This article discusses the functions of the Configure Agent Settings tab of the Datto appliance GUI.
For systems protected by the agentless backup solution, this page will be named Configure System Settings. Its functionality is the same.
- Datto SIRIS
- Datto ALTO
To configure the settings for an agent after pairing it with the device, access the Datto device's GUI, click the Protect tab, choose the protected machine that you want to configure, and click the Configure Agent Settings or Configure System Settings link.
- Reporting & Alerting
- Secure File Restore & Export
- Temporary Troubleshooting Access
- VM Configuration Backup
- VSS Writer Exclusion
- Virtualization Storage Controller
- Virtualization Network Controller
- Virtualization Video Controller
- Virtualization Core Components
- Snapshot Timeout
- Force Differential Merge
- Force Retention
- Repair Agent Communications
- Rename Agent
- Reassign Agentless System
- Archive Agent
- Manage Agent Templates
- Destroy Live Dataset
This option allows administrators to pause local backups; it is of particular use if you are reconfiguring settings and do not want a backup to begin.
If you attempt to enable backups that have been paused by a Rescue Agent, you will see the warning shown in Figure 2.
Pause Cloud Backups / Pause Replication
From this card, you can pause and resume offsite synchronization of locally-stored backups to the cloud. If your Datto appliance is subscribed to a SIRIS Private service plan, you will see a Pause Replication card here instead.
In this section, you set the interval and schedule for local backups. The default is to run hourly backups from 9 am to 6 pm, Monday through Friday, which results in 55 backups per week.
You can change any underlined settings in the UI. To do so, click the option, and you will see a drop-down menu. If you want to keep the same schedule on the weekends, click Monday through Friday, and change it to every day. If you would like a different schedule on the weekends, check the box that says. In addition, Saturday and Sunday backups should be performed at. You will see available times for Saturday and Sunday backups. You must click Apply or Apply to All to save your changes. Apply to All will change the settings for all protected machines.
For a customized schedule, click the Custom settings link.
In the custom schedule, you can select a custom schedule and interval for your backups. To save your changes, click Apply or Apply to All.
The default retention keeps local backups on the device for three months. You can change this by clicking the underlined option.
When retention runs, the default action for a protected system with no changes to its offsite sync or retention policies is to preserve consistent daily points for the last backup of the day both locally and in the cloud.
Figure 6: Local Retention, default settings
By default, intra-daily backups are retained by the Datto solution for seven days. After seven days, your appliance keeps daily backups for one week. After one week, it holds weekly backups for one month. After that, monthly backups will remain for three months.
To set custom retention settings, click the Custom settings link.
To learn more about how retention works, see the article Understanding The Retention Process.
From this card, you can configure replication and retention schedules for snapshots replicated to the Datto Cloud. If your appliance is subscribed to a SIRIS Private service plan, you will see a Replication and Retention Policy card here instead.
By default, Datto appliances send the last point of the day offsite for protected systems with once-daily replication schedules. This schedule ensures that as retention runs, consistent points are retained by your appliance and by the Datto Cloud or, for SIRIS Private plans, your target SIRIS. Since the last point of the day option is also the default schedule for screenshot verification, using this configuration also delivers enhanced visibility about the integrity of the replicated snapshot.
If the last backup of the day fails for a protected system set to a "daily" offsite replication schedule, the appliance will send the latest successful snapshot of the day offsite. If there are no successful backups for the day, your device will not replicate anything to the cloud for that period.
To change the protected system's replication schedule, click the Custom settings link. Remember that offsite replication consumes bandwidth. You can set a sync priority for the agent to determine which agent's backups get sent to the Cloud or to the target SIRIS first.
Remember to click Apply or Apply to All to save your changes.
By default, backups are retained by the Datto Cloud or by your target SIRIS for six months. You can change this setting by clicking the underlined option ("6 months").
Figure 10: Cloud Backup Retention, default
By default, the Cloud or your target SIRIS retain all intra-daily backups for seven days. After that, they keep daily backups for one week. After that, it holds weekly backups for one month. And then after six months, the monthly backups are deleted. To change these settings, click Custom settings.
Figure 11: Cloud Backup Retention, custom
For more details about the retention process, see the article Understanding the Retention Process.
Application Aware VSS w/ STC fallback
This option allows you to pick which backup engine the agent will use for backups. The Datto device will attempt first to do a Microsoft Shadow Copy Provider or Datto Windows Agent VSS backup (depending on the type of agent installed). If this fails, then it will attempt a crash consistent state backup using the Storage Craft (STC) or Datto Backup Driver (DBD) VSS Provider (depending on which agent is installed).
