VDP V12.1 Whats New

Veeam Backup & Replication 12.
1
What’s New
Hannes Kasparick
Principal Analyst, Product Management
hannes.kasparick@veeam.com
“Internal Only” Classified Slides
“internal only” slides are for SEs to better understand the technology.
Please only use them in 1:1 sessions where you know the engineers.
That information might be too much otherwise…
internal only
How To Use The Slides
• If things are missing / not clear / typos, please contact (email, teams)
Hannes Kasparick to improve the slides
• Slides will permanently be updated without further notification
• You can check differences between versions with PowerPoint “Compare”
functionality
• There is a HOME button at the end of every section that brings you back to
the table of contents slide. This happens automatically in presentation mode
• Shorturl: https://vee.am/v121deck Home Button
Table Of Contents (Presentation Mode)
Public Features List (can be used for events)
All other features: only in 1:1 conversations until 24th October 2023
Security And Compliance Improvement Applications and integrations

• Malware detection • ServiceNow Integration
• Key management systems support (KMIP) • Postgres instant recovery
• SIEM integration (syslog support) • Db2 on AIX & Linux
• Dell Data Domain Retention Lock support
• HPE StoreOnce Catalyst Copy
immutability Tape News
• Jaguar tape support (IBM 3592)
Backup of object storage
Veeam Agent for Linux

CDP • IBM Power support
• SureReplica
• Point-in-time file level recovery Storage integrations
• Planned failover • On-prem Glacier compatible support
• Smart visualization & more
Full Features List (1)
Security & Compliance: Malware detection Backup of object storage NAS backup
• Security & Compliance Dashboard • Restore options • Netapp FlexGroup support
• Inline detection (encryption & ransom notes) • Technical overview • Load balancing Dell PowerScale (Isilon) & Netapp
• In-guest detection via guest -index • Linux Proxies • Restore: Compare with production
• YARA rules support • Flexible includes / excludes
• Automated scans via SureBackup Application integrations
• On-Demand scans • Db2 on AIX & Linux
• Malware events & false positives • SAP HANA On Power On Linux Tape News
• Incident API • SAP HANA Explorer • Jaguar tape support (IBM 3592)
• How to test features above • Instant Recovery of PostgreSQL instances • Microsoft DFS support
• PostgreSQL database export • Improved Include & Exclude masks
Security & Compliance: General • ServiceNow Integration • Object storage to tape
• Key management systems support (KMIP) • Restore to object storage
• Four Eyes approval CDP
• SIEM integration (syslog support) • SureReplica Primary and secondary storage integrations
• Security & Compliance analyzer • Scalability improvements • Netapp FlexGroup support
• Removed “Files” Tab For Non-Admin Users • Point-in-time file level recovery • IBM snapshot improvements
• Warning on short encryption passwords • Veeam Explorers support • Cisco Hyperflex Spanned Datastore Support
• Planned failover • On-prem archive tier support
Security & Compliance: Immutability News • Other features • Dell Data Domain retention lock support
• Dell Data Domain Retention Lock support • Change disk type support • HPE StoreOnce Catalyst Copy immutability
• HPE StoreOnce Catalyst Copy immutability • Smart visualization & more • HPE Alletra MP support
• Object Lock Governance Mode
• Immutable configuration backup on object
storage
• Consistent immutability in SOBR
• Hardened Repository: Time step detection
Full Features List (2)
Object Storage (as backup target) Veeam Agent for AIX & Solaris Other useful features
• Capacity tier health checks • AIX & Solaris agent: local restore console • VeeamONE Analytics in console
• Improved rescan speed object storage • Recovery token support for bare metal restore • Simplified unattended installation
• Google Coldline support • Exclude directories during bare metal restore • Unattended configuration restore
• EntraID / Azure AD authentication support • AIX & Solaris performance improvements • Veeam AI Assistant
• Azure Cold Tier support • “Publish disks” in console (instead PowerShell)
• On-prem archive tier support • VeeaMover: fast on same volume
• AWS Glacier Accelerated Restore support SureBackup • Custom retentions VeeamZip, export, copy
• SureBackup NSX-T support • Health Check priority configuration
• SureBackup machine exclusions • License from Veeam.com during installation
Agent management • SureBackup random VM tests • Enterprise Manager enhancements
• AIX & Solaris: centralized management
• AIX, Solaris & MAC: GFS PowerShell & Rest API
• AIX & Solaris: direct file restore from console Cloud Director Self-Service Portal
• Hide different tenant's tabs
Veeam Agent Linux on IBM Power
• Supported recovery methods
• Supported backup options
• management
Veeam Agent Linux x86

