Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Snapshot Manager Install and Upgrade Guide
  3. Section I. NetBackup Snapshot Manager installation and configuration
  4. Configuration for protecting assets on cloud hosts/VM
  5. Protecting assets with NetBackup Snapshot Manager's agentless feature
  6. Prerequisites for the agentless configuration
NetBackup™ Snapshot Manager Install and Upgrade Guide

Prerequisites for the agentless configuration

Prerequisites for using the agentless feature in Linux
  • Have the following information with you:

    • Host user name

    • Host password or SSH key

    NetBackup Snapshot Manager requires these details to gain access to the host and perform requested operations.

  • On hosts where you wish to configure this feature, grant password-less sudo access to the host user account that you provide to NetBackup Snapshot Manager.

Granting password-less sudo access to host user account

NetBackup Snapshot Manager requires a host user account to connect and perform operations on the host. You must grant password-less sudo access to the user account that you provide to NetBackup Snapshot Manager. This is required for all the hosts where you wish to configure the agentless feature.

Note:

The following steps are provided as a general guideline. Refer to the operating system or the distribution-specific documentation for detailed instructions on how to grant password-less sudo access to a user account.

  1. Perform the following steps on a host where you want to configure the agentless feature

  2. Verify that the host user name that you provide to NetBackup Snapshot Manager is part of the wheel group.

    Log on as a root user and run the following command:

    # usermod -aG wheel hostuserID

    Here, hostuserID is the host user name that you provide to NetBackup Snapshot Manager.

  3. Log out and log in again for the changes to take effect.

  4. Edit the /etc/sudoers file using the visudo command:

    # sudo visudo

  5. Add the following entry to the /etc/sudoers file:

    hostuserID ALL=(ALL) NOPASSWD: ALL

  6. In the /etc/sudoers file, edit the entries for the wheel group as follows:

    • Comment out (add a # character at the start of the line) the following line entry:

      # %wheel ALL=(ALL) ALL

    • Uncomment (remove the # character at the start of the line) the following line entry:

      %wheel ALL=(ALL) NOPASSWD: ALL

    The changes should appear as follows:

    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL
    
    ## Same thing without a password
    %wheel ALL=(ALL) NOPASSWD: ALL
  7. Save the changes to the /etc/sudoers file.

  8. Log out and log on to the host again using the user account that you provide to NetBackup Snapshot Manager.

  9. Run the following command to confirm that the changes are in effect:

    # sudo su

    If you do not see any prompt requesting for a password, then the user account has been granted password-less sudo access.

    You can now proceed to configure the NetBackup Snapshot Manager agentless feature.

Prerequisites for using the agentless feature in Windows
  • The user account used to connect to remote instance should be able to:

    • Access remote admin share (ADMIN$). Enabled by default.

    • Access to root\cimv2

  • Configure the following ports:

    • Modify the security group to allow inbound traffic on the ports 135, 445 and dynamic port or fixed port for WMI .

    • Enable inbound rules in the firewall for the ports 135, 445 and the dynamic or fixed WMI-IN ports on Windows hosts.

      Note:

      The dynamic range for the ports is 49152-65535.

    • You can use fixed or dynamic WMI-IN ports. If you want to configure a fixed WMI-IN port, see Setting Up a Fixed Port for WMI.

  • Disable User Account Control for the users groups accessing the agentless feature.

  • For protecting SQL applications, the user account used for connecting to the cloud host, must have the required admin privileges to access the SQL server.

Feedback

Was this page helpful?
Previous

Protecting assets with NetBackup Snapshot Manager's agentless feature

Next

Configuring SMB for Windows (Optional)

Feedback

Was this page helpful?