Acronis Cyber Protect Cloud - Implementation Guide

Acronis Cyber Protect Cloud - Implementation Guide

1. Which agent do I need?

Selecting an agent depends on what you are going to back up. The table below summarizes the information, to help you decide.

In Windows, Agent for Exchange, Agent for SQL, Agent for Active Directory, and Agent for Oracle require that Agent for Windows is also installed. Thus, if you install, for example, Agent for SQL, you also will be able to back up the entire machine where the agent is installed.

It is recommended to install Agent for Windows when you install also Agent for VMware (Windows) and Agent for Hyper-V.

In Linux, Agent for Oracle and Agent for Virtuozzo require that Agent for Linux (64-bit) is also installed. These three agents share one installer.

What are you going to back up?Which agent to install?Where to install it?

Physical machines

Physical machines running WindowsAgent for WindowsOn the machine that will be backed up.
Physical machines running LinuxAgent for Linux
Physical machines running macOSAgent for Mac

Applications

SQL databasesAgent for SQLOn the machine running Microsoft SQL Server.
Exchange databasesAgent for ExchangeOn the machine running the Mailbox role of Microsoft Exchange Server.*
Microsoft 365 mailboxesAgent for Microsoft 365

On a Windows machine that is connected to the Internet.

Depending on the desired functionality, you may or may not need to install Agent for Microsoft 365. For more information, refer to "Protecting Microsoft 365 data".

Microsoft 365 OneDrive files and SharePoint Online sites

This data can be backed up only by an agent that is installed in the cloud. For more information, refer to "Protecting Microsoft 365 data".
Google Workspace Gmail mailboxes, Google Drive files, and Shared drive files

This data can be backed up only by an agent that is installed in the cloud. For more information, refer to "Protecting Google Workspace".
Machines running Active Directory Domain ServicesAgent for Active DirectoryOn the domain controller.
Machines running Oracle DatabaseAgent for OracleOn the machine running Oracle Database.

Virtual machines

VMware ESXi virtual machinesAgent for VMware (Windows)On a Windows machine that has network access to vCenter Server and to the virtual machine storage.**
Agent for VMware (Virtual Appliance)On the ESXi host.
Hyper-V virtual machinesAgent for Hyper-VOn the Hyper-V host.
Scale Computing HC3 virtual machinesAgent for Scale Computing HC3
(Virtual Appliance)		On the Scale Computing HC3 host.
Red Hat Virtualization virtual machines (managed by oVirt)Agent for oVirt (Virtual Appliance)On the Red Hat Virtualization host.
Virtuozzo virtual machines and containers***Agent for VirtuozzoOn the Virtuozzo host.
Virtuozzo Hybrid Infrastructure virtual machinesAgent for Virtuozzo Hybrid InfrastructureOn the Virtuozzo Hybrid Infrastructure host.
Virtual machines hosted on Amazon EC2The same as for physical machines****On the machine that will be backed up.
Virtual machines hosted on Windows Azure
Citrix XenServer virtual machines
Red Hat Virtualization (RHV/RHEV)
Kernel-based Virtual Machines (KVM)
Oracle virtual machines
Nutanix AHV virtual machines

Mobile devices

Mobile devices running AndroidMobile app for AndroidOn the mobile device that will be backed up.
Mobile devices running iOSMobile app for iOS

*During the installation, Agent for Exchange checks for enough free space on the machine where it will run. Free space equal to 15 percent of the biggest Exchange database is temporarily needed during a granular recovery.

**If your ESXi uses a SAN attached storage, install the agent on a machine connected to the same SAN. The agent will back up the virtual machines directly from the storage rather than via the ESXi host and LAN. For detailed instructions, refer to "Agent for VMware - LAN-free backup".

***For Virtuozzo 7, only ploop containers are supported. Virtual machines are not supported.

****A virtual machine is considered virtual if it is backed up by an external agent. If an agent is installed in the guest system, the backup and recovery operations are the same as with a physical machine. Nevertheless, if Cyber Protection can identify a virtual machine by using the CPUID instruction, a virtual machine service quota is assigned to it. If you use direct passthrough or another option that masks the CPU manufacturer ID, only service quotas for physical machines can be assigned.



2. Downloading Cyber Protection agents

Before you install an agent, you must download its installation file from the service console.

To download an agent while adding a workload to protect

  1. In the Cyber Protection console, navigate to Devices > All devices.
  2. In the upper right, click Add device.

  3. In the Add devices panel, from the Release channel drop-down menu, select an agent version.

    • Previous release - download the agent version from the previous release.
    • Current - download the latest available agent version.
  4. Select the agent that corresponds to the operating system of the workload that you are adding.

