Recently, Veeam Software, the leading developer of backup and data protection tools for virtual infrastructure, announced a major update of its flagship product – Veeam Backup & Replication v12. The final version of this solution became available for download in February. It won’t hurt to remember that the previous version, Veeam B&R v11, was released in February 2021. That means that Veeam has been working on updating the product for exactly two years, and the result was simply excellent. The description of new features alone (and not just improvements or bug fixes) takes up 29 pages of text without pictures.
Reading through such a document takes a lot of time, not to mention understanding which features will be most useful to you specifically and what way will be the best to apply them in practice. Many bloggers have already written about different aspects of the innovations in Veeam Backup & Replication v12. However, today we will try to summarize new functionalities and highlight 15 truly useful features of the product that can and will improve the daily routine of virtual infrastructure admins.
1. Direct backup to object storage
Our two main functions here are Direct-to-Object and Direct-to-Cloud. The first one allows backups to be sent directly from backup proxies and agents to object storage bypassing intermediate steps. Additionally, if a direct connection to such storage is unavailable, traffic can be redirected through a resilient pool of gateway servers. Moreover, the second implements more efficient direct backup to the cloud, including from Remote Office Branch Office (ROBO) environments.
It is also worth to note that the new Smart Object Storage API (SOSAPI) software interface allows object storage vendors to deeply integrate with Veeam Backup & Replication v12 (for better performance and improved user experience).
2. Enhanced immutability functions
The Immutable backups feature implements means of protecting backups from Ransomware. It is now available in both on-premises and cloud-native workloads and protects backups throughout their storage lifecycle, even from admin-side manipulation. Oh, and by the way, immutability can be not only for backups but also for alarms too, which provides even greater infrastructure protection.
Also, advanced monitoring tools are available for immutability, described here.
In addition to support for backup at the image level, immutability for backups is available for NAS storage, standalone agents, backups in AWS and Microsoft Azure (as well as Azure Blob Storage), and HPE StoreOnce storage. It is also available for transaction logs and enterprise applications via plugins as well.
3. Multi-factor authentication and Best practices analyzer
These advanced security features provide the administrator with two new tools:
- Multi-factor authentication allows access to the console through the two-factor authentication (2FA) feature, which is based on the mechanics of Time-Based One-Time Passwords (TOTP) according to RFC 6238. It can be enabled for individual accounts.
- The Best Practices Analyzer component checks the backup server and product configuration, and then suggests important changes to the administrator that can improve security and chances of successful recovery.
4. PostgreSQL Support
Now, the multi-platform PostgreSQL engine is supported, which allows avoiding limitations of Microsoft SQL Server Express Edition on database size (10 GB). SQL Server Express Edition is still supported, but is no longer included in the Veeam Backup and Replication product.
Here’s a glimpse of what a PostgreSQL database looks like in PGAdmin:
Furthermore, application-aware backup of transaction logs for point-in-time recovery of PostgreSQL databases on Linux is now supported. The same functionality was already available for Microsoft SQL Server and Oracle.
There’s also a new product called Veeam Explorer for PostgreSQL, which allows restoring instances without the need for an administrator with PostgreSQL experience. Any point-in-time state of an instance can be published directly from a backup to a specified Dev/Test server, after which changes made to the published database can be exported or undone.
5. New VeeaMover Engine
With VeeaMover, you can now move data between repositories of different types. You no longer must worry about the type of the source and target repositories – VeeaMover will automatically handle all the work of moving the data.
Moreover, backups now can be easily moved between tasks and all related operations will be performed automatically (for example, working with inclusion and exclusion lists). You can also move the entire backup chain to another location in just a few clicks, while retaining the retention policy (though you can also change it).
6. Backup infrastructure improvements
When switching to rotating media, the disks are automatically cleared of existing old backups. Additionally, users can also continue to use the existing backup chain, and choose one of two options: delete backups that only belong to the current task, or delete all backups on the media.
