Introducing the IronDiff Windows Agent — No Docker Required

Not every environment runs Docker. Some clients have a single Windows server in a closet. Some MSPs deploy through an RMM and don’t want to manage container runtimes on endpoints. We’ve heard this feedback consistently since launch, and today we’re shipping the answer: IronDiff now runs as a native Windows service.

Same backup engine. Same redaction. Same zero-knowledge encryption. No Docker required.

Why a Windows Agent?

IronDiff’s Docker agent works well for teams that already have a Linux host or a container runtime available. But for a lot of MSPs, the reality is simpler: there’s a Windows Server at the client site, and adding Docker to it isn’t worth the overhead.

The Windows agent eliminates that friction. It installs as a standard Windows service, runs in the background, and is fully manageable through the local web UI — just open http://localhost:5000 in a browser.

What’s Included

The Windows agent has full feature parity with the Docker agent:

  • All supported vendors — Cisco IOS/ASA, Aruba, pfSense, Fortigate, MikroTik, Juniper, Netgear ProSafe, and more
  • Vendor-aware secret redaction — passwords, SNMP strings, and keys are stripped locally before anything leaves the network
  • Zero-knowledge encrypted raw backups — your master key never leaves the machine
  • Scheduled backups — configurable intervals, multithreaded device polling
  • Hudu integration — automatic diff sync to Hudu assets, identical to the Docker agent
  • Local web management UI — add devices, view backup status, trigger manual runs
  • Auto-updates — the agent checks for new versions and can self-update with a service restart
  • System tray icon — quick access to the web portal, logs, config file, and manual update checks

Installation

One-Click Install

Download IronDiffAgent.exe from the IronDiff Portal and run it. The installer registers the Windows service, starts it, and opens the setup wizard in your browser.

Silent RMM Deployment

For MSPs deploying at scale through Syncro, Datto, NinjaOne, or any other RMM:

.\IronDiffAgent.exe install --license-key "YOUR-KEY" --silent

The service starts automatically after install. Push the YAML config file to config\irondiff.yaml in the install directory and you’re done — backups begin on the next scheduled interval.

Configuration

The Windows agent reads a single irondiff.yaml file that contains everything — app settings, credentials, and device inventory — all in one place. This is different from the Docker agent, which splits configuration across config.yaml, devices.yaml, and a .env file.

The consolidated format means less file management and simpler RMM deployment: push one YAML file and you’re done. Credentials in the YAML support AES-256-GCM encryption — store them as ENC: prefixed values and the agent decrypts them at runtime using your local encryption key. Clear-text passwords are never required in the config file.

How It Runs

The agent installs as the IronDiff Backup Agent Windows service (IronDiffAgent). On startup, it:

  1. Loads the YAML config and validates your license
  2. Starts the backup scheduler on your configured interval
  3. Launches the local web UI on port 5000
  4. Begins checking for auto-updates in the background

Backups run in parallel across devices (configurable thread count), and results are reported to the IronDiff cloud portal just like the Docker agent. If a backup fails, the agent retries with graceful fallbacks — including alternate connection methods for devices with non-standard SSH implementations.

System Tray

The agent includes a system tray icon for quick access:

  • Open Web Portal — launches the management UI
  • Edit Config File — opens irondiff.yaml in an elevated editor
  • View Logs — opens the agent log file
  • Check for Updates — triggers a manual update check
  • Restart Service — restarts the IronDiff service

The tray icon automatically exits if the service stops, so it stays in sync with the agent’s lifecycle.

Docker vs. Windows: Which Should I Use?

Use whatever fits the site. Both agents connect to the same IronDiff cloud portal, and both produce identical backups and diffs.

  • Docker — best for Linux hosts, NAS devices, or environments where you already run containers
  • Windows — best for Windows-only sites, RMM-managed deployments, or environments where Docker isn’t practical

You can mix both across your client base. A Cisco shop with a Linux VM gets the Docker agent; a small office with a single Windows Server gets the Windows agent. Both show up in the same portal.

Get Started

The Windows agent is available today on all plans, including the 14-day free Professional trial.

  1. Create an account (or log into your existing one)
  2. Download IronDiffAgent.exe from the portal
  3. Run the installer and add your devices
  4. Configs start backing up on the next scheduled run

If you’re already using IronDiff with Docker, you can deploy the Windows agent alongside it for different client sites — no changes needed to your existing setup.

No Docker? No problem.

Deploy the Windows agent and start backing up configs in minutes.

Start Free Trial →

Questions about the Windows agent? Email us at [email protected].