- On ShadowSnap-protected devices, the Application Aware VSS with fallback option will fall back to STC
- On Datto Windows Agent-protected devices, the Application Aware VSS option will fall back to DBD
Application Aware VSS & STC/DBD Backup Engine
The Application Aware VSS setting refers to the use of the VSS provider, which interacts with supported applications to provide backups as the applications are running. Unlike the Microsoft Shadow Copy Provider, the backup provided by the STC or DBD Backup Engine is not application-aware as it only provides a backup equal to that of a crash-consistent state. A crash-consistent state backup is comparable to the state that the system will be following after a hard reboot, such that data in processing may not save properly. To learn more about VSS writers, see this article.
This option allows you to exclude backups on a volume-by-volume basis for the agent.
These options allow you to enable or disable the Integrity Verification and Ransomware Detection features.
The Integrity Verification feature checks the filesystem health of the protected system's backups, verifies the presence of all protected volumes and reports the success of VSS quiescence for the snapshot.
Ransomware Detection tests your backups for signs of ransomware. Enabling this option can help you detect early stages of a ransomware infection and allow intervention before it spreads. If potential ransomware is present, your Datto appliance will send a warning email, so ensure that you monitor your alerts closely.
To learn more about ransomware detection, see this article.
This feature boots and takes a screenshot of specific recovery points created for the protected system. Screenshot verification is your peace of mind that the selected backup will boot successfully in a restore. By default, your Datto appliance will take a screenshot for any point scheduled to be sent offsite. Do not use this option if your Datto appliance does not replicate offsite.
You can also customize this feature to perform screenshots for the first recovery point of the day, last recovery point of the day, or to follow a custom schedule.
During the screenshot process, your Datto appliance will create a locally-hosted screenshot verification VM. It will then attempt to take a screenshot when it detects that the virtualization has booted to the operating system's login screen. If the login screen is not showing in screenshots, increasing the Additional wait time value can allow the system more time to boot fully.
To learn more about configuring screenshot verification, see this article.
Application Verification works in conjunction with Screenshot Verification to analyze the application integrity of a selected snapshot by detecting that specified applications have started correctly.
If enabled, Application Verification will run during the protected system's screenshot verification process. It will wait until the screenshot VM enters a ready state, and then check the virtualization to ensure that the applications you select here are started and in a ready state. The results of this check will report on the Manage Recovery Points page.
To learn more about Application Verification, see this article.
The Service Verification feature works in conjunction with Screenshot Verification to analyze the service integrity of a selected snapshot by detecting that specified services have started correctly.
From the Service Verification configuration panel, you can choose one or more services that the Datto appliance detects on the production machine for testing during the screenshot verification process. Your Datto appliance will wait until the screenshot VM enters a ready state, and then check the virtualization to ensure that the services you selected here are started and in a ready state. The results of this check will appear on the Manage Recovery Points page.
To learn more about Service Verification, see this article.
This feature allows you to use scripts to perform advanced verification of the quality of your backup. For example, a script could open a SQL Server database and validate that a particular table existed. At the schedule defined, the system will execute your scripts in the order they are uploaded below and return positive or negative results. If a script returns a negative result, this will trigger a warning notice.
To learn more about configuring backup verification scripts, see this article.
This feature allows you to configure email alerting for your Datto appliance. You can subscribe to notifications for screenshot verification testing, weekly backup reports and warnings, critical errors, and log digests on an individual basis.
To learn more about configuring Alert, Warning, and Log Digest emails, see this article.
Screenshot Error Threshold
This reporting feature will send you a notification error email if screenshot verification does not occur for the selected system within a designated number of hours. Setting a threshold of '0' will disable the alert.
To learn more about configuring Alert, Warning, and Log Digest emails, see this article.
Ensures that file restores and VMDK/VHD exports mounted on the Datto appliance are not accessible to anyone else on the local network. The dropdown box lists available users that can be given access to the appliance's SMB shares to access its restore data. You can add users through the Local Users page of the appliance UI.
Temporary Troubleshooting Access
If the selected system uses backup encryption, enabling temporary troubleshooting access will unseal the dataset for a period of six hours, allowing a technician to perform operations on the Datto appliance such as restores and reboots without the need to know the encryption passphrase or to have an authorized keyholder enter it for each restore or reboot operation.
Figure 23: Enabling Temporary Troubleshooting Access (click to enlarge)
For security purposes, the Temporary Troubleshooting Access option will only appear when accessing the Datto appliance's GUI through the Partner Portal; the option will not appear when logging into the device locally.