• no-snap support
Security and Compliance
Malware Detection
Threat Center Dashboard
overview & backup heatmap & job calendar
• Requires Veeam Data Platform Advanced for data collection

Keep In Mind
Protect your production

environment
because it’s “too late”
when finding encrypted data

or malware in backups!
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Malware Scenarios General Overview
Scenario 1 Scenario 2 Scenario 3 Scenario 4

Sleeping malware Malware encrypting data Malware encrypting Remote encryption
but not deleting itself data and deleting itself via SMB / NFS
or only in memory
Malware Detection Overview (Scenario 1 & 2)
aka “finding malware binaries”
• Secure restore (since 2019)

• Anti-virus scan during restore
• Backed by security vendor
New in version 12.1

• On-demand and automatic
• anti-virus scans
• YARA scans
• find malware binary via guest-index scan
Malware Detection Overview (Scenario 2-4)
aka “finding malware activity”
What?
• Find encrypted data and ransom notes
• Scalable: all machines scanned by backup proxies
• Since 2020: “suspicious incremental backup size”
Veeam ONE alarm
Proxy
How?
• AI / ML model performing inline entropy analysis
• Inline text content analysis Repository
• Compare file system indexes after backup finished
Finding
Encrypted Data
And
Ransomware
Traces
e rs.
Inline Malware Detection Overview
Flag infected backups
Backup Server
Send metadata
Proxy
Backup data Store data

Tue. Tue. Wed.
08.00am 09.00pm 08.00am
AI /ML Inline
detection
Backup Repository
Inline Malware Detection
encryption detection & text analysis
• analyzes block-level data during backup
Find Encrypted Data Via Entropy Analysis
• AI / ML model running on proxies

• Detects encrypted data during
backup
• 5 sensitivity levels
• Marks backup “suspicious” if positive
• Requires full read after activation to

learn “base line”
• 25-30% CPU load increase on proxy
(value might change later in development)
How Encryption Detection Works
During backup
• Collect metadata & statistics
• “Magic” value calculation
After backup
• Store malware metadata file in VBRcatalog
• Compare current & previous malware metadata
AI / ML Decision Factors (Simplified)
• Cross-correlation between current & historic values

• High score of combined values = suspicious
Example values for calculations

• Incremental backup size
• Encryption (absolute size & percent)
• Compression
• Magic decrement (removed data)
• Magic encryption (newly encrypted data)
• Ransom notes found (explanation next section)
Inline Malware Scan: Text Analysis
Why?
• Find ransomware notices nobody noticed yet
What?
• Onion links & ransom notes
How?
• Analyze text documents and find onion links
• onion link has 56 symbols: [2-7] and [a-z]
+.onion
Enabling Inline Scans For Large Environments
Problem: overload due to full read
Workaround: add all machines to malware

exclusions and remove (few) hundred per day
PowerShell cmdlets available

System Requirements Inline Scan
• VMware vSphere & Cloud Director, Hyper-V

• Windows & Linux
• Managed by server Veeam Agent for

Windows (incl. cloud native)
• File systems: NTFS, ext4

Find Encrypted Files And Malware Binaries
with in-guest index detection
• Encrypted files usually have special file name

extension
• 4000+ pre-defined file names extensions
• Dynamic detection of unknown extensions
*.psr not in
• Find known malware binary names pre-defined index!
• E.g., Petwrap.exe
Guest Index Scan Extension Configuration
File extension updated via internet

• File is signed to avoid manipulations
• Daily check
Offline update possible
Custom extension configuration possible

• XML import / export possible
System Requirements In-Guest Index Scan
• VMware vSphere & Cloud Director, Hyper-V

