Deploying Veeam Agent for Mac using Jamf

katiefuller
New Contributor

Hi there,

Looking for instructions on how to install the Veeam Agent for Mac. Veeam doesn't have any instructions they just say to "refer to the documentation of your MDM solution.". Obviously there's nothing in the documentation for how to install the Veeam agent using Jamf.

Can anyone help me out here? Thanks!

Sincerely,

11 REPLIES 11

Hugonaut
Valued Contributor II

I looked into Veeam & I remember the setup requiring a bit of work, below is a few workflows from Veeam. I recommend reaching out to Veeam Sales & Requesting a meeting with Veeam Engineers & they can provide further insight for exactly what you want. Veeam support was awesome & they will help you find a solution for your environment & walk you through the setup.

 

https://helpcenter.veeam.com/docs/backup/agents/deploy_agent_mac.html?ver=110

 

https://helpcenter.veeam.com/docs/agentformac/userguide/installation_and_configuration_mdm.html?ver=...

 

https://helpcenter.veeam.com/docs/agentformac/userguide/appendix_a_deploy_with_any_mdm.html?ver=10

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

Well in their documentation it literally says to...

b) Using a Mobile Device Management solution

Please refer to the user manual of your MDM solution.

Experience tells me I'll get the circle jerk with Jamf and Veeam saying it's the other guys problem.

Hugonaut
Valued Contributor II

Its up to us as Jamf Administrators to implement the product, but there support is great, give it a shot & they will help you get the info you need, You will have to deploy a few things & build them custom but thats what we do as Jamf admins.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

Deleted

Hugonaut
Valued Contributor II

Jamf & 3rd Party Software deployments are a constantly changing game because Apple is always changing the way we have to integrate with macOS. A lot of these 3rd party deployments are hand tailored to your environment & can involve custom built files, plists, configuration profiles, etc. I understand how it can be frustrating but reaching out to Veeam Sales support to arrange a meeting is the best route to go, I also sent you a pm.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

PT
New Contributor

Hello,

I might be late to the party, but here is the solution, please let me know if it works for you.

A. Installation

The installation is performed in the exact same way as you would install any other .pkg via JAMF. If that does not work for you, please provide more details.

 

B. Configuration profile

In order to push VBR config file onto your Mac machines, you need to create a configuration profile:

1. Go to "Configuration Profiles" in JAMF console

2. Click "Add New".

3. Once you are done with filling in general settings, in the ribbon on the left side pick "Application & Custom Settings" - "External Applications":

Source = Custom Schema

Preference Domain = com.veeam.Agent

4. In the "Custom Schema" section click "Add Schema", enter these lines:

 

 

{

"properties": {

"CatchAllConfig": {

"type": "string",

"title": "Config"

}

}

}

 

 

5. In the "Preference Domain Properties" add the contents of xml config file that you got from a VBR protection group "Package" step, example:

 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

plist version="1.0">

<dict>

<key>CatchAllConfig</key>

<string>&lt;ManagementServerConfiguration Version="1" VbrInstallationId=..<I SHORTENED THIS PART>..SelfDiscoveryOptions /&gt;&lt;VbrCatchAllInfo /&gt;&lt;/ManagementServerConfiguration&gt;</string>

</dict>

</plist>

 

 

Your profile for Veeam Agent is ready. Once JAMF distributes it, all recipient machines that have Veeam Agent installed will contact the backup server that is specified in the xml and obtain all required settings.

 

C. Full Disk Access

This is also configured via configuration profiles. It can be either a separate profile, or the same profile that you used to distirbute VBR configuration.

You need "Privacy Preferences Policy Control" section:

Identifier = 'com.veeam.Agent'

Identifier Type = 'Bunlde ID'

Code Requirement:

 

identifier "com.veeam.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = NX3JU8SRVL

 

 

In the "App or Service" section pick "SystemPolicyAllFiles", "Allow", save.

Save the profile. Done. Now you can see the profile on your Mac machines in "Settings" - "Profiles"

This is still relevant in 2024. Works perfectly using the *._escaped.xml .  Hint: after following your example #5 verbatim, cannot stress enough how following your example exactly was our success. Thank you! 

Ok so the escaped.xml

Trying now.

 

dvasquez
Valued Contributor

Hello.

 

Are we supposed to paste the config from the Escaped or the deployment group .xml created with the package from the Veeam config or does it go somewhere else? Thank you!

 

dvasquez
Valued Contributor

I have the items in place and the laptop is not visible in the protection group. 

Agent has been installed. 

Profiles deployed.

Going to restart and go from there. 

Thank you.

dstranathan
Valued Contributor II

I just deployed Veeam 2.2.0.81 on a couple test Macs. Also deployed a TCC/PPPC profile (Full Disk Access), a Notifications profile, a Managed Login Items profile. and the my org's Protection Group config file. Looking good.

Questions

1 I keep seeing escaped.xml  version file mentioned. I was unable to use the escaped.xml - I had to use the normal xml file, otherwise the Mac agent would never register. Why did you need the escaped.xml? Wonder what Im missing?

2 I cant seem to perform on-the-fly backups from the Veeam admin console. The 'Backup now' button is grey.

3 Is a dedicated service account required on the Mac endpoints, or do the jobs run as root without needing a Veeam admin account?