Veeam Virtual Appliance Step by Step Guide Installation

At VeeamON, Veeam introduced Veeam Virtual Appliance (one of the highlights), is coming with the next version of VBR (v13). This feature requests right now. In this article series, I will guide you through the installation process (based on Rocky Linux) and provide an in-depth overview of both well-known and newly introduced features (as a reminder, we are working with a Beta version, so not all features are currently available).

Whether you’re an experienced Veeam user or new to the platform, this series is designed to equip you with the knowledge needed to get the most out of it.

Veeam Virtual Appliance

Veeam Virtual Appliance and Veeam Backup & Replication v13:

Veeam Backup & Replication (VBR) v13 is set to introduce a range of exciting new features that enhance both usability and security.

Key updates include:

  • Backup Console UI Refresh: A restyled console with a new login graphic, Single Sign-On (SSO), and custom roles for improved user experience.
  • Host Management: A lightweight, ultra-secure cockpit UI allowing administrators to perform usual operations securely.
  • Security at its Core: Fully compliant with DISA STIG, SSH disabled by default, and the introduction of a Security Operator role for enhanced protection.
  • Updates Managed by Veeam: Ensuring that your backup infrastructure is always up-to-date and secure.
  • The Veeam Virtual Appliance will offer:

    ISO/OVA Deployment: Pre-hardened for security and managed updates by Veeam, with no root access provided for enhanced security.

    Note: The Windows version is not deprecated at this time. The design of the WebUI is currently 80% complete in terms of its final look and feel

    In this Beta version, in order to deploy V13 as a virtual machine, certain prerequisites are required:

  • Storage: 2 disks of 256 GB minimum,
  • 4 vCPU et 16Go vRAM,
  • Rocky Linux is used as the operating system, as this is what Veeam relies on in this context. A paravirtualized SCSI adapter will be used by default.
  •  

    Installation:

    Once the ISO is attached and the VM is started, a GRUB menu appears with two options:

  • Install Veeam Backup and Replication (VBR)
  • Install Enterprise Manager (VBEM)
  • Veeam Virtual Appliance

    Here, we are deploying VBR. The next step is to choose whether to perform a full installation, reinstall, or repair a failed installation. Since this is a first-time setup, we’ll go with the first option.

    ⚠️ Please note: this will erase all existing data and backups that may already be present on the system.

    Veeam Virtual Appliance

    The installer checks whether the prerequisites are met — for example, if two 256GB disks are not allocated.

    Veeam Virtual Appliance

    If all requirements are satisfied, the installation begins. You’ll notice that a customized version of Rocky Linux provided by Veeam is being used.

    Veeam Virtual Appliance

    Once the installation is complete, simply reboot the system to launch the appliance configuration.

    Veeam Virtual Appliance

    During startup, you’ll be presented with boot options: Rocky Linux itself, a rescue system, or UEFI firmware settings.

    Veeam Virtual Appliance

     

    Configuration:

    We will now proceed with configuring our appliance. First, we accept the license agreements:

    Veeam Virtual Appliance

    Then define a name for the machine:

    Veeam Virtual Appliance

    Next, you’ll need to configure the network settings. If multiple network interfaces are available, you can identify them using their MAC addresses. Both IPv4 and IPv6 are supported.

    Veeam Virtual Appliance

    An important step not to overlook is the configuration of the NTP server — especially in a production environment, this is a critical aspect from a security standpoint.

    Veeam Virtual Appliance

    You’ll also need to set a password for the default administrator account. Note that it cannot be renamed at this stage. Be aware that the password must comply with DISA STIG security best practices (character length, avoidance of repeated characters, etc.).

    Veeam Virtual Appliance

    We recommend displaying the password as you type it 😉:

    Veeam Virtual Appliance

    Veeam Virtual Appliance

    Two-factor authentication (2FA) is mandatory and must be configured in the next step. A code, and optionally a QR code, will be displayed on screen, making it easy to register with your preferred TOTP authenticator.

    Veeam Virtual Appliance

    A new role has been introduced: the Security Officer. While optional, it is highly recommended. Configuring this role adds an extra layer of validation, requiring approval from this user for certain actions — such as when an administrator requests to delete backup data.

    Veeam Virtual Appliance

    Once the configuration is complete, Veeam presents a summary screen for review.

    Veeam Virtual Appliance

    After confirming, voilà — your Veeam server is up and running! The console displays the hostname along with the management URLs.

    Veeam Virtual Appliance

    Host Management:

    You will have the option to manage your new Appliance using two consoles: the native host console or a web interface. Code name: Cockpit!

    Host Management WebUI:

    Admin Role

    The first method involves using the WebUI interface. Log in using the admin account.

