Veeam

Deploying the Veeam Infrastructure Appliance: A Complete Step-by-Step Guide

Eric Black

Eric Black

β€” 23 min read
Deploying the Veeam v13 Infrastructure Appliance: A Complete Step-by-Step Guide
Veeam Backup & Replication v13

Deploying the Veeam Infrastructure Appliance: A Complete Step-by-Step Guide

πŸ“… March 5, 2026 ⏱ ~20 min read 🏷 VBR v13 Β· JeOS Β· Zero Trust Β· VMware Proxy

Veeam v13 introduces the Veeam Infrastructure Appliance (VIA) β€” a purpose-built, DISA STIG-compliant Linux appliance based on Rocky Linux that deploys backup proxies, hardened repositories, and mount servers without any manual OS hardening required. This guide walks through the full deployment: from booting the JeOS ISO to registering the finished appliance as a VMware proxy in Veeam Backup & Replication.

Background

Overview: VSA vs VIA β€” What's the Difference?

Veeam v13 ships two distinct JeOS-based appliances, both built on Rocky Linux and pre-hardened to DISA STIG standards. They look similar on the surface, but they serve entirely different purposes β€” and it's worth understanding the split before you deploy anything.

Specification VSA Veeam Software Appliance VIA Veeam Infrastructure Appliance
Role Central management plane Edge data plane β€” proxy, repository, or mount server
What runs on it Backup & Replication Server, Enterprise Manager Backup Proxies, Hardened Repositories, Mount Servers
OS base Veeam JeOS (Rocky Linux) Veeam JeOS (Rocky Linux)
Security baseline DISA STIG compliant, TOTP MFA enforced DISA STIG compliant, TOTP MFA enforced
High availability Active-passive HA cluster supported Deployed as standalone resilient nodes

The reason for having two separate appliances comes back to Veeam's Zero Trust Data Resilience (ZTDR) principle: keep the management plane physically and logically separate from the storage plane. If your Backup & Replication server is ever compromised, a properly configured Hardened Repository on a VIA node cannot have its backup data deleted or encrypted β€” they're isolated by design.

This guide covers the VIA deployed as a VMware backup proxy. The wizard flow is identical for a Hardened Repository deployment; the key difference is which option you select at the GRUB boot menu right at the start.

ℹ️ About This Lab Environment

All screenshots in this guide were captured from a live deployment on March 5, 2026. The appliance was deployed with static IP 192.168.1.11, hostname vprx-435bac4a, and registered into a VBR v13 instance running at 192.168.1.7.

Phase 1

Booting the JeOS ISO

Download the Veeam Infrastructure Appliance ISO from the Veeam portal and mount it to your VM or physical server. The ISO bundles the Veeam JeOS installer β€” version 13.0.1.1071 at the time of this guide β€” running on Rocky Linux.

Selecting Your Appliance Type at the GRUB Menu

The very first thing you'll see after booting is a GRUB menu with four options. This is the most consequential decision in the entire process β€” it determines what role the node will serve and how the disks get formatted. You can't change it without reinstalling.

Veeam JeOS GRUB boot menu showing four appliance type options
Fig 1 β€” The Veeam JeOS 13.0.1.1071 GRUB menu. Four boot options are listed. The selection you make here permanently defines the node's role.
?
Which option should you choose?
  • Veeam Infrastructure Appliance β€” The standard option for VMware/Hyper-V proxies and mount servers. This is what we're using in this guide.
  • Veeam Infrastructure Appliance (with iSCSI & NVMe/TCP) β€” Same as above, but with the kernel modules needed for Direct SAN access and hardware snapshot-based backups pre-loaded. Choose this if you're doing SAN-mode backups.
  • Veeam Hardened Repository β€” Formats data disks with XFS and enables the immutability daemons required for WORM storage. Only choose this if the node's sole purpose is an immutable backup repository.
  • UEFI Firmware Settings β€” Drops into the server's BIOS/UEFI setup.

Fresh Install vs. Reinstall

After selecting your appliance type, you'll see two installation mode options:

Veeam JeOS install mode selection β€” Install vs Reinstall
Fig 2 β€” "Install" performs a fully destructive wipe and fresh OS installation. "Reinstall" preserves the backup data partition and reinstalls only the OS β€” intended for disaster recovery scenarios where the OS has failed but the stored backup data is still intact.