• Windows & Linux
• Managed and standalone Veeam Agent for

Windows
• File systems: all*

Finding Malware
Binaries
With
Antivirus And
YARA Scans
e rs.
What Are YARA Rules?
https://github.com/Yara-Rules/rules/blob/master/malware/APT_Black energy .yar
• Signature based detection

• Yes / no result
• Anyone can write rules
• Not a silver bullet
• Can be used to find “anything”

e.g. credit card numbers
smaller 250KB
Windows binary All $s conditions

Automated Malware & Content Scans
via SureBackup (without Virtual Labs)
Antivirus and / or YARA scan

• No virtual lab configuration!
Scan entire backup job

(exclusions possible) or specific
machines
Scan happens on mount server

SureBackup With Content / Malware Scans
• Classic SureBackup with Virtual Lab

• Supports YARA and / or antivirus scans
On-Demand Scan For Malware & Content
in Backups section
On-Demand Scan For Malware & Content
Find (last) clean backup(s)

• Search backwards every backup
Find clean backup in range

• Twist: Optimized binary search
Find content (e.g., credit card numbers)

• Scans all backups
YARA Scan Details
• Scan happens on mount server

Malware Events
Triggered by
• Inline scan
• Guest-index scan
• SureBackup: scheduled jobs
• SureBackup: scan now
• Secure Restore
• Incident API
Visible in History -> Malware Detection
e rs.
Get Notified About Infections
• Optional: Email, Syslog, SNMP

• Always enabled: Windows Event Log
Easily Spot Issues In User Interface
• History -> Malware Detection -> Events
• Inventory -> Malware Detection
• Inventory -> Virtual Infrastructure
• Home -> backups / copy / tape / etc.
• All restore windows
• Everywhere ☺
How To Handle “False Events”
• Mark workload clean in Inventory
• Mark backup clean / infected in Backups

Investigate After An Event Triggered
• Scan backup with YARA / Antivirus

• File level recovery
• Publish disk to 3rd party
investigation tool
External
Integrations
Via “Incident
API”
e rs.
Mark & Protect Your Data With Incident API
• 3rd parties can notify Veeam

about an attack via REST API
• Optional: trigger backup
Use-case
• Last known good backup based
on external partners
• Malware found in production ->
Perform Quick-Backup
Trigger Infection From 3rd Party
• Veeam Backup & Replication finds “right” workload based on

parameters passed
{ "detectionTimeUtc": "2023-09-13T14:18:16.183Z",
"machine": {
"fqdn": “FileServer22.lab.local",
"ipv4": “10.10.20.100",
"ipv6": "fd00:ac19:0:18a4:0:4a2f:8d31:e0e8",
"uuid": "9C093942-4AEB-89E5-E30D-063AA4809A0C"
},
"details": “Ransomware XYZ spotted",
"engine": “My Antivirus Software"
}
Security & Compliance
General improvements
Key Management
System Support
Why?
Increase security with regular password changes
Centralized password management
What?
Encryption passwords
How?
KMIP protocol VBR <-> key management server
Caution
Enable Enterprise Manager “password loss
protection” to avoid chicken / egg problems!
e rs.
Better Integration With SIEM Systems
with RFC 5424 syslog support (UDP, TCP, TLS)
Configuration Example output
Protect Against Accidental Backup Deletions
with Four-eyes authorization
• Approval by second Backup
Administrator needed
• Reject own requests possible
Four-Eyes Authorization Event Reporting
• Veeam history & Windows event log

• E-Mail
Security & Compliance Analyzer
Renamed & new features

- Password requirements
- Configuration backup encryption
- Outdated TLS versions
- Reverse Incremental deprecated
- And many more ☺
Runs by schedule (instead manual)

Removed “Files” Tab For Non-Admin Users
Why?
• Non-admins don’t need “files” tab
Background
• “Files” tab was “version 1” of the
product ☺
Warning On Short Encryption Passwords
Minimum 12 characters required

Security & Compliance
Immutability improvements
Dell Data Domain Retention Lock Support
• Protocol: DDBoost
• Compliance mode required / automatic retention lock “off”
• Same concept as Veeam Hardened Repository

• Can be enabled on existing repositories
HPE StoreOnce Catalyst Copy Immutability
(catalyst immutability available since V12)
• Repository settings apply

