Using Addigy and Acronis together is an easy way to step up your ability to support your device users and ensure the safety of your fleet.
With the combination of Addigy and Acronis you can easily deploy Acronis to your entire fleet. You can then leverage Acronis statuses and warning via the Addigy Devices page and build Monitoring and remediation all in one place!
This article explains the process of leveraging the power of Addigy and Acronis side by side.
First we need to get Acronis deployed to your fleet.
Acronis Setup
- Ensure your Acronis Administrator account is activated.
- If you're an MSP managing multiple customers, you'll want a Customer Tenant for each company. The Partner Documentation explains this.
- Now be sure you've created at least one Protection Plan for each Customer. As of this writing Backup, antivirus and antimalware protection - real time antimalware protection and vulnerablity assessment run natively on Silicon and Intel. Device Control is support for Intel natively, and using Rosetta 2 for Silicon.
- For an up-to-date list of supported features, see the Supported Cyber Protect features by operating system documentation.
Get Your Acronis Registration Tokens
-
Go to a Customer tenant and click the Manage Service button at the top of the page
- In the next screen, select Devices in the menu on the left and then click on Add in the the top-right.
- In the Add devices panel that opens, scroll to the bottom of the panel where you'll find the Registration token section. Click Generate.
- In the screen that opens:
- Set the life span to the maximum length
- Select a user from the current Customer. Any devices you register, will be registered as belonging to this user.
- Optionally select a Protection Plan. This will allows the install script to also apply the selected Protection Plan.
- Click Generate Token and then Copy. Be sure to store the token somewhere safe, because you will not be able to see this token again. If you lose it, you'll have to create a new one.
- In the Addigy Custom Software Install script below replace "<yourtoken>" with the Registration Token generated here.
Addigy Setup
We will use Addigy Custom Software to prepare and deploy Acronis to your fleet of macOS devices by building an Addigy Custom Software that will deliver Acronis silently to your devices.
Note: The Acronis installer is downloaded via the installation script. It is not necessary to upload it into the Smart Software item.
- In Addigy, navigate to Catalog >> Software:
- Select New and you are presented with the following view. In this example, we will name our Custom Software Acronis Cyber Protect 1:
Installation Script
Add the following Installation Script to the Custom Software you're creating.
Note: Lines 8 and 9 should be modified to include your Acronis URL and your token, respectively.
The Install Script checks for Acronis already being present.
base_path="/tmp/acronis_agent"
mount_path="${base_path}/dmg_root"
image_path="${base_path}/acronis_agent.dmg"
backup_config="/Library/Application Support/Acronis/Registry/BackupAndRecovery.config"
aakore_sock="/Library/Application Support/Acronis/Agent/var/run/aakore/aakore.sock"
stats_url="http://localhost/api/integration_management/v2/status"
arch_name="$(uname -m)"
REGISTRATION_URL="https://<your acronis URL>"
REGISTRATION_TOKEN="<your token here>"
COUNTER=0
RETRIES=5
RETRY_MAX_TIME=300
send_stats () {
category="InstallAgent"
# hardcoded values based on the script type
os="MacOS"
version="1.0.0.0"
vendor_name="Addigy"
vendor_version="1.0.0.0"
application_id="ebf655ba-e5c7-4f46-8358-8a40199d91d2"
resource_id=$(grep "InstanceID" "${backup_config}" | sed -E 's/.*<value name="InstanceID" type="TString">"(.+)"<\/value>.*/\1/' | tr '[:upper:]' '[:lower:]')
agent_id=$(grep "MMSCurrentMachineID" "${backup_config}" | sed -E 's/.*<value name="MMSCurrentMachineID" type="TString">"(.+)"<\/value>.*/\1/' | tr '[:upper:]' '[:lower:]')
hostname=$(grep "CachedHostName" "${backup_config}" | sed -E 's/.*<value name="CachedHostName" type="TString">"(.+)"<\/value>.*/\1/')
printf -v payload \
'{
"module": {
"version": "%s",
"name": "%s"
},
"vendor_system": {
"version": "%s",
"name": "%s"
},
"application_id": "%s",
"workload": {
"resource_id": "%s",
"agent_id": "%s",
"hostname": "%s"
},
"events": [
{
"label": "%s",
"category": "%s",
"action": "%s"
}
]
}' $version $category $vendor_version $vendor_name $application_id $resource_id $agent_id $hostname $os $category $category
curl -s \
-X POST \
--unix-socket "${aakore_sock}" \
--url "${stats_url}" \
-H "Content-Type: application/json" \
-d "$payload" > /dev/null
}
# Cleaning up temporary files
cleanup() {
printf "Cleaning temporary installation files.\n"
if mount | grep -q "${mount_path}"; then
printf "Unmounting temporary installation image.\n"
hdiutil detach "${mount_path}"
fi
if [[ -d "${base_path}" ]]; then
printf "Removing temporary installation files.\n"
rm -rf "${base_path}"
fi
}
get_download_url() {
architecture=$(uname -m)
if [ "$architecture" == "arm64" ]; then
distro_name="Agent for Mac OS (ARM)"
elif [ "$architecture" == "x86_64" ]; then
distro_name="Agent for Mac OS (64-bit)"
else
echo "Failed to recognize system architecture: ${architecture}. Aborting the installation."