For any new deployment, choose Install. The "Reinstall" option exists specifically for Hardened Repository nodes where you need to rebuild a failed OS without losing your stored backup chains on the data partition. It's not relevant here.

After selecting Install, you'll get one more confirmation since this operation is destructive and can't be undone:

Disk wipe confirmation dialog
Fig 3 β€” The final disk-wipe confirmation. This will irreversibly wipe all data on the drives, including any local backups. Double-check that you're looking at the right server console before clicking Yes β€” especially in VM environments where multiple machines can look identical.
⚠️ Confirm the Right Target Before Clicking Yes

There's no undo. It's worth taking an extra moment to confirm the server you're about to wipe is actually the one you intend to deploy the VIA on.

Automated OS Installation

Once confirmed, the installer runs completely hands-off. You'll see the system work through its shutdown and handover sequence as the RAM-based installer environment is discarded and the server boots into the freshly formatted JeOS filesystem:

systemd shutdown cascade during the OS install pivot
Fig 4 β€” The systemd cascade during the OS install pivot. When "Starting Switch Root…" appears, the installer RAM disk has been discarded and the system is now booting from the new JeOS filesystem on disk.
Rocky Linux Veeam Backup Proxy Host 13.0.1.1071 installation environment setup screen
Fig 5 β€” The Rocky Linux installer (provided by Veeam) setting up the installation environment. This part runs entirely automated β€” no interaction needed.

When the installation finishes, the server reboots and immediately launches the configuration wizard at the terminal. Don't walk away β€” it's waiting for input.

Phase 2

The Configuration Wizard

The wizard is a terminal-based (TUI) interface that steps through six sequential tasks. A few of these settings cannot be changed after the fact without a full reinstall, so it's worth reading through this section before you start.

  • Step 1

    Accept the license agreement

  • Step 2

    Set the hostname β€” this becomes the TLS certificate anchor and cannot be changed later

  • Step 3

    Configure network interfaces β€” static IP, optional NIC bonding

  • Step 4

    Set the time zone and NTP servers β€” critical for MFA to work

  • Step 5

    Create the Host Administrator account and enroll TOTP MFA

  • Step 6

    Configure the Security Officer account β€” also a one-time opportunity

ℹ️ TUI Navigation Note

Use arrow keys and Tab to move between fields. Enter confirms a selection. You may notice the wizard title bar is inconsistent across screens β€” you'll see "Initial Configuration Wizard," "Host Configuration Wizard," and "Startup Wizard" depending on the step. These are all part of the same first-boot flow.

Step 1 β€” License Agreement

License acceptance screen
Fig 6 β€” The License screen. It lists four documents: Veeam EULA, Veeam Licensing Policy, License Agreements of 3rd party components, and License Agreements of required software. You can press Enter on any of the bracketed links to read the full text. Navigate to [Accept] and press Enter to continue.

Step 2 β€” Hostname

Hostname entry step
Fig 7 β€” The Hostname step. A randomized identifier is pre-populated (here: vprx-435bac4a). Replace it with whatever permanent name you want this node to have β€” an FQDN is preferred in production.
⚠️ Set the Right Hostname β€” You Cannot Change It Later

This isn't an exaggeration. The hostname you enter here is immediately used by the system's OpenSSL library to generate the self-signed TLS certificates for both the Host Management Console (port 10443) and the certificate-based pairing with the VBR server. If you change the hostname after deployment, those certificates become invalid β€” all existing management server connectivity breaks, and you'll need to manually re-pair everything from scratch. Use a stable, permanent identifier from the start rather than accepting the randomized default.

Step 3 β€” Network Configuration

eth0 network settings
Fig 8 β€” The eth0 settings panel. In this deployment, the interface is assigned a static IPv4 address of 192.168.1.11 with a /24 subnet mask (255.255.255.0). Gateway and DNS fields are visible but not populated in this particular environment.

Always use a static IP address in production. DHCP technically works, but the appliance's TLS certificate and VBR server pairing are both tied to the IP β€” a DHCP lease change would break connectivity.

πŸ’‘ NIC Bonding Is Supported

If you need redundancy or throughput aggregation, the wizard supports NIC bonding. 802.3ad (LACP) gives you real bandwidth aggregation but requires matching configuration on the upstream switch. Adaptive Load Balancing (ALB) requires no switch changes at all, making it the easier option when you don't control the network infrastructure. One important note: bond architectures set here are very difficult to modify through the Web UI after the fact, so plan your network layout before you start the wizard.

