Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide
  3. Section I. NetBackup Snapshot Manager for Cloud installation and configuration
  4. Configuration for protecting assets on cloud hosts/VM
  5. Protecting assets with NetBackup Snapshot Manager's agentless feature
  6. Prerequisites for the agentless configuration
NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide

Prerequisites for the agentless configuration

Prerequisites for using the agentless feature in Linux
  • Have the following information with you:

    • Host username

    • Host password or SSH key

    NetBackup Snapshot Manager requires these details to gain access to the host and perform requested operations.

  • On hosts where you want to configure this feature, grant password-less sudo access to the host user account that you provide to NetBackup Snapshot Manager.

    Note:

    To log in remotely via SSH, the user must be a regular user account, not a system or service account.

Granting password-less sudo access to host user account

NetBackup Snapshot Manager requires a host user account to connect and perform operations on the host. You must grant password-less sudo access to the user account that you provide to NetBackup Snapshot Manager. This is required for all the hosts where you want to configure the agentless feature.

Note:

The following steps are provided as a general guideline. Refer to the operating system or the distribution-specific documentation for detailed instructions on how to grant password-less sudo access to a user account.

  1. Perform the following steps on the host where you want to configure the agentless feature.

  2. Verify that the host username that you provide to NetBackup Snapshot Manager is part of the wheel group.

    Log on as a root user and run the following command:

    # usermod -aG wheel hostuserID

    Here, hostuserID is the host username that you provide to NetBackup Snapshot Manager.

  3. Log out and log on again for the changes to take effect.

  4. Edit the /etc/sudoers file using the visudo command:

    # sudo visudo

  5. Add the following entry to the /etc/sudoers file:

    hostuserID ALL=(ALL) NOPASSWD: ALL

  6. In the /etc/sudoers file, edit the entries for the wheel group as follows:

    • Comment out (add a # character at the start of the line) the following line entry:

      # %wheel ALL=(ALL) ALL

    • Uncomment (remove the # character at the start of the line) the following line entry:

      %wheel ALL=(ALL) NOPASSWD: ALL

    The changes should appear as follows:

    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL
    
    ## Same thing without a password
    %wheel ALL=(ALL) NOPASSWD: ALL
  7. Save the changes to the /etc/sudoers file.

  8. Log out and log on to the host again using the user account that you provide to NetBackup Snapshot Manager.

  9. Run the following command to confirm that the changes are in effect:

    # sudo su

    If you do not see any prompt requesting for a password, then the user account has been granted password-less sudo access.

    You can now proceed to configure the NetBackup Snapshot Manager agentless feature.

Prerequisites for using the agentless feature in Windows
  • Install and enable OpenSSH Server on the Windows VM.

    For a complete procedure to install OpenSSH server on Windows and start the service, refer to Microsoft Documentation.

  • Enable port 22 from the security group and firewall for the Windows VMs.

    Port 22 is enabled by default once the OpenSSH server is installed and enabled in the above step.

  • Powershell version 5.1 or later must be installed.

  • (Optional) If user had enabled WMI/SMB ports and they are not used by any other application, you can disable these ports from the security groups and the firewall rules after upgrading to NetBackup Snapshot Manager version 10.4 or later.

Note:

The agentless feature is supported for Microsoft Windows version 2019 and above.

Limitation
  • Hosts with Windows OS are not supported in OCI for agentless and on host agents.

Feedback

Was this page helpful?
Previous

Protecting assets with NetBackup Snapshot Manager's agentless feature

Next

Configuring the agentless feature

Feedback

Was this page helpful?