This article discusses the functions of the Configure Agent Settings tab of the Datto appliance GUI.
- Datto SIRIS
- Datto ALTO
To configure the settings for an agent after pairing it with the device, access the Datto device's GUI, click the Protect tab, choose the protected machine that you want to configure, and click the Configure Agent Settings link.
- Reporting & Alerting
- Secure File Restore & Export
- VSS Writer Exclusion
- Share Compatibility Mode
- Virtualization Storage Controller
- Virtualization Network Controller
- Virtualization Video Controller
- Virtualization Core Components
- Snapshot Timeout
- Force Differential Merge
- Force Retention
- Repair Agent Communications
- Rename Agent
- Archive Agent
- Destroy Live Dataset
This option allows administrators to pause local backups. This is of particular use if you are reconfiguring settings and do not want a backup to begin.
Figure 1: Pause Backups interface
If you attempt to enable backups that have been paused by a Rescue Agent, you will see the warning shown in Figure 2.
Figure 2: Rescue agent alert
Pause Cloud Backups
Here, you can pause and resume offsite synchronization of locally-stored backups to the cloud.
Figure 3: Pause Cloud Backups interface
In this section, you set the interval and schedule for local backups. The default is to run hourly backups from 9 am to 6 pm, Monday through Friday, which results in 55 backups per week.
Figure 4: Local Backup Interval and Schedule, default settings
You can change the settings that are underlined in the UI. To do so, click on the setting, and you will see a drop-down menu. If you want to keep the same schedule on the weekends, click Monday through Friday, and change it to every day. If you would like a different schedule on the weekends, check the box that says In addition, Saturday and Sunday backups should be performed at. You will then see available times for Saturday and Sunday backups. You must click Apply or Apply to All to save your changes. Apply to All will change the settings for all protected machines.
For a customized schedule, click the Custom settings link.
Figure 5: Local Backup Interval and Schedule, custom settings
In the custom schedule, you can select a custom schedule and interval for your backups. To save your changes, click Apply or Apply to All.
The default retention keeps local backups on the device for 3 months. You can change this by clicking on the underlined option.
Figure 6: Local Retention, default settings
By default, intra-daily backups are retained for 7 days. After 7 days, it keeps daily backups for 1 week. After 1 week, it keeps weekly backups for 1 month. After that, monthly backups are kept for 3 months.
To set custom retention settings, click on the Custom settings link.
Figure 7: Local retention, custom settings
To learn more about how retention works, see the article Understanding The Retention Process.
Figure 8: Cloud Backup Interval and Schedule, default
By default, your backups replicate to the Datto Cloud once per day. To change this, click the Custom settings link. Remember that offsite replication consumes bandwidth. You can set a sync priority for the agent to determine which agent's backups get sent to the Cloud first.
Figure 9: Cloud Backup Interval and Schedule, custom
Remember to click Apply or Apply to All to save your changes.
By default, backups are kept in the cloud for 6 months. You can change this by clicking the underlined option ("6 months").
Figure 10: Cloud Backup Retention, default
By default, the Cloud retains all intra-daily backups for 7 days. After that, it keeps daily backups for 1 week. After that, it keeps weekly backups for 1 month. And then after 6 months, the monthly backups are deleted. To change these settings, click Custom settings.
Figure 11: Cloud Backup Retention, custom
For more details about the retention process, see the article Understanding The Retention Process.
Application Aware VSS w/ STC fallback
This option allows you to pick which backup engine the agent will use for backups. The Datto device will attempt to first do a Microsoft Shadow Copy Provider or Datto Windows Agent VSS backup (depending on the type of agent installed). If this fails, then it will attempt a crash consistent state backup using the Storage Craft (STC) or Datto Backup Driver (DBD) VSS Provider (depending on which agent is installed).
- On ShadowSnap-protected devices, the Application Aware VSS with fallback option will fall back to STC
- On Datto Windows Agent-protected devices, the Application Aware VSS option will fall back to DBD
Figure 12: Backup Engine interface showing the Datto Window's Agent's engine options
Figure 13: Backup Engine Interface Showing the Datto Windows Agent's fallback to DBD option
Application Aware VSS & STC/DBD Backup Engine
The Application Aware VSS setting refers to the use of the VSS provider. which interacts with supported applications to provide backups as the the applications are running. Unlike the Microsoft Shadow Copy Provider, the backup provided by the STC or DBD Backup Engine is not application-aware as it simply provides a backup equal to that of a crash-consistent state. A crash-consistent state backup can be compared to the state that the system will be in directly after a hard reboot, such that data in processing may not be saved properly. To learn more about VSS writers, see this article.
This option allows you to exclude backups on a volume-by-volume basis for the agent.
Figure 14: Volume Level Backup Control
These options allow you to enable or disable the Integrity Verification and Ransomware Detection features.
The Integrity Verification feature checks the filesystem health of the protected system's backups, verifies the presence of all protected volumes and reports the success of VSS quiescence for the snapshot.
Ransomware Detection tests your backups for signs of ransomware. This can detect early stages of ransomware infection, and allow you to intervene before it spreads. In the event that potential ransomware is found, your Datto appliance will send a warning notice email, so ensure that warning notices are monitored.
To learn more about ransomware detection, see this article.
This feature boots and takes a screenshot of specific recovery points created for the protected system. Screenshot verification is your peace of mind that the selected backup will boot successfully in a restore. By default, your Datto appliance will take a screenshot for the latest recovery point of the day. You can also customize this feature to perform screenshots for the first recovery point of the day, or to follow a custom schedule.
During the screenshot process, your Datto appliance will create a locally-hosted screenshot verification VM. It will then attempt to take a screenshot at the moment it detects the virtualization has booted to operating system's login screen. If the login screen is not showing in screenshots, increasing the Additional wait time value can allow the system more time to boot fully.