Step 4 β€” Time Zone and NTP

Time zone and NTP configuration
Fig 9 β€” The Time step. This deployment uses Etc/UTC with time.nist.gov as the NTP source (iburst maxpoll 16). The current time reads Thu Mar 05 14:43:10 UTC 2026. A [Sync] button lets you force an immediate sync before continuing.
⚠️ NTP Is Not Optional β€” It Directly Affects Whether MFA Works

The MFA system you'll configure in the next step is TOTP-based, meaning it generates time-synchronized one-time codes. If the appliance clock drifts significantly relative to the admin's authenticator app, the tokens won't match and authentication fails. Use reliable NTP servers β€” ideally internal stratum 1 or 2 servers with an external fallback. In VM environments, also be aware that a suspended/resumed VM can wake up with a wrong clock; reliable NTP is what keeps it corrected.

Step 5 β€” Host Administrator Account and MFA Enrollment

Host Administrator credential setup
Fig 10 β€” The Host Administrator step. The username is fixed as veeamadmin. Enter a password that meets the DISA STIG complexity requirements. The field will reject non-compliant passwords inline before you can proceed.

The password must satisfy all of the DISA STIG PAM requirements enforced on the appliance. These include:

  • Must meet the DISA STIG minimum length requirement (see Veeam KB4740 for the exact length enforced on this appliance)
  • Must include at least one uppercase letter, one lowercase letter, one number, and one special character
  • Must not contain more than four consecutive characters from the same character class β€” a string like apple (five consecutive lowercase letters) or 12345 (five consecutive digits) will be rejected. This is controlled by the maxrepeat parameter in /etc/security/pwquality.conf
  • The veeamadmin and veeamso passwords must be completely distinct from each other β€” the system verifies they don't share overlapping sequences

Once a compliant password is accepted, the wizard immediately requires MFA enrollment. There's no way around this step:

TOTP MFA enrollment screen showing QR code setup
Fig 11 β€” TOTP MFA configuration. Two-factor authentication is enabled on this system. Open your authenticator app (Google Authenticator, Microsoft Authenticator, or any TOTP-compatible app), scan the QR code or manually enter the displayed seed key, then type the resulting 6-digit token into the field to confirm the sync worked.

The system also generates a hexadecimal emergency recovery token at this point. Write it down and store it somewhere physically secure β€” offline storage in a locked safe is the right call. If you ever lose access to your MFA device, only the Security Officer account can reset your TOTP enrollment. Without the recovery token or SO access, lockout is permanent.

πŸ’‘ NTP Must Be Working Before This Step

If you set up NTP correctly in Step 4 and the clock is synchronized, enrollment will work fine. If the appliance clock is wrong, the token you generate in your authenticator app will immediately mismatch and enrollment will fail. If that happens, fix NTP first, then try again.

Step 6 β€” Security Officer Account

Security Officer account creation
Fig 12 β€” The Security Officer step. Username is fixed as veeamso. The screen describes the role's purpose clearly: "Security Officer approves sensitive actions of host admins (Zero Trust concept)." This role is typically assigned to someone from the information security team β€” not the same person as the backup administrator.
⚠️ Skipping This Step Is Permanent and Cannot Be Undone

If you check "Skip setting up Security Officer" and complete the wizard, the four-eyes authorization model is permanently disabled for the lifetime of this appliance. There's no way to add it back later β€” you'd need to wipe the block storage and reinstall from scratch. For any production deployment, always configure the Security Officer. The only scenario where skipping makes sense is a deliberate decision in a non-critical lab environment where the reduced security posture is acceptable.

One important detail here: the Security Officer's MFA enrollment does not happen in this wizard step. The password you create here is a temporary bootstrap credential only. The first time the SO logs into the Host Management Web UI at https://<VIA-IP>:10443, they'll be required to change their password and complete their own TOTP enrollment before they can access anything. This is deliberate β€” it ensures the SO performs their own enrollment independently rather than having the backup admin set it up on their behalf.

Step 7 β€” Summary and Commit

Configuration wizard Summary screen
Fig 13 β€” The Summary screen shows all configured parameters: hostname vprx-435bac4a, network interface eth0 with MAC address 00:15:5D:54:70:21 and IPv4 192.168.1.11, NTP server time.nist.gov, and administrator username veeamadmin. Scroll through to verify everything before committing.