In v12, the SOBR rebalance function was introduced – you can now rebalance storage consumption at the block and file storage level for Performance Tier extents to even out data distribution between them. This operation should be performed when you want to add a new extent, but it does not need to be performed constantly. The Extent evacuation and SOBR rebalance operations use the new VeeaMover engine we mentioned above to move backups more efficiently between extents.
Also, at the request of users, several internet rules have been added to manage traffic in multi-site and network environments:
Last but not least is the OAuth 2.0 support for email notifications – in addition to authentication through SMTP, the product now supports authorization through the OAuth protocol in Google Gmail and Microsoft 365:
7. Backup and Recovery
Now, new Backup Copy jobs create chains in a new format based on individual VMs (Per-machine backup chains) to ensure compatibility with the new platform functionality. Existing jobs will not be affected by this update.
For Application Groups, there is now an option to automatically disable the Windows Firewall network connection before launching them in a virtual test lab. This is necessary for backups that require testing of the restore process to prevent the firewall from blocking external connections.
And finally, a very useful feature. From now on, you can compare a restore point with the files on the production machine using the updated Backup Browser, which shows which files have been modified or deleted since the selected backup was taken.
In addition, there is now an option to check the differences in attributes of individual files and folders between the backup and production systems on a single screen using a new dialog box:
Another new feature is the ability to restore only access control lists (ACLs) for files and folders. This may be necessary when an admin accidentally changes the permissions on folders and files en masse. It is also worth noting that in v12, it is possible to select a different target machine for direct restore of Windows files (previously only available for Linux). Finally, the improved functionality of Export Backup allows you to select any destination for the exported point, not just the same repository where the original backup was located:
7. Continuous Data Protection (CDP) Improvements
Now the CDP proxy can run on a Linux server, which allows you to save on Windows licenses. In addition to regular backup tasks, you can use any cloud host service provider to perform replication within CDP policies. And you can use replication within Cloud Director instances with instant recovery features for VMs and vApp modules. Also, CDP now provides native support for vVol snapshots, which reduces the number of objects stored there and increases reliability on devices with small limits for scaling vVol volumes.
8. Agent Improvements
In addition to Windows Server, the Protection Group wizard now has an option to install the Veeam changed block tracking (CBT) driver on workstations running Windows 10 or later for faster incremental backups. Also, administrators can generate temporary access keys or recovery tokens that can be given to users for Bare Metal Recovery restore tasks.
Keep in mind that with the release of v12, all available agents for guest OSs have been updated in the solution:
- Veeam Agent for Microsoft Windows
- Veeam Agent for Linux
- Veeam Agent for Mac
- Veeam Agent for AIX
- Veeam Agent for Solaris
9. The Application Plugin
The Protection Group wizard has been improved with additional settings for control over the installation and updates of application plugins on servers included in the group. Now there is information gathering about application topology and detection of Oracle RAC and SAP HANA systems during scanning and rescanning.
Backup policies for applications have a tool to monitor backup processes on each server in real-time, visualize statistics and reports for database and redo-log backups.
There is also the ability to orchestrate backups of Oracle RMAN, SAP HANA, and SAP on Oracle based on policies from the backup console, eliminating the need for manual servicing of plugin configurations and backup scenarios on each database server. And in version 12, the speed of backup and restore with these plugins has increased up to 3 times.
The new plugin for Microsoft SQL Server has been completely revamped and provides deep integration with SQL Server (VDI plugin), allowing for direct backup to the Veeam repository. The VDI plugin uses native means to ensure backup consistency and, unlike snapshot-based backups, is not dependent on Microsoft VSS, which allows backups of different SQL Server configurations, such as Windows Server Failover Clusters with shared volumes.
10. Backup of Containers
K10 instances can now be registered on the backup server, allowing you to view all backup policies for Kubernetes, as well as sessions and backups directly from the backup console, regardless of whether they are stored in Veeam repositories or elsewhere. Editing policies and restore operations redirect the user to the K10 contextual workflow and allow them to complete it through the K10 web UI.
