Enhancing DRaaS with Veeam Cloud Connect and vCloud Director

Source: Veeam

The state of disaster recovery

While many organizations have understood the importance of the 3-2-1 rule of backup in getting at least one copy of their data offsite, they have traditionally struggled to understand the value of making their critical workloads available with replication technologies. Replication and Disaster Recovery as a Service (DRaaS) still predominantly focus on the Availability of Virtual machines and the services and applications that they run. The end goal is to have critical line of business applications identified, replicated and then made available in the case of a disaster.

The definition of a disaster varies depending on who you speak to, and the industry loves to use geo-scale impact events when talking about disasters, but the reality is that the failure of a single instance or application is much more likely than whole system failures. This is where Replication and Disaster Recovery as a Service becomes important, and organizations are starting to understand the critical benefits of combining offsite backup together with replication of their critical on-premises workloads.

Veeam Cloud Connect

While the cloud backup market has been flourishing, it’s true that most service providers who have been successful with Infrastructure as a Service (IaaS) have spent the last few years developing their Backup, Replication and Disaster Recovery as a Service offerings. With the release of Veeam Backup & Replication v8, Cloud Connect Backup was embraced by our cloud and service provider partners and became a critical part of their service offerings. With version 9, Cloud Connect Replication was added, and providers started offering Replication and Disaster Recovery as a Service.

Cloud Connect Replication was released with industry-leading network automation features, and the ability to abstract both Hyper-V and vSphere compute resources and have those resources made available for tenants to replicate workloads into service provider platforms and have them ready for full or partial disaster events. Networking is the hardest part to get right in a disaster recovery scenario and the Network Extension Appliance streamlined connectivity by simplifying networking requirements for tenants.

While Cloud Connect Replication as it stood pre-Update 4 was strong technology…it was missing one thing…

Introducing vCloud Director support for Veeam Cloud Connect Replication

VMware vCloud Director has become the de facto standard for service providers who offer Infrastructure as a Service. While always popular with top VMware Cloud Providers since its first release back in 2010, the recent enhancements with support for VMware NSX, a brand new HTML5-based user interface, together with increased interoperability, has resulted in huge growth in vCloud Director being deployed as the cloud management platform of choice.

Veeam has had a long history supporting vCloud Director, with the industry’s first support for vCloud Director-aware backups released in Veeam Backup & Replication v7. With the release of Update 4, we added support for Veeam Cloud Connect to replicate directly into vCloud Director virtual data centers, allowing both our cloud and service provider partners, and tenants alike, to take advantage of the enhancements VMware has built into the platform.



By extending Cloud Connect Replication to take advantage of vCloud Director as a way to allocate service provider cloud resources natively, we have given providers the ability to utilize the constructs of vCloud Director and have their tenants consume cloud resources easily and efficiently.


Benefits of vCloud Director with Cloud Connect Replication

By allowing tenants to consume vCloud Director resources, it allows them to take advantage of more powerful features when dealing with full disaster, or the failure of individual workloads. Not only will full or partial failovers be more transparent with the use of the vCloud Director HTML5 Tenant UI, but networking functionality will also be enhanced by tapping into VMware’s industry leasing Network Virtualization technology, NSX.

With tenants able to view and access VM replicas via the vCloud Director HTML5 UI, they will have greater visibility and access before and after failover events. The vCloud Director HTML5 UI will also allow tenants to see what is happening to workloads as they boot and interact with the guest OS directly, if required. This dramatically reduces the reliance on the service provider helpdesk and ensures that tenants are in direct control of their replicas.



From a networking point of view, being able to access the NSX Edge Gateway for replicated workloads means that tenants can take advantage of the advanced networking features available on the NSX Edge Gateway. While the existing Network Extension Appliance did a great job in offering basic network functionality, the NSX Edge offers:

  • Advanced Firewalling and NAT
  • Advanced Dynamic Routing (BGP, OSPF and more)
  • Advanced Load Balancing
  • IPsec and L2VPN
  • SSL Certificate Services


Put all that together with the ability to manage and configure everything through the vCloud Director HTML5 UI and you start to get an understanding of how utilizing NSX via vCloud Director enhances Cloud Connect Replication for both service providers and tenants.

There are also a number of options that can be used to extend the tenant network to the service provider cloud network when actioning a partial failover. Tenants and service providers can configure custom IPsec VPNs or use the IPsec functionality of the NSX Edge Gateway to be in place prior to partial failover.

