Deploying Backup Agents

Module: Endpoint Backup v2

Once you have been through Setting Up Your Organization and Creating a Backup Policy, you can install the backup agent. Installing the backup agent will allow you to start protecting the data on your machine.

There are two methods for installing your Endpoint Backup v2 agent:

Option 1: Mass Deployment via RMM, GPO, or Intune

1. Log in to login.backup.net.
2. Select Deployment Tokens.
3. Retrieve your deployment token for use in the MSI installation script.

MSIExec Installation Command Example

msiexec /i https://cf-dl.datto.com/dba/DattoBackupAgentInstaller-x64.msi REG_TOKEN=your_deployment_token ENCRYPTION_KEY=your_custom_encryption_key /qn

Important Parameters Explained:

• /i <MSI Path>: Installs the MSI package from the specified URL.
• REG_TOKEN=<your_deployment_token>: Mandatory. Replace <your_deployment_token> with the unique deployment token provided in your portal.
• ENCRYPTION_KEY=<your_custom_encryption_key>:
  • Optional. If omitted, Datto Managed Encryption Keys will be automatically used. If using Datto Managed keys, remove the entire ENCRYPTION_KEY=your_custom_encryption_key section.
  • If included, you must replace your_custom_encryption_key with a strong, unique encryption key.
  • Never leave the placeholder text (your_custom_encryption_key) unchanged. Doing so will result in backups encrypted with a weak, default key, creating security and recovery risks.

• /qn: Performs silent installation with no user interface.

IMPORTANT  CRITICAL REMINDER: Always ensure that any placeholder text in the script is replaced with your specific deployment token and encryption key (if used). Using default or placeholder values can result in irreversible encryption issues.

Option 2: Manual Pairing Using a Shortcode

1. Download the agent installer from the UniView portal.

2. After installation, pair the agent manually by copying the shortcode displayed in the agent.

3. Paste the shortcode into UniView by clicking on the link icon.

4. Click Pair.

Your agent will begin to take a first backup.

Adding Deployment Tokens

1. Log in to UniView (login.backup.net)
2. Click Endpoint Backup.
3. Click Deployment Tokens.
4. Click + Deployment Tokens as shown.
   
5. Choose options for:
   Organization
   Storage Location
   License Type
   Policy as shown
   
6. Click Add.
7. You will see:
8. Your new deployment token will appear in the list of deployment tokens.

NOTE  The data center region is fixed once the agent is deployed. If you manage assets across multiple regions, create separate tokens for each region.

Data Encryption

All data backed up by Datto Endpoint Backup Version 2 is encrypted both in-transit and at-rest. Encryption is AES 256 GCM in transit and AES 256 XTS at rest in the data center. Encryption is set at the time of agent installation. If no key is provided, Datto manages the encryption keys. The two types of encryption are described below:

Datto-Managed Encryption (Default)

• Data is automatically encrypted using Datto's secure key management system
• No additional configuration required
• Datto can assist with data recovery if needed

Customer-Managed Encryption

• Specify your own encryption key during agent deployment
• Provides complete control over data access
• Datto cannot assist with data recovery without customer-managed encryption keys
• Store your encryption key securely as it will be required for all restore operations

ALERT  If you lose your encryption key, your data CANNOT be recovered.

NOTE  In order to view the restore points for a backup, you have to decrypt the agent in the UniView portal.

Uninstall the agent software

To uninstall the agent software, use the Windows Programs and Features panel to run the Datto Endpoint Backup Agent's built-in uninstaller. Uninstalling via this method allows you to reinstall the agent and resume backups for it in the future if you choose to do so.