11. NAS backup
Now, once your NAS storage returns online, you can initiate the process of restoring its latest state from backup. This operation is performed in the background without the need for the user to interact with the published file share. The feature is called Migrate to production:
Moreover, file share backup tasks can receive data over SMB more securely and efficiently through the QUIC protocol, and when restoring backups, network bandwidth can be throttled. Protected shares can now be published directly from backup as emulated SMB shares.
This can be useful, for example, for analytics software that uses the data stored there as a source. In addition to archiving old versions of files that are not included in the backup retention policy, there is now an option to archive current versions as well. In this case, the archive will contain a full copy of the backup, for which it will be possible to perform a full restore of the file share to the latest state directly from the archive repository.
And now file share backups can be used as a source for tape backup tasks as part of the Disk to Disk to Tape (D2D2T) approach. Since this is a secondary backup, it does not require a separate license.
File share backups themselves now support repositories based on rotating media:
12. Backup console improvements
Now you can restart processing or perform an Active Full backup for individual machines without initiating this operation for all machines in the task by clicking on the corresponding machine in the task session. And managing permanent or temporary exclusions has become easier by specifying a master list of machines that you want to completely exclude from processing, even if they were added to the task by mistake. The Global Exclusions dialog is available from the main menu, and these machines have the Disable processing option selected on the inventory tab.
There is also a useful feature – the ability to disconnect existing backups from the task, which will result in the start of a new backup chain during the next full backup run. Disconnected backups will be displayed in the Orphaned section of the Backups tab with the latest known retention policy.
13. What’s New in Enterprise Manager?
Well, for starters, it is no longer necessary to store backup administrator credentials for each managed backup in the configuration database. Once the backup server is registered in Enterprise Manager, automatically generated certificates will be used for communication.
In the Enterprise Manager console, management of existing VMware Cloud Director CDP policies is now available, and Quick Backup operations can now be launched from Enterprise Manager for tasks managed by Managed-by-Server agents:
Now it is possible to directly restore VMware vSphere, VMware Cloud Director, Microsoft Hyper-V machines and file shares from backups and storage snapshots directly from the web interface. This makes recovery available within the Migrate to Production operation.
14. Primary and Secondary Storage Improvements
Backup tasks can now use existing storage replication links to create replicas based on storage-based snapshots as additional recovery points. This allows backups to be taken from secondary storage arrays to avoid load on primary storage.
On top of that, version 2 of the Universal Storage API has been introduced, which includes orchestration capabilities for snapshot replication and archiving, as well as support for synchronous replication. Many important features have been added for Cisco HyperFlex, IBM Spectrum Virtualize, NetApp All SAN Array (ASA), Dell Data Domain, Infinidat InfiniGuard, Fujitsu CS800, HPE StoreOnce, HPE Nimble, and HPE Alletra 5000/6000 storage arrays, such as backup immutability. Extended support for native block cloning functionality has been added for ExaGrid storage arrays.
15. Tape Backup Improvements
It is now possible to register tape libraries and media attached to both Windows and Linux servers for tape backup:
Backup-to-Tape tasks now support the export of any backup copies created by new multi-platform Backup Copy job types in Immediate or Periodic modes, regardless of the workload type.
All tape functionality now supports the initialization process of LTO-9 tapes and now waits correctly for initialization to complete rather than timing out when it takes too long. Tape media now automatically ejects from tape library drives after Inventory and Catalog operations to prevent accidental erasure of cassettes.
That concludes our review of new features in Veeam Backup and Replication v12. This is far from all that’s new in the product, as we haven’t covered the innovations in the Cloud Connect area, OS support (we’ll add that Microsoft SQL Server 2022, Windows Windows 10 22H2, and Windows 11 22H2 are now supported), and API improvements.
To sum up, VMware vSphere 8.0 is now fully supported for all Veeam Backup and Replication v12 features. We hope we’ve been able to tell you about the most important features of the latest version of Veeam’s flagship solution for administrators.