• Same concept as
Hardened Repository
(GFS restore points are
immutable for entire
retention)
Make Service Provider Lives Easier
with Object Lock Governance Mode
Why?
• Canceled contracts before immutability ends
• Deleting immutable data complicated
Solution
• Governance mode allows deletion
• Registry key: S3GovernanceImmutabilityMode
AWS S3 / S3 Global setting on backup server
Object Lock • Affects all immutable object storage
Governance repositories
Mode Limitations • Jobs to previous existing immutable
repositories will fail when enabled
Requires new immutable

repositories
• Start with a new backup server or
remove existing immutable repository
from job configuration
• Recovery from old immutable
repository still possible
e rs.
Configuration Backup Immutability
on object storage
Consistent Immutability In SOBR
• Pre-upgrade checks cover non-compliant setups

• Migrate before 12.1 if mixing Hardened Repository with non-
Hardened Repositories settings is required!
Time Step Detection For Hardened Repository
Why?
• Popular demand
What
• Backups stay immutable forever with wrong time
• Time steps larger 24h create “warning”
• ImmutabilityAttributeConsoleSeverity
defines „error“ vs. „warning“
Good to know!
• NTP clients ignore big time steps per default
Time Step Detection In Action
• Job status: warning

• Backups stored without immutability (calculations based on wrong
time make no sense)
Backup Of
Object Storage
Restore Options For Object Storage
• Entire bucket restore

• Prefix / folder restore
• “point in time” restore
• Object level restore
• Restore to different object storage

type (e.g., S3 to Azure Blob or SMB)
• Metadata / permissions skipped due to
different format
Flexible Object Restore
• Show changed objects
• “Copy to” Windows hosts, NAS shares or object storage
• Attributes tied of source get lost when changing technology

• Restore to point in time does not delete new objects
Add Object Storage As Source To Inventory
Supported Platforms
• Amazon S3
• Microsoft Azure Blob
• S3 compatible storage
• Region is optional for S3 compatible

• Azure EntraID supported
• Windows & Linux proxies supported
Create Backup Job
• Sources
• Entire account
• Bucket
• Prefix / folder
• Object
• Exclusions possible
• Versioning enabled: current

version of object backed up
Flexible Include & Exclude Options
• Veeam prefix / folder excluded automatically

• Note: everything is case sensitive!
Simplified Technical Scheme
Management
Source
Proxies Backup Server Veeam ONE
Amazon S3
copy / move
Short Term Archive

S3 Compatible
Retention Repository
Azure Blob
Coordinator &
Secondary
Cache Repository
Copy
Change Object Tracking
• Same concept as NAS backup

changed file tracking
• CRC tree on cache repository
• ETag (hash) & modification

date for change
• One enumeration per backup

run only
Frequently
Asked Questions
Q: Why is there no progress bar?

A: The progress bar costs too many API
calls (= real costs in public clouds) and
had negative impact on performance.
Processed number of objects shown.
Q: How does licensing work?
A: Same as NAS backup. 500GB per
Veeam Universal License (VUL)
e rs.
Applications Integrations
Db2 Support On AIX & Linux
• Db2 versions: 10.5, 11.1, 11.5

• Standard & Advanced edition (no community)
• Operating systems: Linux x86_64, AIX*
• Standalone, HADR and failover clusters

• Cluster management software
• PowerHA (AIX), TSA, Pacemaker (Linux)
*everything on IBM compatibility matrix

Db2 Feature Set Summary
• Database admin driven native backup

• Online / offline / incremental / log
backup & restore
• Immutability on Hardened Repository,
StoreOnce & Data Domain
• Capacity tier (copy, move, copy + move)
• Backup copy job
Db2 Backup On Database Server
• Like Oracle & SAP HANA configuration
Db2 Backup Visibility In Backup & Replication
Optional E-Mail Notifications
PluginEmailNotifications registry key to enable

Db2 Backup Architecture Overview
Plug-in manager
Backup Server
Source Data Target Data

