Professional Documents
Culture Documents
1
What’s New
Hannes Kasparick
Principal Analyst, Product Management
hannes.kasparick@veeam.com
“Internal Only” Classified Slides
“internal only” slides are for SEs to better understand the technology.
Please only use them in 1:1 sessions where you know the engineers.
internal only
How To Use The Slides
• If things are missing / not clear / typos, please contact (email, teams)
Hannes Kasparick to improve the slides
• Slides will permanently be updated without further notification
• You can check differences between versions with PowerPoint “Compare”
functionality
• There is a HOME button at the end of every section that brings you back to
the table of contents slide. This happens automatically in presentation mode
• Shorturl: https://vee.am/v121deck Home Button
Table Of Contents (Presentation Mode)
Public Features List (can be used for events)
All other features: only in 1:1 conversations until 24th October 2023
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Malware Scenarios General Overview
And
Ransomware
Traces
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Inline Malware Detection Overview
Flag infected backups
Backup Server
Send metadata
Proxy
AI /ML Inline
detection
Backup Repository
Inline Malware Detection
encryption detection & text analysis
• analyzes block-level data during backup
Find Encrypted Data Via Entropy Analysis
During backup
• Collect metadata & statistics
• “Magic” value calculation
After backup
• Store malware metadata file in VBRcatalog
• Compare current & previous malware metadata
AI / ML Decision Factors (Simplified)
Why?
• Find ransomware notices nobody noticed yet
What?
• Onion links & ransom notes
How?
• Analyze text documents and find onion links
• onion link has 56 symbols: [2-7] and [a-z]
+.onion
Enabling Inline Scans For Large Environments
• E.g., Petwrap.exe
Guest Index Scan Extension Configuration
With
Antivirus And
YARA Scans
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
What Are YARA Rules?
https://github.com/Yara-Rules/rules/blob/master/malware/APT_Black energy .yar
Triggered by
• Inline scan
• Guest-index scan
• SureBackup: scheduled jobs
• SureBackup: scan now
• Secure Restore
• Incident API
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Get Notified About Infections
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Mark & Protect Your Data With Incident API
Use-case
• Last known good backup based
on external partners
• Malware found in production ->
Perform Quick-Backup
Trigger Infection From 3rd Party
{ "detectionTimeUtc": "2023-09-13T14:18:16.183Z",
"machine": {
"fqdn": “FileServer22.lab.local",
"ipv4": “10.10.20.100",
"ipv6": "fd00:ac19:0:18a4:0:4a2f:8d31:e0e8",
"uuid": "9C093942-4AEB-89E5-E30D-063AA4809A0C"
},
"details": “Ransomware XYZ spotted",
"engine": “My Antivirus Software"
}
Security & Compliance
General improvements
Key Management
System Support
Why?
Increase security with regular password changes
Centralized password management
What?
Encryption passwords
How?
KMIP protocol VBR <-> key management server
Caution
Enable Enterprise Manager “password loss
protection” to avoid chicken / egg problems!
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Better Integration With SIEM Systems
with RFC 5424 syslog support (UDP, TCP, TLS)
Configuration Example output
Protect Against Accidental Backup Deletions
with Four-eyes authorization
• Approval by second Backup
Administrator needed
• Reject own requests possible
Four-Eyes Authorization Event Reporting
Why?
• Non-admins don’t need “files” tab
Background
• “Files” tab was “version 1” of the
product ☺
Warning On Short Encryption Passwords
• Protocol: DDBoost
• Compliance mode required / automatic retention lock “off”
Solution
• Governance mode allows deletion
• Registry key: S3GovernanceImmutabilityMode
AWS S3 / S3 Global setting on backup server
Object Lock • Affects all immutable object storage
Governance repositories
Mode Limitations • Jobs to previous existing immutable
repositories will fail when enabled
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Configuration Backup Immutability
on object storage
Consistent Immutability In SOBR
What
• Backups stay immutable forever with wrong time
• Time steps larger 24h create “warning”
• ImmutabilityAttributeConsoleSeverity
defines „error“ vs. „warning“
Good to know!
