Posted on 08-26-2021 09:04 AM
Hi there,
Looking for instructions on how to install the Veeam Agent for Mac. Veeam doesn't have any instructions they just say to "refer to the documentation of your MDM solution.". Obviously there's nothing in the documentation for how to install the Veeam agent using Jamf.
Can anyone help me out here? Thanks!
Sincerely,
Posted on 08-26-2021 10:03 AM
I looked into Veeam & I remember the setup requiring a bit of work, below is a few workflows from Veeam. I recommend reaching out to Veeam Sales & Requesting a meeting with Veeam Engineers & they can provide further insight for exactly what you want. Veeam support was awesome & they will help you find a solution for your environment & walk you through the setup.
https://helpcenter.veeam.com/docs/backup/agents/deploy_agent_mac.html?ver=110
https://helpcenter.veeam.com/docs/agentformac/userguide/appendix_a_deploy_with_any_mdm.html?ver=10
Posted on 08-26-2021 10:17 AM
Well in their documentation it literally says to...
b) Using a Mobile Device Management solution
Please refer to the user manual of your MDM solution.
Experience tells me I'll get the circle jerk with Jamf and Veeam saying it's the other guys problem.
Posted on 08-26-2021 10:20 AM
Its up to us as Jamf Administrators to implement the product, but there support is great, give it a shot & they will help you get the info you need, You will have to deploy a few things & build them custom but thats what we do as Jamf admins.
08-26-2021 10:41 AM - edited 08-30-2021 07:45 AM
Deleted
Posted on 08-26-2021 10:57 AM
Jamf & 3rd Party Software deployments are a constantly changing game because Apple is always changing the way we have to integrate with macOS. A lot of these 3rd party deployments are hand tailored to your environment & can involve custom built files, plists, configuration profiles, etc. I understand how it can be frustrating but reaching out to Veeam Sales support to arrange a meeting is the best route to go, I also sent you a pm.
09-10-2021 03:17 PM - edited 09-10-2021 03:20 PM
Hello,
I might be late to the party, but here is the solution, please let me know if it works for you.
A. Installation
The installation is performed in the exact same way as you would install any other .pkg via JAMF. If that does not work for you, please provide more details.
B. Configuration profile
In order to push VBR config file onto your Mac machines, you need to create a configuration profile:
1. Go to "Configuration Profiles" in JAMF console
2. Click "Add New".
3. Once you are done with filling in general settings, in the ribbon on the left side pick "Application & Custom Settings" - "External Applications":
Source = Custom Schema
Preference Domain = com.veeam.Agent
4. In the "Custom Schema" section click "Add Schema", enter these lines:
{
"properties": {
"CatchAllConfig": {
"type": "string",
"title": "Config"
}
}
}
5. In the "Preference Domain Properties" add the contents of xml config file that you got from a VBR protection group "Package" step, example:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
plist version="1.0">
<dict>
<key>CatchAllConfig</key>
<string><ManagementServerConfiguration Version="1" VbrInstallationId=..<I SHORTENED THIS PART>..SelfDiscoveryOptions /><VbrCatchAllInfo /></ManagementServerConfiguration></string>
</dict>
</plist>
Your profile for Veeam Agent is ready. Once JAMF distributes it, all recipient machines that have Veeam Agent installed will contact the backup server that is specified in the xml and obtain all required settings.
C. Full Disk Access
This is also configured via configuration profiles. It can be either a separate profile, or the same profile that you used to distirbute VBR configuration.
You need "Privacy Preferences Policy Control" section:
Identifier = 'com.veeam.Agent'
Identifier Type = 'Bunlde ID'
Code Requirement:
identifier "com.veeam.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = NX3JU8SRVL
In the "App or Service" section pick "SystemPolicyAllFiles", "Allow", save.
Save the profile. Done. Now you can see the profile on your Mac machines in "Settings" - "Profiles"
Posted on 07-10-2024 08:10 AM
This is still relevant in 2024. Works perfectly using the *._escaped.xml . Hint: after following your example #5 verbatim, cannot stress enough how following your example exactly was our success. Thank you!
Posted on 07-15-2024 08:03 AM
Ok so the escaped.xml
Trying now.
Posted on 07-15-2024 07:59 AM
Posted on 07-15-2024 08:10 AM
I have the items in place and the laptop is not visible in the protection group.
Agent has been installed.
Profiles deployed.
Going to restart and go from there.
Thank you.
10-23-2024 12:23 PM - edited 10-25-2024 01:56 PM
I just deployed Veeam 2.2.0.81 on a couple test Macs. Also deployed a TCC/PPPC profile (Full Disk Access), a Notifications profile, a Managed Login Items profile. and the my org's Protection Group config file. Looking good.
Questions
1 I keep seeing escaped.xml version file mentioned. I was unable to use the escaped.xml - I had to use the normal xml file, otherwise the Mac agent would never register. Why did you need the escaped.xml? Wonder what Im missing?
2 I cant seem to perform on-the-fly backups from the Veeam admin console. The 'Backup now' button is grey.
3 Is a dedicated service account required on the Mac endpoints, or do the jobs run as root without needing a Veeam admin account?