    The Save As dialog opens.

  5. Select a location to save the agent installation file and click Save.

To download an agent for later use

  1. In the upper right corner of the Cyber Protection console, click the User icon.
  2. Click Downloads.

  3. In the Downloads dialog, from the Release channel drop-down menu, select an agent version.

    • Previous release - download the agent version from the previous release.
    • Current - download the latest available agent version.
  4. Scroll the list of available installers to locate the agent installer that you need and click the download icon at the end of its row.

    The Save As dialog opens.

  5. Select a location to save the agent installation file and click Save.

3. Installing Cyber Protection agents 


      In Windows

Prerequisites

Download the agent that you need on the machine that you plan to protect. See Downloading Cyber Protection agents.

To install Agent for Windows

  1. Ensure that the machine is connected to the Internet.
  2. Log on as an administrator and start the installer.

  3. [Optional] Click Customize installation settings and make the appropriate changes if you want:

    • To change the components to install (for example, to disable the installation of Cyber Protection Monitor or the Command-Line Tool, or to install the Agent for Antimalware protection and URL filtering).
      On Windows machines, the antimalware protection and URL filtering features require the installation of Agent for Antimalware protection and URL filtering. It will be installed automatically for protected workloads if the Antivirus & Antimalware protection or the URL filtering module is enabled in their protection plans.
    • To change the method of registering the machine in the Cyber Protection service. You can switch from Use service console (default) to Use credentials or Use registration token.
    • To change the installation path.
    • To change the user account under which the agent service will run. For details, refer to "Changing the logon account on Windows machines".
    • To verify or change the proxy server host name/IP address, port, and credentials. If a proxy server is enabled in Windows, it is detected and used automatically.
  4. Click Install.
  5. [Only when installing Agent for VMware] Specify the address and access credentials for the vCenter Server or stand-alone ESXi host whose virtual machines the agent will back up, and then click Done. We recommend using an account that has the Administrator role assigned. Otherwise, provide an account with the necessary privileges on the vCenter Server or ESXi.
  6. [Only when installing on a domain controller] Specify the user account under which the agent service will run, and then click Done. For security reasons, the setup program does not automatically create new accounts on a domain controller.
  7. If you kept the default registration method Use service console in step 3, wait until the registration screen appears, and then proceed to the next step. Otherwise, no more actions are required.

  8. Do one of the following:

    • Click Register the machine. In the opened browser window, sign in to the service console, review the registration details, and then click Confirm registration.

    • Click Show registration info. The setup program shows the registration link and the registration code. You can copy them and perform the registration steps on a different machine. In this case, you will need to enter the registration code in the registration form. The registration code is valid for one hour.

      Alternatively, you can access the registration form by clicking All devices > Add, scrolling down to Registration via code, and then clicking Register.

      Do not quit the setup program until you confirm the registration. To initiate the registration again, you will have to restart the setup program and repeat the installation procedure.

      As a result, the machine will be assigned to the account that was used to log in to the service console.

    • Register the machine manually by using the command line. For more information on how to do this, refer to "Registering machines manually".

  9. [If the agent is registered under an account whose tenant is in the Enhanced security mode] Set the encryption password.


      In Linux

Prerequisites

  • Download the agent that you need on the machine that you plan to protect. See Downloading Cyber Protection agents.
  • To install Agent for Linux, you need at least 2 GB of free disk space.

To install Agent for Linux

  1. Ensure that the machine is connected to the Internet.

  2. As the root user, run the installation file.

    If a proxy server is enabled in your network, when running the file, specify the server host name/IP address and port in the following format: --http-proxy-host=ADDRESS --http-proxy-port=PORT --http-proxy-login=LOGIN--http-proxy-password=PASSWORD.

    If you want to change the default method of registering the machine in the Cyber Protection service, run the installation file with one of the following parameters:

    • --register-with-credentials – to ask for a user name and password during the installation
    • --token=STRING – to use a registration token
    • --skip-registration – to skip the registration

  3. Select the check boxes for the agents that you want to install. The following agents are available:

    • Agent for Linux
    • Agent for Virtuozzo
    • Agent for Oracle
  4. If you kept the default registration method in step 2, proceed to the next step. Otherwise, enter the user name and password for the Cyber Protection service, or wait until the machine will be registered by using the token.

  5. Do one of the following:

    • Click Register the machine. In the opened browser window, sign in to the service console, review the registration details, and then click Confirm registration.

