not available, and therefore the replica
seeding scenario is not supported.
6.2.6  Step 6
On the machine where you plan to install the Cyber Protection agent, verify that the following local
ports are not in use by other processes.
  l 127.0.0.1:9999
  l 127.0.0.1:43234
41  l 127.0.0.1:9850
Note
You do not have to open them in the Firewall.
The Active Protection service is listening at TCP port 6109. Verify that it is not in use by another
process.
Changing the ports used by the Cyber Protection agent
Some of the ports required by the Cyber Protection agent might be in use by other applications in
your environment. To avoid conflicts, you can change the default ports used by the Cyber Protection
agent by modifying the following files.
  l In Linux: /opt/Acronis/etc/aakore.yaml
  l In Windows: ProgramDataAcronisAgentetcaakore.yaml
6.3  Linux packages
To add the necessary modules to the Linux kernel, the setup program needs the following Linux
packages:
  l The package with kernel headers or sources. The package version must match the kernel version.
  l The GNU Compiler Collection (GCC) compiler system. The GCC version must be the one with which
the kernel was compiled.
  l The Make tool.
  l The Perl interpreter.
  l The libelf-dev, libelf-devel, or elfutils-libelf-devel libraries for building kernels starting
with 4.15 and configured with CONFIG_UNWINDER_ORC=y. For some distributions, such as
Fedora 28, they need to be installed separately from kernel headers.
The names of these packages vary depending on your Linux distribution.
In Red Hat Enterprise Linux, CentOS, and Fedora, the packages normally will be installed by the setup
program. In other distributions, you need to install the packages if they are not installed or do not
have the required versions.
6.3.1  Are the required packages already installed?
To check whether the packages are already installed, perform these steps:
 1. Run the following command to find

Leave a Comment