Mover Mover
DB2plugin.so
Repository
Db2 Server
Management traffic
Data flow
Backup Immutability
• Immutability applied after file closed (up to 24h)
• Same concept as SQL / Oracle / PostgreSQL log backup with Application
Aware Image Processing (AAIP) enabled / other plugins
Incr/log
Incr/log
Data stream Incr/log
Db2
Full
.vab
Backup file
Frequently
Asked Questions
Q: Why is only logarchmeth1

offered in the wizard and not
logarchmeth2?
A: Logarchmet1 is always used.
logarchmet2 is optional. We simplified
the wizard. logarchmet2 is supported
(manual configuration)
e rs.
Keep In Mind
Db2 Plugin
― No direct backup to object storage

― Immutability applied after 24h
― No central management / rollout
e rs.
SAP HANA On IBM Power
• Standalone plug-in
• SAP certified
• Standalone & Scale-Out systems
• SLES only in 12.1 planned

• RHEL planned after 12.1
SAP HANA On IBM Power Features Summary
• Database admin driven native backup

• Online / offline / incremental / log
backup & restore
• Immutability on Hardened Repository,
Capacity Tier, StoreOnce & Data Domain
• Capacity tier (copy, move, copy + move)
• Backup copy job
Keep In Mind
SAP Hana On
Power Plug-in
― No direct backup to object storage
― Immutability applied after 24h
― No central management / rollout
e rs.
Easily Restore SAP HANA Databases
with the Veeam Explorer for SAP HANA
Restore to:
• Latest state
• Point-in-time
• Different server
How It Works In The Background
SAP HANA
plug-in
SAP HANA
Veeam Explorer server
Data Mover
http / https
Veeam Explorers Data Mover

Recovery Service
Workflow:
1. HDBSQL command sent
Repository 2. Plug-in is started
Veeam Server
3. Data movers restore data
Management traffic Restore traffic

SAP HANA
Explorer: Keep
In Mind
― Plug-in must be installed &
configured on target server
― Supports SAP HANA 2.0 SPS 02
and newer
― Supports only 12.1 backups
― Restore to older SAP HANA SPS
unsupported
― HTTPS requires SAP Common
Crypto Library installed on backup
server
e rs.
Restore PostgreSQL Instances In Seconds
with instant recovery
• Latest state
• Point-in-time
• Different server
• Smart switchover
Architecture & Restore Workflow
Restored
PostgreSQL
instance
Veeam Explorer Server
1. Publish instance
2. Duplicate instance
3. Configure PostgreSQL Published
instance
streaming replication
4. Restore data and sync
changes
5. Switch over
6. Drop published
instance
Veeam Explorers
Recovery Service
Veeam Server Repository
Mount server
Management traffic Mount Restore traffic Streaming replication

Keep In Mind
PostgreSQL
Instant Recovery
― Instance level restore (not

databases)
― PostgreSQL version must be same
on source and target
e rs.
Restore PostgreSQL Databases Via Export
Challenge
• Veeam Explorer only allows
Instance restore
Solution
• Export to pg_dump format and
restore with pg_restore
Options
• Latest state or “point in time”
• Native compression support
• Export via staging server or
published instance
Continuous Data
Protection (CDP)
Test CDP Replica Recoverability
with SureReplica
• Ensure disaster recovery

really works
• Replication continues during
failover tests
• Failover, antivirus, YARA scan
& CRC check
• Comprehensive reporting in
Veeam Recovery Orchestrator
Protect More VMs Than Ever With CDP
• Maximum protected disks increased by 3.5x

• 12: 2000 disks
• 12.1: 7000 disks
• Use multiple backup servers to scale higher

Recover Files You Deleted Seconds Ago
• Recover files from CDP replica from any restore point

Comfortable Application Restore
with Veeam Explorers
• From application-consistent long-term CDP restore points
• All options like “from backup” except “point-in-time” database restore
Seamless Migrations With “Planned Failover”
• Migrate in case of planned power outage, hurricane, etc.