The Network Extension Appliance is still available for deployment in the same way as before Update 4 and can be used directly from within a vCloud Director virtual data center to automate the extension of a tenant network so that the failed over workload can be accessible from the tenant network, even though it resides in the service provider’s environment.


For Veeam Cloud & Service Providers (VCSP) that underpin their backup and replication service offerings with Veeam Cloud Connect, the addition of vCloud Director support means that there is an even stronger case to deliver replication and disaster recovery to customers. For end users, the added benefits of the vCloud Director HTML5 UI, and enhanced networking services backed by NSX, means that you are able to have more confidence in recovering from disasters, and in your ability to provide greater business continuity.


The post Enhancing DRaaS with Veeam Cloud Connect and vCloud Director appeared first on Veeam Software Official Blog.

Enhancing DRaaS with Veeam Cloud Connect and vCloud Director

Enterprise application integration for Oracle and SAP HANA

Source: Veeam

Thousands of organizations rely on Oracle and SAP HANA databases for their business-critical, production workloads every day. These enterprise applications power their daily business operations, so having a successful backup solution is mandatory! IDC reports that enterprise databases, including in-memory and relational databases, continue to hold popularity both on premises and in clouds, thus reflecting the importance of being able to reliably back these up like other workloads. Many of these enterprise organizations also run Veeam to back up many of their solutions and have been asking for a way to integrate the backup, replication and restore features of Veeam Availability Suite, into a solution that works for these Oracle and SAP HANA applications as well.

It just works… For Enterprise databases too!

Veeam has a reputation of delivering simple, reliable solutions that work for any app, any data and any cloud and we are now extending this promise to supporting Enterprise Applications!

Veeam is proud to announce that this integration with Veeam Backup & Replication is now a reality, enabling backups directly into Veeam repositories with Veeam Backup & Replication 9.5 Update 4 with Veeam Plug-in for Oracle and Veeam Plug-in for SAP HANA. This integration saves time and simplifies the overall management of backups for mission critical database solutions. Let’s dive into these benefits a bit further.

Business benefits

Database Administrators (DBAs) have been leveraging the native backup solutions offered by Oracle Recovery Manager (RMAN) and SAP HANA (BACKINT) to protect and manage backups of their mission critical workloads. These organizations can now save time and improve operational efficiencies with the Veeam Plug-in for Oracle and Veeam Plug-in for SAP HANA, which allows them to simplify management of even more workloads within the Veeam portal for a holistic view of all backups. This saves time while keeping the DBAs in control.

Veeam Plug-in for Oracle provides users with the ability to send Oracle RMAN backups to Veeam Backup & Replication repositories, including several benefits such as:

  • Direct Integration with Oracle RMAN
  • Backups to Veeam repositories for a single-pane-of-glass management view
  • Oracle DBAs can control backups and restores & non-Oracle DBAs can do restores with Veeam Explorer for Oracle

Veeam Plug-in for SAP HANA enables SAP HANA BACKINT backups to Veeam Backup & Replication repositories including the following feature benefits:

  • Direct integration with SAP HANA
  • Official SAP BACKINT Certified Solution
  • Backups to Veeam repositories for a single-pane-of-glass management view
  • Back up and restore with the native SAP HANA Database backup methods; Usage of SAP HANA Studio for Restores
  • Read more about the technical benefits of SAP HANA integration

Additionally, many of the powerful features of Veeam B&R are now available for these Oracle and SAP application backups including:

  • Enhanced backup capabilities like Instant VM recovery, advanced Compression and Deduplication & storage snapshots for faster recovery
  • High performance backup and replication with Scale-out Backup Repository
  • Deploy enterprise application test environments with Veeam DataLabs
  • And more!


Veeam is excited to continue raising the bar on many more features for customers large and small. These enterprise application plug-ins provide considerable value to customers who may be looking to consolidate management of backups into one location, or to customers who have been hesitant to adopt Veeam due to lack of integration with enterprise backup tools.

This enterprise application enhancement is just one of the exciting new features within Veeam Availability Suite 9.5 Update 4. Learn more about this and many other features in this update.


  • IDC:  Data Integration and Integrity End User Survey 2017, IDC, November, 2017

The post Enterprise application integration for Oracle and SAP HANA appeared first on Veeam Software Official Blog.

Enterprise application integration for Oracle and SAP HANA

SAP HANA integrated backup is here!

Source: Veeam

SAP HANA is one of the most critical enterprise applications out there, and if you have worked with it, you know it likely runs part, if not all, of a business. In Veeam Availability Suite 9.5 Update 4, we are pleased to now have native, certified SAP support for backups and recoveries directly via backint.