Take a moment to scroll through everything and confirm it looks right before pressing [Finish]. Once you commit, the system restarts its internal networking and cryptographic services and generates the TLS thumbprints needed for the web management interface. After that, the appliance is operational.

Configuration wizard applying settings β€” operation in progress
Fig 14 β€” The wizard applies the configuration. The progress indicator steps through individual service restarts β€” at this point step 7/12 is restarting the veeamdeployment service. Wait for it to complete fully before trying to connect to the appliance over the network.

When the wizard finishes, the appliance is reachable at https://<VIA-IP>:10443 for the Host Management Console. You can now proceed to add it to Veeam Backup & Replication.

Security Reference

The Two-Role Access Model

Before moving on to registering the appliance in VBR, it helps to understand the access model you just configured β€” because it will affect how you manage the node day-to-day.

The VIA enforces a strict two-account system. The Host Administrator (veeamadmin) handles operational tasks like network config, updates, and normal administration. The Security Officer (veeamso) acts as an independent gatekeeper for any action that could be used to undermine security β€” enabling SSH, resetting passwords, disabling MFA. Neither account can do everything on its own.

Capability Host Admin (veeamadmin) Security Officer (veeamso)
TUI console access βœ” Authorized ✘ Denied
Web UI (HTTPS port 10443) βœ” Authorized βœ” Authorized
Configure IP, DNS, NTP, bonding βœ” Authorized ✘ Denied
Initiate software updates βœ” Authorized ✘ Denied
Enable SSH / root shell access Submits request only βœ” Approves or declines
Reset standard user passwords ✘ Denied βœ” Authorized
Reset lost or desynchronized MFA tokens ✘ Denied βœ” Authorized
Manage configuration backup passphrases ✘ Denied βœ” Authorized

In practice this means: if an attacker compromises the veeamadmin account, they still can't enable SSH, disable MFA, or reset credentials without a separate, independent approval from veeamso through its own authenticated session. The two accounts are intended to be held by different people β€” typically the backup administrator and a member of the security team respectively. That separation is what makes the model meaningful.

Both accounts access the Host Management Console at https://<VIA-IP>:10443 using their username, STIG-compliant password, and TOTP token. One thing to note for Hardened Repository deployments specifically: the Web UI on port 10443 may be disabled by default as an additional security measure. If that's the case, you'll need physical console access to temporarily enable it, perform your configuration, then disable it again.

Phase 3

Adding the Appliance to Veeam Backup & Replication

With the appliance configured and online, open the VBR web console and go to Infrastructure β†’ Managed Servers. At this point you should only see "This server" β€” the VBR server itself.

Veeam Backup & Replication v13 Overview dashboard
Fig 15 β€” The VBR v13 Overview dashboard. Resiliency score 100%, Infrastructure Health 100%, one managed server so far. The VIA will become the second.

Add Server Wizard

Click + Add Server. The dialog presents four server type options:

Add Server dialog showing four server type options
Fig 16 β€” The Add Server dialog. Options are: Virtualization Platforms, Veeam Infrastructure Appliance, Microsoft Windows, and Linux. Choose "Veeam Infrastructure Appliance" to use certificate-based pairing β€” no SSH credentials required.

Select Veeam Infrastructure Appliance. This is an important distinction from older Veeam workflows β€” you're not choosing "Linux" here and going through an SSH credential flow. The VIA has the Veeam Deployment Kit pre-installed, which sets up a cryptographic listener service that VBR connects to directly using certificate exchange.

New Veeam Infrastructure Appliance wizard β€” DNS name or IP entry
Fig 17 β€” Enter the DNS name or IP address of your VIA. The page also provides a direct link to download the VIA ISO in case you still need it.

Certificate Trust Validation

After entering the IP and clicking Next, VBR contacts the appliance and retrieves its TLS certificate. You'll be asked to verify the fingerprint:

TLS certificate fingerprint validation dialog
Fig 18 β€” The Validation dialog displays the appliance's TLS certificate fingerprint. Before clicking Yes, verify this fingerprint matches what's shown in the Host Management Console on the appliance itself. This is how you confirm you're connecting to the right machine and not an impersonator.
ℹ️ Why This Beats the Old SSH Approach

Older Veeam Linux integrations required temporarily enabling SSH, opening port 22, and sending root credentials across the network β€” all real attack surface. With the VIA, the pairing is done entirely through certificate exchange with no SSH port opened and no credentials transmitted. The fingerprint verification step here is your manual confirmation that the certificate is legitimate.