exit 1
fi
local _response_body
local _response_code
curl -s -X GET --url "${REGISTRATION_URL}/bc/api/ams/links/list" -w "\n%{http_code}" |
{
read -r _response_body
read -r _response_code
if [[ $_response_code = 20* ]] ; then
# format the json a little for easier greping. Then extract only the needed lines - url, name and brackets
echo $_response_body | sed $'s/,/\\\n/g' | sed $'s/{/{\\\n/g' | sed $'s/}/\\\n}/g' | grep "url\|title\|{\|}" |
grep -C1 "$distro_name" | grep -m 1 "url" | awk -F '\"' '{print $4}' # find the distro name the URL will be the prev or next line
else
echo "Unable to fetch download links list from server." >"${REGISTRATION_TOKEN}"
exit 1
fi
}
}
# Will deploy smoothly the Acronis agent to all of your MAC OS devices
agent_install() {
printf "Preparing temporary installation directory.\n"
if ! mkdir -p "${mount_path}"; then
printf "Unable to create temporary installation directory.\n"
return 1
fi
current_user=$(id -un)
chown -R "${current_user}" "${base_path}"
chmod -R 0700 "${base_path}"
download_url=$(get_download_url)
if [ -z "$download_url" ]; then
echo "Failed to retrieve download link for current platform."
exit 1
fi
printf "Downloading Acronis Cyber Protection Agent for Mac.\n"
if ! curl --retry $RETRIES --retry-max-time $RETRY_MAX_TIME -f -L -C - -o "${image_path}" "${download_url}"; then
printf "Downloading of the installation image failed.\n"
return 1
fi
if ! hdiutil attach "${image_path}" -mountpoint "${mount_path}" -nobrowse -noautoopenro; then
printf "Mounting of the installation image failed.\n"
return 1
fi
if ! pkgutil --check-signature "${mount_path}/Install.pkg" | grep -q "Acronis International GmbH"; then
printf "Failed to validate package signature. Aborting the installation.\n"
return 1
fi
if ! installer -pkg "${mount_path}/Install.pkg" -target LocalSystem; then
printf "Failed to install the package.\n"
cat /var/log/acronis_install.log
return 1
fi
}
# Will register the agent to Acronis Cyber Cloud
agent_registration() {
printf "The registration of Acronis Cyber Protection agent for Mac starts now.\n"
while [ $COUNTER -le $RETRIES ] ; do
if /Library/Application\ Support/BackupClient/Acronis/RegisterAgentTool/RegisterAgent -a ${REGISTRATION_URL} -t cloud -o register --token ${REGISTRATION_TOKEN}; then
printf "Agent registration successful.\n"
return 0
else:
printf "Failed to register agent.\n"
fi
COUNTER=$(($COUNTER + 1))
done
}
# Will apply a default protection plan that is included in the token
apply_protection_plan() {
resource_id=$(grep "InstanceID" "${backup_config}" | sed -E 's/.*<value name="InstanceID" type="TString">"(.+)"<\/value>.*/\1/' | tr '[:upper:]' '[:lower:]')
if [ -z "$resource_id" ]; then
printf "Failed to retrieve this machine’s resource ID. Application of protection plan cancelled.\n"
return 1
fi
printf -v payload '{"context":{"items":["%s"]},"policy_id":"%s","disableOnConflict":false}' "${resource_id}"
printf "Trying to apply the protection plan.\n"
response=$(curl -s -w "\nHTTP STATUS CODE: %{http_code}\n" -L --request POST "${REGISTRATION_URL}/api/policy_management/v4/applications" \
--header "Authorization: Bearer ${REGISTRATION_TOKEN}" \
--header "Content-Type: application/json" \
--data-raw "${payload}")
if echo "${response}" | grep -q "HTTP STATUS CODE: 200"; then
printf "Protection plan applied successfully.\n"
return 0
elif echo "${response}" | grep -q "HTTP STATUS CODE: 403"; then
printf "No protection plan will be applied as it is not part of the token.\n"
return 0
elif echo "${response}" | grep -q "HTTP STATUS CODE: 500"; then
printf "Protection plan has been already applied.\n"
return 0
elif echo "${response}" | grep -q "HTTP STATUS CODE: 422"; then
printf "Unsupported policy is contained in the registration token. Failed to apply a protection plan."
return 1
else
printf "Failed to apply a protection plan.\n"
echo "${response}"
fi
printf "Failed to apply protection plan.\n"
return 1
}
printf "The installation of Acronis Cyber Protection agent for Mac starts now.\n"
cleanup
agent_install
sleep 20
agent_registration
sleep 20
apply_protection_plan
send_stats
printf "Successfully installed Acronis Cyber Protection agent for Mac.\n"
Save and Review the Custom Software
- Click Save and Review to stage the changes to the Custom Software item.
- Click Confirm Changes to add the Custom Software to your Catalog.
System and Kernel Extension Permissions are Required
- If you have macOS 11 (Big Sur) or newer that you will be deploying Acronis to, you need to deploy a System Extension MDM Profile that allows Acronis.
- Navigate to Catalog >> MDM Profiles >> New >> System Extension
- Name the MDM Profile
- Add "ZU2TV78AA6" to "Allowed Team Identifiers"
- Click "Create Profile"
- Add the Profile to the policies that you will be deploying Acronis to
- If you have macOS 10.15 or older devices you will be deploying Acronis to, you need to deploy a Kernel Extension MDM Profile that allows Acronis.
- Navigate to Catalog >> MDM Profiles >> New >> Kernel Extension Policy
- Name the MDM Profile
- Add "ZU2TV78AA6" to "Allowed Team Identifiers"
- Click "Create Profile"
- Add the Profile to the policies that you will be deploying Acronis
Deploying the Acronis Custom Software
Add the Custom Software to the Policies you wish to deploy Acronis to: Adding and Removing items from a Policy
Acronis Cyber Protect will now deploy and be registered on a devices in the Assigned Policy and its children.
For information on using custom facts to monitor Acronis, see our KB article Addigy Monitoring And Alerting With Acronis.