What problem does it solve?

SAP HANA’s in-memory database platform also requires that a backup solution be integrated and aware of the platform. This SAP HANA support helps you to have certified solutions for SAP HANA backups, reduce impact of doing backups, ensure operational consistency for backups, and leverage all of the additional capabilities that Veeam Availability Suite has to offer. This also includes point-in-time restores, database integrity checks, storage efficiencies such as compression and deduplication as well.

This milestone comes after years of organizations wanting Veeam backups with their SAP installations. We spent many years advocating on backing up SAP with BRTOOLS and leveraging image-based backups as well to prepare for tests. Now, the story becomes even stronger with support for Veeam to drive backint backups from SAP and store them in a Veeam repository. Specifically, this means that a backint backup can happen for SAP HANA and Veeam can manage the storage of that backup. It is important to note now that the Veeam SAP Plug-In, which makes this native support work, is also supported for use with SAP HANA on Microsoft Azure.

How does it work?

The Veeam Plug-In for SAP HANA becomes a target available for native backups with SAP HANA Studio for backups of a few types: file-based backups, snapshots and backint backups. When backups are performed in SAP HANA Studio, a number of different types and targets can be selected. This is all native within the SAP HANA application and SAP HANA tools like SAP HANA Studio, SAP HANA Cockpit or SQL based command line entries. These include file backups (plain copies of files) and complete data backups using backint. Backint is an API framework that allows 3rd-party tools (such as Veeam) to directly connect the backup infrastructure to the SAP HANA database. The backint backup is configured to have a backup interval set in SAP HANA Studio, and that interval can be very small – such as 5 minutes. It is also recommended to do the backup with log backups (again, configured in SAP HANA Studio) to enable more granular restores which will be covered a bit later on.

SAP HANA can also call snapshots to its own application, while it does not have consistency or corruption checks – snapshots are a great addition to the overall backup strategy. By most common perspectives, backint is the best approach for backing up SAP HANA systems but using the snapshots can also add more options for recovery. The plug-in data flow for a backint backup as implemented in Veeam Availability Suite 9.5 Update 4 is shown in the figure below:



One of the key benefits of doing a backint backup of SAP HANA is that you can do direct restores to a specific point in time – either from snapshots or from the backint backups with point-in-time recovery. This is very important when considering how critical SAP HANA is to many organizations. So, when it comes to how often a backup is done, select the interval that works for your organization’s requirements and make sure the option to enable automatic log backup is selected as well.

Bring on the Enterprise applications!

Application support is a recent trend here at Veeam, and I do not expect this to slow down any time soon! The SAP HANA Plug-In support, along with the Oracle RMAN plug-in, are two big steps in bringing application support to Veeam for critical, enterprise applications. You can find more information on Veeam Availability Suite 9.5 Update 4 here.

The post SAP HANA integrated backup is here! appeared first on Veeam Software Official Blog.

SAP HANA integrated backup is here!

Veeam Instance Licensing changes everything, except price!

Source: Veeam

People value flexibility. We demand it! Our lives are busy, and we strive to keep things simple no matter where we are. Whether it’s how we shop, how we consume information or how we interact with friends and family, we expect that experience to be the same whether we’re at home or on the go. That’s the same for organizations who are growing and stretching their business-critical workloads across multiple environments and into the cloud. They need flexibility! They need a consistently reliable experience that does not incur penalties and doesn’t increase costs.

Veeam is stoked to introduce a new licensing solution that will provide a simple, flexible and cloud-ready licensing option that breaks down barriers for cloud adopters needing to back up and restore their valuable workloads. Veeam Instance Licensing (VIL) is the newest subscription licensing solution for Veeam products.

VIL is portable and can be used to protect various workloads across multiple Veeam products and can be used on premises, in the public cloud and anywhere in between.
Let’s first step back and discuss how this came about and why you should care.

Veeam 2019 – Extending leadership in cloud data management!

Organizations have various types of workloads ranging from virtual to physical, on-premises to cloud-native, and test/dev to production enterprise applications. Veeam has a portfolio of various products ready to support the total Availability of all these workloads, with backup and replication, monitoring, and much more. January 22nd marked a massive set of announcements from Veeam that extends our leadership in cloud data management. This announcement included Veeam Availability Suite 9.5 Update 4, Veeam Agents for Microsoft Windows and Linux v3, Veeam Availability for AWS and more. These releases were huge, adding many new cloud features furthering the capabilities that our customers demand. In fact, this was the biggest release in our history in terms of number of new features — check out the list for Veeam Backup & Replication 9.5 Update 4 alone here.