    • Click Show registration info. The setup program shows the registration link and the registration code. You can copy them and perform the registration steps on a different machine. In this case, you will need to enter the registration code in the registration form. The registration code is valid for one hour.

      Alternatively, you can access the registration form by clicking All devices > Add, scrolling down to Registration via code, and then clicking Register.

      Do not quit the setup program until you confirm the registration. To initiate the registration again, you will have to restart the setup program and repeat the installation procedure.

      As a result, the machine will be assigned to the account that was used to log in to the service console.

    • Register the machine manually by using the command line. For more information on how to do this, refer to "Registering machines manually".

  1. [If the agent is registered under an account whose tenant is in the Enhanced security mode] Set the encryption password.

  2. If the UEFI Secure Boot is enabled on the machine, you are informed that you need to restart the system after the installation. Be sure to remember what password (the one of the root user or "acronis") should be used.

    The installation generates a new key that is used for signing the kernel modules. You must enroll this new key to the Machine Owner Key (MOK) list by restarting the machine. Without enrolling the new key, your agent will not be operational. If you enable the UEFI Secure Boot after the agent is installed, you need to reinstall the agent.

  3. After the installation completes, do one of the following:

    • Click Restart, if you were prompted to restart the system in the previous step.

      During the system restart, opt for MOK (Machine Owner Key) management, choose Enroll MOK, and then enroll the key by using the password recommended in the previous step.

    • Otherwise, click Exit.

Troubleshooting information is provided in the file: /usr/lib/Acronis/BackupAndRecovery/HOWTO.INSTALL

 

      In macOS

Prerequisites

Download the agent that you need on the machine that you plan to protect. See Downloading Cyber Protection agents.

To install Agent for Mac (x64 or ARM64)

  1. Ensure that the machine is connected to the Internet.
  2. Double-click the installation file (.dmg).
  3. Wait while the operating system mounts the installation disk image.
  4. Double-click Install.
  5. If a proxy server is enabled in your network, click Protection Agent in the menu bar, click Proxy server settings, and then specify the proxy server host name/IP address, port, and credentials.
  6. If prompted, provide administrator credentials.
  7. Click Continue.
  8. Wait until the registration screen appears.

  9. Do one of the following:

    • Click Register the machine. In the opened browser window, sign in to the service console, review the registration details, and then click Confirm registration.

    • Click Show registration info. The setup program shows the registration link and the registration code. You can copy them and perform the registration steps on a different machine. In this case, you will need to enter the registration code in the registration form. The registration code is valid for one hour.

      Alternatively, you can access the registration form by clicking All devices > Add, scrolling down to Registration via code, and then clicking Register.

      Do not quit the setup program until you confirm the registration. To initiate the registration again, you will have to restart the setup program and repeat the installation procedure.

      As a result, the machine will be assigned to the account that was used to log in to the service console.

    • Register the machine manually by using the command line. For more information on how to do this, refer to "Registering machines manually".

  1. [If the agent is registered under an account whose tenant is in the Enhanced security mode] Set the encryption password.

  2. If your macOS version is Mojave 10.14.x or later, grant full disk access to the protection agent to enable backup operations.

    For instructions, see Grant the 'Full Disk Access' permission to the Cyber Protection agent (64657).




    • Related Articles

    • Acronis Cyber Protect Self Installation

          Received activation email but not sure what to do next? We are here to help. Please follow these steps.   Step 1 – Activating and Accessing your Acronis Console   Your activation email should look like this.   Click on “Activate account”. Now you ...

    • Acronis Cyber Cloud: Access Ports and Hostnames

      Agents installed on the managed machines (end-user machines) need to have access to the hostnames/IP addresses and ports listed in this article. Most of Acronis components utilize multiple IP addresses, you can find the exact IPs Acronis agents will ...

    • Acronis Cyber Protect Cloud: services installed with dynamic installation of Antimalware components

      Starting with C21.05 (agent version 15.0.26986), Acronis Cyber Protect Cloud allows dynamic installation and uninstallation of Antimalware components (please see this page for more information). Dynamic installation of antimalware components ...

    • Acronis Cyber Cloud: Access Ports and Hostnames - UAE DC

      Agents installed on the managed machines (end-user machines) need to have access to the hostnames/IP addresses and ports listed in this article. Most of Acronis components utilize multiple IP addresses, you can find the exact IPs Acronis agents will ...

    • Acronis Cyber Protect Cloud: Windows Services and Processes

      Acronis Managed Machine Service is the main service. It can run under a dedicated account or under an account, you specify during installation. Either account is given privileges that are needed for the service to work. The privileges include a set ...