• Zero data loss
• VM gets powered off before failover
Other CDP Features
• Change disk type for initial

configuration
• Traffic intensity in point-in-

time failover wizard
Keep In Mind
CDP
― No creation of long-term restore

points and no retention processing
during SureReplica execution
― Manual failover stops replication
(as opposed replica tests)
• during failover, the source VM does
not exist / is offline
e rs.
NAS Backup
NetApp ONTAP FlexGroup support
• Veeam vSphere Storage Integration & NAS backup
FlexVol volumes
Note: Adding new FlexVol to existing FlexGroup prevents restore from existing snapshots of that FlexGroup (Netapp limitation).
Smart Load Balancing For Isilon & NetApp
DELL PowerScale / Isilon “SmartConnect”

support
Netapp Clusters with load balancing

Simplify NAS Backup Restores
with “compare with production” and “restore changed only”
• NAS backup & object storage backup
More Flexibility For Includes / Excludes
• File or folder masks include examples

• Import / export possible
Tape Support
IBM 3592 / Jaguar Tape Support
• Same functionality as LTO
• LTO and 3592 cannot be

mixed within one media pool
Microsoft DFS Support For File-To-Tape
(DFS = Distributed File System)
Problem
• File-to-tape jobs did
not follow DFS links
Solution
• Support for DFS ☺
Picture from https://learn.microsoft.com/de-de/windows-server/storage/dfs-namespaces/dfs-overview

Improved Include & Exclude Masks
• File / path / object types

• Import / export for big
configurations
Direct From Object Storage To Tape Backup
• Entire bucket
• Prefixes / folders
• Specific object(s)
Restore Object Storage Data From Tape
• Entire bucket
• Prefixes / folders
• Specific object(s)
Object Storage Directly To Tape
Object Storage Tape

Object Storage To Tape
1. Tape Server(s) read files from object storage
2. Configuration database stores index / catalog
3. Files stored on tape (Microsoft tape format)
4. Retention applied “per tape” (regular active full required)
Configuration
Database
Tape
Object Storage Tape Server(s) Drive(s)
Primary and secondary
Storage Integrations
NetApp ONTAP FlexGroup support
• Veeam vSphere Storage Integration & NAS backup
FlexVol volumes
Note: Adding new FlexVol to existing FlexGroup prevents restore from existing snapshots of that FlexGroup (Netapp limitation).
Improved Snapshot Processing
on IBM Storwize / SVC / FlashSystem
Old method: FlashCopies New: Snapshots
visible and
usable as
volumes
• IBM Storage OS 8.5.1 or later

• Fallback to FlashCopies for older software versions
• Restore from FlashCopies still possible
Cisco HyperFlex Spanned Datastore Support
• HX 4.5.1 Cisco supports VMs residing on spanned datastores
Virtual disk 1 Virtual disk 2
vSphere datastores
On-Prem Archive Tier Support
Why?
MoveGFS
move GFS
• Cost savings with tape restorepoints
restore points
How?
S3 Glacier
• Via Smart Object Storage API for Amazon S3 compatible
compatible
S3 Glacier compatible systems storage
storage
Vendors
• PoINT (confirmed for launch)
• Quantum (TBC)
• SpectraLogic (TBC)
Dell Data Domain Retention Lock Support
• Protocol: DDBoost
• Compliance mode required / automatic retention lock “off”
• Same concept as Veeam Hardened Repository

• Can be enabled on existing repositories
HPE StoreOnce Catalyst Copy Immutability
(catalyst immutability available since V12)
• Repository settings apply

• Same concept as
Hardened Repository
(GFS restore points are
immutable for entire
retention)
Object Storage
(as backup target)
Health Checks For Capacity Tier
What?
• It’s cheap: check existence
of objects instead reading
entirely
Good to know
• Object storage vendors
usually provides 11 nines
durability
• Health check enabled per
default (new installations)
Object Storage Performance Improvements
1. Faster deletions
2. Faster rescan
3. Faster import
Save Costs Google Coldline Storage Class
• Same concept as AWS S3 “Infrequent Access”

• 90 days minimum duration
• Adds retrieval fees
Increased Security For Azure Blob Storage
with EntraID (Azure AD) authentication
• Azure AD account / Application registration support
• Account / shared key stays supported
Faster Restore With Azure Cold Tier
• Online tier minimum 90 days duration

• Costs between cool and archive tier
• Use as “archive tier” in Scale Out
Repository
On-Prem Archive Tier Support
Why?
MoveGFS
move GFS
• Cost savings with tape restorepoints
restore points
How?
S3 Glacier
• Via Smart Object Storage API for Amazon S3 compatible
compatible
S3 Glacier compatible systems storage
storage
Vendors
• PoINT (confirmed for launch)
• Quantum (TBC)
• SpectraLogic (TBC)
Agent Management
Improved AIX & Solaris Agent Management
• Deploy, update, remove agent