• NTP clients ignore big time steps per default
Time Step Detection In Action
Supported Platforms
• Amazon S3
• Microsoft Azure Blob
• S3 compatible storage
• Sources
• Entire account
• Bucket
• Prefix / folder
• Object
• Exclusions possible
Source
Amazon S3
copy / move
Azure Blob
Coordinator &
Secondary
Cache Repository
Copy
Change Object Tracking
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Applications Integrations
Db2 Support On AIX & Linux
DB2plugin.so
Repository
Db2 Server
Management traffic
Data flow
Backup Immutability
• Immutability applied after file closed (up to 24h)
• Same concept as SQL / Oracle / PostgreSQL log backup with Application
Aware Image Processing (AAIP) enabled / other plugins
Incr/log
Incr/log
Data stream Incr/log
Db2
Full
.vab
Backup file
Frequently
Asked Questions
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Keep In Mind
Db2 Plugin
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
SAP HANA On IBM Power
• Standalone plug-in
• SAP certified
• Standalone & Scale-Out systems
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Easily Restore SAP HANA Databases
with the Veeam Explorer for SAP HANA
Restore to:
• Latest state
• Point-in-time
• Different server
How It Works In The Background
SAP HANA
plug-in
SAP HANA
Veeam Explorer server
Data Mover
http / https
Workflow:
1. HDBSQL command sent
Repository 2. Plug-in is started
Veeam Server
3. Data movers restore data
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Restore PostgreSQL Instances In Seconds
with instant recovery
• Latest state
• Point-in-time
• Different server
• Smart switchover
Architecture & Restore Workflow
Restored
PostgreSQL
instance
Veeam Explorer Server
1. Publish instance
2. Duplicate instance
3. Configure PostgreSQL Published
instance
streaming replication
4. Restore data and sync
changes
5. Switch over
6. Drop published
instance
Veeam Explorers
Recovery Service
Veeam Server Repository
Mount server
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Restore PostgreSQL Databases Via Export
Challenge
• Veeam Explorer only allows
Instance restore
Solution
• Export to pg_dump format and
restore with pg_restore
Options
• Latest state or “point in time”
• Native compression support
• Export via staging server or
published instance
Continuous Data
Protection (CDP)
Test CDP Replica Recoverability
with SureReplica
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
NAS Backup
NetApp ONTAP FlexGroup support
FlexVol volumes
Note: Adding new FlexVol to existing FlexGroup prevents restore from existing snapshots of that FlexGroup (Netapp limitation).
Smart Load Balancing For Isilon & NetApp
Problem
• File-to-tape jobs did
not follow DFS links
Solution
• Support for DFS ☺
• Entire bucket
• Prefixes / folders
• Specific object(s)
Restore Object Storage Data From Tape
• Entire bucket
• Prefixes / folders
• Specific object(s)
Object Storage Directly To Tape
Configuration
Database
Tape
Object Storage Tape Server(s) Drive(s)
Primary and secondary
Storage Integrations
NetApp ONTAP FlexGroup support
FlexVol volumes
Note: Adding new FlexVol to existing FlexGroup prevents restore from existing snapshots of that FlexGroup (Netapp limitation).
Improved Snapshot Processing
on IBM Storwize / SVC / FlashSystem
visible and
usable as
volumes
vSphere datastores
On-Prem Archive Tier Support
Why?
MoveGFS
move GFS
• Cost savings with tape restorepoints
restore points
How?
S3 Glacier
• Via Smart Object Storage API for Amazon S3 compatible
compatible
S3 Glacier compatible systems storage
storage
Vendors
• PoINT (confirmed for launch)
• Quantum (TBC)
• SpectraLogic (TBC)
Dell Data Domain Retention Lock Support
• Protocol: DDBoost
• Compliance mode required / automatic retention lock “off”
What?
• It’s cheap: check existence
of objects instead reading
entirely
Good to know
• Object storage vendors
usually provides 11 nines
durability
• Health check enabled per
default (new installations)
Object Storage Performance Improvements
1. Faster deletions
2. Faster rescan
3. Faster import
Save Costs Google Coldline Storage Class
Why?