    Veeam Virtual Appliance

    For security reasons, two-factor authentication is required:

    Veeam Virtual Appliance

    This new interface allows you to manage your newly deployed appliance, with features such as:

  • Network configuration
  • NTP configuration
  • Creating new users
  • System updates
  • Log export
  • The homepage provides an overview of the global configuration.

    Veeam Virtual Appliance

    1. Host Setting

    A) In the Network menu, you have the ability to:

  • Edit the hostname
  • Add DNS servers
  • Join the machine to a domain (not recommended)
  • Edit the network configuration
  • These actions currently do not appear to require approval from the Security Officer (SO).

    B) The Time tab allows you to:

  • Modify time servers
  • Check synchronization
  • Change the timezone
  •  

    2. Security

    A) In the Console Access menu, to enhance security, you have the option to disable this web interface and enforce login via the host console.
    ⚠️ Note: The SO account does not appear to be able to authenticate on this console.

    You can also enable the SSH service. I strongly recommend keeping it disabled by default; it should only be activated for debugging purposes.
    Enabling SSH is subject to SO validation.

    A second action will be required to gain access to the root account.

    Veeam Virtual Appliance

    Veeam Virtual Appliance

    B) Users and Roles

    In this tab, you can:

  • Create new users
  • Modify existing accounts. It is possible to rename default accounts (Tip: It is recommended to change default values)
  • Reset passwords or MFA
  • ✅ The deletion of a privileged account requires Security Officer (SO) approval.

    3. Integration

    A) The Applications menu allows you to enable additional options such as Data Collection, which will likely be used for integration with Veeam One. This integration is valid for 60 minutes. As with other actions, SO approval is required.

    A new feature has also been introduced: Veeam High Availability. Similarly, this feature cannot be enabled without prior SO validation.

    Veeam Virtual Appliance

    B) As the name suggests, the Updates menu is where you can check for updates provided by Veeam (similar to what you might find with Veeam for Azure).

    Veeam Virtual Appliance

    4. Audit

    In the final tab, Logs and Service, you can perform several actions such as:

  • Manage services (Stop/Restart)
  • Veeam Virtual Appliance

    Import/Export Configuration Files -You can import or export configuration files from this section:

    Veeam Virtual Appliance

    In the Events tab, all actions performed through the interface are logged:

    Veeam Virtual Appliance

    The final tab, Logs, allows you to generate support logs required when opening a case with Veeam Support:

    Veeam Virtual Appliance

    Security Officer Role

    Let’s now log in using the Security Officer account.

    Since this account is intended for a second person (e.g., Security Admin, CISO, etc.), a password reset is required upon the first login.

    Veeam Virtual Appliance

    The user will be prompted to enable MFA:

    Veeam Virtual Appliance

    A recovery token is generated and should be stored securely:

    Veeam Virtual Appliance

    Once this setup is complete, the interface is simplified compared to the admin view. As a reminder, the SO’s role is to approve certain actions and audit events when necessary.You will find the previously submitted requests, which can be approved or rejected.

    Veeam Virtual Appliance

    In the Events section, you can filter events to more easily search for a specific action:

    Veeam Virtual Appliance

    Host Management Console

    The second method is to connect directly via the host console.

    Veeam Virtual Appliance

    Once again, entering the MFA code is required:

    Veeam Virtual Appliance

    Let’s explore the available options:

    Veeam Virtual Appliance

    1. Host Configuration

    Here, you can:

  • Edit the hostname
  • Add DNS servers
  • Edit the network configuration
  • Edit the NTP settings
  • Veeam Virtual Appliance

    2. Remote Access Configuration

    In this section, you can:

  • Disable the WebUI management console
  • Enable SHELL access (this action requires SO approval)
  • Veeam Virtual Appliance

    Veeam Virtual Appliance

    You also have the option to restart or shut down the Appliance:

    Veeam Virtual Appliance

    SSH Access

    To open an SSH session, the administrator must submit a request to the Security Officer.

    Veeam Virtual Appliance

    Veeam Virtual Appliance

    The service will be available for a defined period.

    The admin account can then initiate an SSH session using its username and password.

    Veeam Virtual Appliance

     

    A big thank you to Philippe Dupuis for his valuable support and insights throughout this deployment and testing process. His contributions were instrumental in ensuring a smooth and secure configuration of the appliance.

     

    VeeamON 2025 Recap: Here
    v12.1 release – Veeam Data Platform: Blog Post
    Veeam v12.1 – Integration with SIEM Systems : Blog Post
    Veeam v12.1 – Object Storage as backup target: Blog Post
    Veeam v12.1 KMS Support: Blog Post
    Veeam v12.1 Malware Detection and YARA: Blog Post

     
     
     

    Please follow and like us:
    Advertisement
    error

    Enjoy this blog? Please spread the word :)