Component Review and Deployment

Next, the wizard shows you exactly which components it will install and which are already present on the appliance:

New VIA wizard β€” component installation review
Fig 19 β€” The Review step lists component status. OpenSSL3 and the Installer service are already present. The following will be installed: Veeam Data Mover service, Guest Interaction Proxy, HPE StoreOnce Library, Dell Data Domain Library, NetApp SnapDiff library, and SMB gateway. Click Next to proceed.
New VIA wizard β€” Summary page
Fig 20 β€” The Summary: Server 192.168.1.11, created by veeamadmin at 3/5/26 4:10 PM. Click Finish to start the component installation.

After clicking Finish, VBR pushes and installs the listed components to the appliance. You can watch the deployment in real time:

Infrastructure component deployment in progress
Fig 21 β€” Live deployment progress. VBR is copying Veeam DLLs, installing client certificates, elevating the Data Mover service, collecting hardware info, creating database records for the server, synchronizing software update settings, and collecting disk and volume info. Status: Running, Duration: 00:01:05.

Verifying in Managed Servers

Managed Servers list showing 192.168.1.11 as Online
Fig 22 β€” Managed Servers list after successful registration. The VIA (192.168.1.11) shows as a Linux server with Status: Online. The "Failed to check for updates" warning is expected in environments without outbound internet access and does not affect backup functionality.

The appliance is now a managed Veeam infrastructure node. The next step is assigning it the VMware proxy role.

Phase 4

Assigning the VMware Backup Proxy Role

Navigate to Infrastructure β†’ Proxies and click Add VMware Proxy. This opens the New VMware Proxy wizard.

New VMware Proxy wizard β€” server selection and settings
Fig 23 β€” The New VMware Proxy wizard. The appliance (192.168.1.11) is selected as the server. Transport mode is set to "Automatic selection" so VBR chooses the best available mode per job. Connected datastores: "Automatic detection (recommended)."

A few things worth knowing about the settings on this screen:

  • Transport mode β€” Automatic selection is the right default for most environments. VBR negotiates the fastest available mode at job runtime β€” HotAdd if running in a VM on the same host, Direct SAN if configured, or NBD as a fallback. You can restrict this via the Choose button if your specific environment requires it.
  • Connected datastores β€” Automatic detection means the proxy discovers accessible datastores at runtime. You'd only restrict this if you want specific proxies handling specific datastores in a larger environment.
  • Max tasks β€” defaults to a value based on the system's CPU count (16 in this case). This is the number of concurrent backup streams. Adjust it based on the appliance's available CPU and network resources and how much parallel work you want it handling.
New VMware Proxy wizard β€” Summary page
Fig 24 β€” Proxy Summary: Server 192.168.1.11, Linux server, Automatic transport mode, Automatic datastore detection, Max tasks: 16. Click Finish to deploy the proxy role.

Veeam now installs the VMware VDDK (Virtual Disk Development Kit) on the appliance and registers it as a proxy. This runs as a background infrastructure job you can watch:

Infrastructure job success β€” VMware VDDK installation complete
Fig 25 β€” Proxy deployment success. Steps completed: Starting infrastructure item update process (4 sec) β†’ Discovering installed packages β†’ Installing VMware VDDK (6 sec) β†’ Discovering installed packages β†’ Creating database records for proxy. Job progress: 100%, total duration: 00:00:12, Status: Success.

βœ… Deployment Complete

  • Veeam Infrastructure Appliance deployed on Rocky Linux JeOS 13.0.1.1071
  • DISA STIG-compliant password policy and TOTP MFA enforced for both accounts
  • Security Officer (veeamso) configured for Zero Trust four-eyes authorization
  • Appliance paired to VBR server via certificate-based authentication β€” no SSH required
  • Veeam Data Mover, Guest Interaction Proxy, and third-party storage libraries installed
  • VMware VDDK installed, proxy role registered β€” ready to run backup jobs
Related

When to Choose Hardened Repository Instead

If your goal is immutable backup storage, select Veeam Hardened Repository in the GRUB menu instead of the standard appliance option. The wizard flow is identical, but the OS installation formats the secondary data disks differently, and additional immutability daemons are enabled:

  • Data disks are formatted with XFS, which supports Fast Clone (reflink) technology. Instead of physically copying duplicate data blocks during synthetic full backups, XFS creates lightweight metadata pointers to the existing blocks. The result is dramatically better storage efficiency on long-retention chains β€” without needing expensive hardware deduplication appliances.
  • Backup files receive a WORM immutability flag in the XFS metadata. During the defined retention period, those files cannot be modified, encrypted by ransomware, or deleted by any user β€” including a compromised veeamadmin account or even a fully compromised VBR management server. This is the key architectural promise of the Hardened Repository.
  • This directly satisfies regulatory requirements for non-rewritable, non-erasable storage under frameworks like SEC Rule 17a-4, FINRA, and HIPAA.
  • The Web UI on port 10443 may be disabled by default on Hardened Repository nodes as an added security measure. If you can't reach the interface, you'll need physical console access to temporarily enable it, complete your configuration, then disable it again.
ℹ️ The Complete ZTDR Stack

For robust ransomware resilience, the recommended architecture is: VSA (management plane) + VIA proxy nodes + VIA Hardened Repository (immutable on-premises copy) + an offsite or cloud copy. The Hardened Repository is the piece that guarantees a clean recovery point even if the entire management layer is compromised β€” the backup data is protected at the filesystem level, independent of Veeam software.

Summary

Key Takeaways and Things to Watch Out For

1
The hostname is permanent β€” treat it seriously

The hostname becomes the CN of the appliance's TLS certificate. Changing it after deployment breaks all management server connectivity and requires re-pairing from scratch. Don't accept the randomized default β€” set a meaningful, stable name like proxy-01.yourdomain.local right from the start.

2
Security Officer setup is a one-time opportunity β€” don't skip it

There's no "configure Security Officer later" option. If you skip it in the wizard, the four-eyes authorization model is permanently disabled for that appliance and the only fix is a full wipe and reinstall. Even in test environments, configuring it is worth doing β€” you learn the workflow and you've got proper access controls in place if that test environment turns into production.

3
NTP failure means everyone gets locked out

TOTP tokens depend on the appliance and the admin's authenticator app agreeing on the current time. If NTP goes down and the appliance clock drifts, authentication fails for everyone. Configure reliable NTP servers β€” internal stratum 1/2 with external fallback β€” and verify sync is working before you complete the wizard. In VM environments, also be aware that a suspended/resumed VM can wake up with a wrong clock; NTP corrects that automatically if it's configured properly.

4
Use "Veeam Infrastructure Appliance" β€” not "Linux" β€” when adding to VBR

It's an easy mistake if you're used to older Veeam workflows. Choosing "Linux" in the Add Server dialog triggers the SSH-based credential flow, which will fail on a VIA because SSH is disabled by default. The VIA has the Deployment Kit pre-installed specifically so it can be paired via certificate exchange without any of that.

5
Choose the right GRUB option for the node's intended role

Standard VMware/Hyper-V proxy β†’ "Veeam Infrastructure Appliance." SAN-mode or hardware snapshot backups β†’ "…with iSCSI & NVMe/TCP." Immutable storage β†’ "Veeam Hardened Repository." You can't switch roles after installation without wiping the node and starting over, so be clear on what the node is for before you boot from the ISO.

6
"Failed to check for updates" warning is harmless in restricted environments

If the appliance can't reach Veeam's update servers β€” air-gapped deployments, strict outbound firewall rules β€” the Update Status column in Managed Servers will show a warning. This has no effect on backup operations. Manage updates manually via the Host Management Console at port 10443, or through the Manage Updates workflow in the VBR console.

7
Watch the log partition on high-workload nodes

Logs are stored in /var/log/VeeamBackup/ on a partition sized at roughly 12% of the OS disk (typically 30–200 GB depending on disk geometry). On nodes processing large numbers of VMs this can fill faster than expected. You can request relocation of the log path to /var/lib/veeam/ through the Host Management Console β€” just be aware this change requires Security Officer approval, since it modifies daemon configuration and could theoretically be used to hide activity.

Veeam Backup & Replication v13 Β· JeOS 13.0.1.1071 Β· Rocky Linux Β· Infrastructure Appliance Deployment
Screenshots captured March 5, 2026 Β· Deployed with veeamadmin account Β· Appliance IP: 192.168.1.11

Read more