MoveGFS
move GFS
• Cost savings with tape restorepoints
restore points
How?
S3 Glacier
• Via Smart Object Storage API for Amazon S3 compatible
compatible
S3 Glacier compatible systems storage
storage
Vendors
• PoINT (confirmed for launch)
• Quantum (TBC)
• SpectraLogic (TBC)
Agent Management
Improved AIX & Solaris Agent Management
File-level
• Snapshot-less & Snapshot-based
Applications
• Via pre- / post-script
Backup Targets For Veeam Agent For Linux
on Power
Supported
• Veeam Backup & Replication Repositories
• including deduplication appliances &
object storage
• Shared folders
• Local storage
Unsupported
• Cloud Connect
Management From Backup & Replication
• Protection groups with pre-installed agent (aka “catch-all”)
• Job status visibility
• Indexing & search via Enterprise Manager
Keep In Mind
Veeam Agent for
Linux on Power
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Veeam Agents for AIX & Solaris
Simplified Restore
with local recovery Console
• For beta use “veeamconfig ui” command
• “veeam” in GA version (same as Linux agent)
Secure Bare Metal Restore
with recovery tokens
• One-time password
• Access to one backup
Exclude Directories During Bare Metal Restore
Other Features For AIX & Solaris Agents
AIX
• Faster backups through support for
hardware accelerated CRC
• Recovery media in OVA format
(required for IBM Cloud, no ISO support)
Solaris
• Reconnect after network outage
• ZFS compression support
• More accurate backup size estimations
SureBackup
Improvements
SureBackup: NSX-T Support
SureBackup: Exclude VMs From Linked Jobs
Challenge
• Testing hundreds machines takes too
longs and conflicts with backup jobs
Solution in V12.1
• Process randomly selected VM
PowerShell & REST API
More PowerShell Coverage
v12: v12.1:
Get-VBRNASServer Get-VBRUnstructuredServer
Remove-VBRNASServer Remove-VBRUnstructuredServer
etc. etc.
v12: v12.1:
Get-VBRNASBackupJob Get-VBRUnstructuredBackupJob
Remove-VBRNASBackupJob Remove-VBRUnstructuredBackupJob
etc. etc.
REST API File Level Recovery
supported scope
To original To other
location
Windows Yes No
agent
Linux Yes Yes
agent
vSphere Yes Yes
New Inventory Browser
Deprecated
More REST API Coverage
• vSphere replica
• Cloud Director backup job
• Cloud Director VM restore (no vApp)
• Malware event creation / Incident API
• Key Management Servers
• Syslog settings
Future Of Enterprise
Manager REST API
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Future Plans Backup
& Replication native
REST API
• Focus area
• Reach parity with UI & PowerShell
© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective own
e rs.
Other Useful Features
VeeamONE Analytics In Backup Console
Before
• 300 lines PowerShell code
V12.1
• One command + 20 lines XML file
• Separate XMLs for
• Backup Server
• Enterprise Manager
• Console
• Commented examples:
• ISO:\Setup\Silent\AnswerFiles
Automatically Restore Configurations
for standby / disaster recovery backup servers
What?
• Large language model trained with
“Veeam focus”
• Source links usually provided
automatically
• Use same cautions as with ChatGPT
etc.
Mount Backups To Any Machine From Console
(no PowerShell needed anymore)
Use-Cases
• Instant access for
application owners
• Incident response team
access for investigations
• 3rd party data mining
• Easier to use than
PowerShell
Move Backups Fast On Same Volume
Problem
• V12 did “copy” & “delete” instead of “move”
Solution
• Use file system “move” on same volume
Define Your Own Retentions
for VeeamZip, Export backup, Move / copy backup
C:\Program Files\Veeam\Backup and Replication\Backup\Config\Retention\AutodeleteRetention.json
License From Veeam.com During Installation
Enterprise Manager Enhancements
• Backup server patch level visible
• “Clone job” works with any edition
• “Managed by Agent” policies visible
• Improved jobs filters list
• Unstructured Data jobs, sessions & restore