• Start & stop jobs
• Recovery token support for bare metal recovery
• Removed cron dependency (built-in scheduler)
GFS For AIX, MAC & Solaris Agents
• Standalone centrally managed

agents
• Requires “active full” (except
MAC agent with object storage)
Direct File Restore To AIX & Solaris
• No manual copy needed anymore

• Uses helper appliance (same as earlier versions)
GFS & Improved Monthly Schedule
for AIX, MAC & Solaris agents
Veeam Agents for Linux
on IBM Power
Restore Options Veeam Agent For Linux
on Power
• File level recovery to original &
other hosts (incl. cross-platform)
• Twist: Source machine allowed as
mount host
• Disk publish
• Bare metal restore
• Volume level restore
Backup Options Veeam Agent For Linux
on Power
Block-Level
• Only snapshot-based (LVM & BTRFS)
• Volume-based or „entire machine“
File-level
• Snapshot-less & Snapshot-based
Applications
• Via pre- / post-script
Backup Targets For Veeam Agent For Linux
on Power
Supported
• Veeam Backup & Replication Repositories
• including deduplication appliances &
object storage
• Shared folders
• Local storage
Unsupported
• Cloud Connect
Management From Backup & Replication
• Protection groups with pre-installed agent (aka “catch-all”)
• Job status visibility
• Indexing & search via Enterprise Manager
Keep In Mind
Veeam Agent for
Linux on Power
― No change block tracking (CBT)

― Only BTRFS & LVM snapshots
supported (no kernel module)
― If snapshot script cannot be used, it
will silently be skipped
― Unsupported
― ISO patching
― Veeam Cloud Connect
e rs.
Veeam Agents for AIX & Solaris
Simplified Restore
with local recovery Console
• For beta use “veeamconfig ui” command
• “veeam” in GA version (same as Linux agent)
Secure Bare Metal Restore
with recovery tokens
• One-time password
• Access to one backup
Exclude Directories During Bare Metal Restore
Other Features For AIX & Solaris Agents
AIX
• Faster backups through support for
hardware accelerated CRC
• Recovery media in OVA format
(required for IBM Cloud, no ISO support)
Solaris
• Reconnect after network outage
• ZFS compression support
• More accurate backup size estimations
SureBackup
Improvements
SureBackup: NSX-T Support
SureBackup: Exclude VMs From Linked Jobs
Finally, it’s available ☺

SureBackup: Scale Without Manual Scripting
Challenge
• Testing hundreds machines takes too
longs and conflicts with backup jobs
Workaround before V12.1

• Script that creates application groups
to test all machines
• Many small jobs
Solution in V12.1
• Process randomly selected VM
PowerShell & REST API
More PowerShell Coverage
• Support for new functionality

• Security & compliance analyzer, malware detection,
object storage backup, SureBackup, YARA, KMS,
syslog, CDP FLR, object to tape etc.
• Get backup server version + patch level
• Get restore points from capacity- and archive tier

PowerShell Object Storage Backup
new cmdlets while maintaining backward compatibility
v12: v12.1:
Get-VBRNASServer Get-VBRUnstructuredServer
Remove-VBRNASServer Remove-VBRUnstructuredServer
etc. etc.
v12: v12.1:
Get-VBRNASBackupJob Get-VBRUnstructuredBackupJob
Remove-VBRNASBackupJob Remove-VBRUnstructuredBackupJob
etc. etc.
REST API File Level Recovery
supported scope
To original To other
location
Windows Yes No
agent
Linux Yes Yes
agent
vSphere Yes Yes
New Inventory Browser
• Simplifies platform support New

• Shortens specification
• New filtering interface
Deprecated
More REST API Coverage
• vSphere replica
• Cloud Director backup job
• Cloud Director VM restore (no vApp)
• Malware event creation / Incident API
• Key Management Servers
• Syslog settings
Future Of Enterprise
Manager REST API
• Cloud Connect features are in