To learn more about configuring screenshot verification, see this article.
Application Verification works in conjunction with Screenshot Verification to analyze the application integrity of a selected snapshot by detecting that specified applications have started correctly.
If enabled, Application Verification will run during the protected system's screenshot verification process. It will wait until the screenshot VM enters a ready state, and then check the virtualization to ensure that the applications you select here are started and in a ready state. The results of this check will be reported on the Manage Recovery Points page.
To learn more about Application Verification, see this article.
The Service Verification feature works in conjunction with Screenshot Verification to analyze the service integrity of a selected snapshot by detecting that specified services have started correctly.
From the Service Verification configuration panel, you can select one or more services that the Datto appliance detects on the production machine to be tested during the screenshot verification process. Your Datto appliance will wait until the screenshot VM enters a ready state, and then check the virtualization to ensure that the services you selected here are started and in a ready state. The results of this check will be reported on the Manage Recovery Points page.
To learn more about Service Verification, see this article.
This feature allows you to use scripts allow you to perform advanced verification of the quality of your backup. For example, a script could open a SQL Server database and validate that a particular table existed. At the schedule defined, the system will execute your scripts in the order they are uploaded below and return positive or negative results. In the event that a script returns a negative result, this will trigger a warning notice.
To learn more about configuring backup verification scripts, see this article.
This feature allows you to configure email alerting for your Datto appliance. To learn more about configuring Alert, Warning, and Log Digest emails, see this article.
Screenshot Error Threshold
This reporting feature will send an error email if a screenshot is not being performed within a time window. Setting the error threshold determines how much time is allowed to pass without a screenshot being run for this agent. Setting a threshold of '0' will disable the alert.
To learn more about configuring Alert, Warning, and Log Digest emails, see this article.
Ensures that file restores and VMDK/VHD exports which are mounted on the Datto appliance are not accessible to anyone else on the local network. The dropdown box lists available users that can be given access to the appliance's SMB shares to access restore data. Users are added through the Local Users page of the appliance UI.
Figure 19: Secure File Restore & Export
This feature allows you to exclude specific VSS writers from being used by the Datto appliance during the agent's backup. See this article for more information about excluding VSS writers.
Enabling this option makes a tradeoff between security and compatibility. Selecting this feature changes the SIRIS Samba share to be persistent and available on the LAN. In some legacy Domain environments, you may need to enable this option to successfully transfer data across the network on a consistent basis.
Enabling Share Compatibility can resolve many common connectivity issues for older Windows systems. It should only be enabled if you are experiencing network connectivity or transfer errors on the agent page.
This setting changes the Storage Controller to use when virtualizing the protected system in VirtualBox, KVM, or ESXi. AHCI SATA is the default setting, because the SIRIS injects this SATA Controller driver into the boot configuration of the backup.
This option selects the type of NIC driver to use in the virtual environment. This generally is only needed during disaster recovery situations as well as for purposes of testing the network functionality of a backup VM. There are options for VirtualBox, KVM, and ESXi virtualization.
This option allows you to choose between the default VGA driver and the legacy Cirrus video driver on Ubuntu 16.04 devices running the KVM virtualization platform.
This option helps to determine the use of USB or PS/2 drivers for the mouse and keyboard in the virtual environment.
The default is Modern Virtualization Environment, which uses drivers for the virtual USB mouse and keyboard. The Legacy Virtualization Environment uses drivers for the virtual PS/2 mouse and keyboard.
If a virtual machine experiences trouble with control of the keyboard or mouse, stop the VM, and switch to the Legacy Virtualization Environment.
See this article for more information regarding configuring virtualization options.
The snapshot timeout option determines the time allotted to the Volume Shadow Copy service before it times out. The default setting is set to 15 minutes. If an agent requires more than 15 minutes for VSS to return information to the SIRIS, then there is usually an issue with communications between one or more of the agent services on the protected machine and the SIRIS. There may also be an issue with the backup agent software installation, or a problem with the protected machine. You can learn more about this feature here.
Forcing a differential merge forces a re-association of backup increments. With this option selected, the agent's next backup traverses all protected volumes, and only create a backup consisting of the changes since the last backup. It will take the time of a full backup, but it will not take the space of a full backup. See this article for additional information about forcing a differential merge.
Clicking the Force Retention button immediately applies the device's retention policies for the agent to its local backups. Learn more here.
Clicking the Repair Agent Communications button instructs the Datto appliance to attempt to recreate the secure key pair between the agent and the device. This can fix common agent communication errors. You can find more information about this feature here.
The Agent Rename feature allows an operator to change the IP address or FQDN that a Datto appliance uses to connect to a protected system. This is useful in situations where a protected system has a new IP address or hostname. Learn more here.
The Archive Agent feature allows an operator to convert an agent's backup chain to a read-only archive, stopping future backups from being written to it, and permitting the protected system to (optionally) re-pair with the Datto appliance to start a new backup chain. Archived datasets count against device agent limits, and any offsite data for the archived agent will count against your appliance's total offsite data quota. Any device on per-agent billing will continue to be billed for the archived dataset until you delete the agent locally and offsite.
You can control the display of archived agents on the Protect tab of the Datto appliance GUI by using the Hide / Show Archived toggle. Learn more here.
This function immediately destroys a backup agent's live dataset from your Datto appliance. It will stop any backups in progress, and delete the agent's live disk images, but it will leave the snapshot chain intact. Using this feature will result in the agent taking a new full backup, which will take up the space of a new full image on the device. Only use this option if this protected machine's disks have been re-sized or the protected machine's disk image is irreparably corrupt. Review this article before using the Destroy Live Dataset feature.