To learn more about this feature, see our SIRIS, ALTO, and NAS: Temporary Troubleshooting Access article. For more information about backup encryption, see Getting Started With Backup Encryption.
VM Configuration Backup
This feature, available only for virtual systems protected by the Datto Windows Agent, allows you to back up the VMX file of VMware-hosted virtual machines which are leveraging agent-based backups. This feature is enabled by default; to toggle it on or off, check or clear the Backup VM configuration file box.
This feature allows you to exclude specific VSS writers from being used by the Datto appliance during the agent's backup. See this article for more information about excluding VSS writers.
This setting changes the storage controller to use when virtualizing the protected system in VirtualBox, KVM, or ESXi. AHCI SATA is the default setting because the Datto device injects this SATA Controller driver into the boot configuration of the backup.
This option selects the type of NIC driver to use in the virtual environment. Useful during disaster recovery situations, you can also leverage this feature to test the network functionality of a backup VM. Options are available for VirtualBox, KVM, and ESXi virtualization.
This option allows you to choose between the default VGA driver and the legacy Cirrus video driver on Ubuntu 16.04 devices running the KVM virtualization platform.
This option helps to determine the use of USB or PS/2 drivers for the mouse and keyboard in the virtual environment.
The default is Modern Virtualization Environment, which uses drivers for the virtual USB mouse and keyboard. The Legacy Virtualization Environment uses drivers for the virtual PS/2 mouse and keyboard.
If a virtual machine experiences trouble with control of the keyboard or mouse, stop the VM and switch to the Legacy Virtualization Environment.
See this article for more information regarding configuring virtualization options.
The snapshot timeout option determines the time allotted to the Volume Shadow Copy service before it times out. The default setting is 15 minutes. If an agent requires more than 15 minutes for VSS to return information, then there is usually an issue with communications between one or more of the agent services on the protected machine and the appliance. There may also be an issue with the backup agent software installation or a problem with the protected system. You can learn more about this feature here.
Figure 31: Force Differential Merge (click to enlarge)
Forcing a differential merge forces a re-association of backup increments. With this option selected, the agent's next backup traverses all protected volumes, and only create a backup consisting of the changes since the last backup. It will take the time of a full backup, but it will not take the space of a full backup. See this article for additional information about forcing a differential merge.
Clicking the Force Retention button immediately applies the device's retention policies for the agent to its local backups. Learn more here.
Clicking the Repair Agent Communications button instructs the Datto appliance to attempt to recreate the secure key pair between the agent and the device. Doing so can fix common agent communication errors. You can find more information about this feature here.
The Rename Agent feature allows an operator to change the IP address or FQDN that a Datto appliance uses to connect to a protected system. This option is useful in situations where a protected system has a new IP address or hostname. Learn more here.
Reassign Agentless System (agentless systems only)
If an agentless system has migrated to a new host, you will need to update the connection information that the Datto appliance uses to reach the protected system if you wish to continue its backups. Clicking Reassign System will cause your Datto appliance to audit all of its configured hypervisor connections for available virtual machines, and allow you to select the new host from a list of the systems it detects.
The Archive Agent feature allows an operator to convert an agent's backup chain to a read-only archive, stopping future backups from being written to it, and permitting the protected system to (optionally) re-protect the agent with the Datto appliance to start a new backup chain. Use the archive agent feature when you no longer wish to continue writing backups to a specific dataset, but you would like to preserve the agent's data locally for future use.
Archived agents count against the device's total agent limit. See the Archived Agent article for more information.
Any offsite data for archived agents will count against your appliance's total offsite data quota. Any device on per-agent billing will continue to be billed for the archived dataset until you delete the agent locally and offsite.
You can control the display of archived agents on the Protect tab of the Datto appliance GUI by using the Hide / Show Archived toggle. Learn more here.
Manage Agent Templates
The Agent Templates feature allows a device operator to save the backup configuration of a protected system to a cloud template and apply it to another protected system on the same appliance or a different appliance. By using templates, an administrator can define standardized and consistent agent configurations, and deploy them to existing and newly-protected systems. See our Cloud Agent Templates article for more information.
This function immediately destroys a backup agent's live dataset from your Datto appliance. It will stop any backups in progress, and delete the agent's live disk images, but it will leave the snapshot chain intact. Using this feature will result in the agent taking a new full backup, which will take up the space of a new full image on the device. Only use this option if this protected machine's disks have been re-sized, or the protected machine's disk image is irreparably corrupt. Review this article before using the Destroy Live Dataset feature.