Service Provider Console API
• Stopped adding features
• Support for existing features will
stay (including bugfixes)
• Evaluation how to offer central API
endpoint to manage multiple VBRs
e rs.
Future Plans Backup
& Replication native
REST API
• Focus area
• Reach parity with UI & PowerShell
e rs.
Other Useful Features
VeeamONE Analytics In Backup Console
• Threat Center, backup overview, heatmaps, job calendar

Simplified Unattended Installation
Before
• 300 lines PowerShell code
V12.1
• One command + 20 lines XML file
• Separate XMLs for
• Backup Server
• Enterprise Manager
• Console
• Commented examples:
• ISO:\Setup\Silent\AnswerFiles
Automatically Restore Configurations
for standby / disaster recovery backup servers
generate answer file

• Veeam.Backup.Configuration.Unattended
Restore.exe /generate:C:\answer.xml
• export from configuration restore wizard
schedule restore command

• Veeam.Backup.Configuration.Unattended
Restore.exe /file:c:\answer.xml
Veeam AI Online Assistant
Why?
• Find answers easier
What?
• Large language model trained with
“Veeam focus”
• Source links usually provided
automatically
• Use same cautions as with ChatGPT
etc.
Mount Backups To Any Machine From Console
(no PowerShell needed anymore)
Use-Cases
• Instant access for
application owners
• Incident response team
access for investigations
• 3rd party data mining
• Easier to use than
PowerShell
Move Backups Fast On Same Volume
Problem
• V12 did “copy” & “delete” instead of “move”
Solution
• Use file system “move” on same volume
Define Your Own Retentions
for VeeamZip, Export backup, Move / copy backup
C:\Program Files\Veeam\Backup and Replication\Backup\Config\Retention\AutodeleteRetention.json
License From Veeam.com During Installation
Enterprise Manager Enhancements
• Backup server patch level visible
• “Clone job” works with any edition
• “Managed by Agent” policies visible
• Improved jobs filters list
• Unstructured Data jobs, sessions & restore

VDP V12.1 Whats New

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VDP V12.1 Whats New

Uploaded by

Copyright:

Available Formats

Veeam Backup & Replication 12.

That information might be too much otherwise…

Security And Compliance Improvement Applications and integrations

Veeam Agent for Linux

Veeam Agent Linux x86

• Requires Veeam Data Platform Advanced for data collection

Protect your production

because it’s “too late”

when finding encrypted data

Scenario 1 Scenario 2 Scenario 3 Scenario 4

• Secure restore (since 2019)

New in version 12.1

Backup data Store data

• AI / ML model running on proxies

• Requires full read after activation to

• Cross-correlation between current & historic values

Example values for calculations

Problem: overload due to full read

Workaround: add all machines to malware

PowerShell cmdlets available

• VMware vSphere & Cloud Director, Hyper-V

• Managed by server Veeam Agent for

• File systems: NTFS, ext4

• Encrypted files usually have special file name

File extension updated via internet

Offline update possible

Custom extension configuration possible

• VMware vSphere & Cloud Director, Hyper-V

• Managed and standalone Veeam Agent for

• File systems: all*

• Signature based detection

• Can be used to find “anything”

Windows binary All $s conditions

Antivirus and / or YARA scan

Scan entire backup job

Scan happens on mount server

• Classic SureBackup with Virtual Lab

Find (last) clean backup(s)

Find clean backup in range

Find content (e.g., credit card numbers)

• Scan happens on mount server

Visible in History -> Malware Detection

• Optional: Email, Syslog, SNMP

• Mark backup clean / infected in Backups

• Scan backup with YARA / Antivirus

• 3rd parties can notify Veeam

• Veeam Backup & Replication finds “right” workload based on

• Veeam history & Windows event log

Renamed & new features

Runs by schedule (instead manual)

Minimum 12 characters required

• Same concept as Veeam Hardened Repository

• Repository settings apply

Requires new immutable

• Pre-upgrade checks cover non-compliant setups

• Job status: warning

• Entire bucket restore

• Restore to different object storage

• Attributes tied of source get lost when changing technology

• Region is optional for S3 compatible

• Versioning enabled: current

• Veeam prefix / folder excluded automatically

Proxies Backup Server Veeam ONE

Short Term Archive