Workload diversification is on the rise

Organizations are moving rapidly toward an increasingly diverse set of workloads ranging from virtual to physical, on-premises to cloud-native, and test/dev to production enterprise applications. This workload diversity is fueled the most by the accelerating trend toward hybrid and multi-cloud adoption. Customers are adopting clouds in various ways in order to gain greater flexibility, cost savings and advanced functionality. These diverse configurations are contributing to challenges to how customers manage their traditional and cloud-native environments, and this applies directly to licensing as users are now facing a myriad of different licensing requirements. Different licenses for different workloads and for different products made for a licensing nightmare. Some licenses could be used for some things, but not others. Other licenses couldn’t be repurposed. Veeam is responding to this concern proactively with a solution that addresses licensing complexities to make the move to multi-cloud environments simple with VIL.

What is Veeam Instance Licensing?

VIL is the next generation of subscription licensing at Veeam, replacing the existing subscription licensing for most products. It’s a solution that can be used across different workloads and different Veeam products. These licenses are sold in pools of licenses, in bundles of 10. Customers use these instances to license the workloads that they need. Need to protect 3 VMs, 2 agent servers, and 2 cloud native workloads on AWS? No sweat! One bundle of VIL licenses can do this for you regardless of what Veeam product you choose for protecting your workload. No need to purchase “product-specific” licensing any longer.

You can probably already see how it solves some real challenges. For example, imagine you have a special VM that cannot be snapshot due to hypervisor limitation around its virtual hardware? No problem — you can just use Veeam Agent to protect this VM with agent-based backup, while processing the rest with host-based backups that Veeam Backup & Replication is so famous for — all from a single pool of licenses.

But, the best part is the portability! You can move these licenses to the workloads that you need, when your needs change, wherever your workload resides. Today, your SQL Server may be running on physical — but in a few months, you may virtualize it on VMware. And perhaps in a few months, you have plans to move it to the public cloud? No problem — the Veeam license will follow, regardless of what Veeam product you decided to use for protecting your on-prem VMs, physical servers, workstations, cloud IaaS VMs or enterprise applications. No longer will you be locked into licensing that is product or workload-specific.

Here at Veeam, we feel this portability is the right thing for the customer and we firmly believe this will make purchasing and managing licenses easier than ever. Fewer licensing headaches, greater flexibility, simplified ordering and management. That just makes sense!

Ok, but what is an Instance?

An Instance is our new unit of measurement for subscription licensing. Our most common use case is protecting a VM, and that will always utilize 1 Instance. In fact, most workloads require 1 Instance with our flagship Enterprise Plus edition, making everything super simple. Instead of metering licenses across various metrics such as per VM, per server, per workstation, per application, per user, per this and per that.. (Gosh, that’s exhausting!) we are standardizing on the license Instance as our unit of measure.

Just like our products, Instance licensing will be offered by edition. While this adds some complexity, this is a necessary evil to accommodate our existing 320K+ customer base using different product editions. However, for new purchases, you will find that Enterprise Plus edition is the best choice, because it provides more platform capabilities at the same price. This is due to how Instance pricing is structured, with MSRP for all workloads (except VMs) staying the same regardless of the edition.

It’s better to see something once than to hear about it a thousand times, right? Well, we have a nifty Instance configurator to help you figure out how many Instances you need. Check it out or contact your sales associate or your partner for assistance.

The. Price. Is. Not. Changing!

There must be some hitch here, right? Nope. The subscription pricing is not changing for any of our products. It costs the same to protect each particular workload as before — when we first introduced subscription licensing.

However, please remember that the Instances are sold by edition, and while lower editions may have increased “weightings” for certain workloads, this does not result in 2-3x the cost. Let’s take the Veeam Agent for Microsoft Windows server for example. No matter what edition you purchase, the cost to protect an Agent server is still $150 USD MSRP no matter what edition you choose. A Veeam Agent for Linux workstation is $50 MSRP regardless of edition. Same goes for Nutanix VMs which is $150 USD. Three standard Instances will protect one server and one Enterprise Plus Instance will protect one Server. The weighting per edition is different, but the price stays the same.

If you need various workload types to be centrally managed, we just require that you keep the edition the same across the single license file.

What else do you need to know?

  • Veeam Instance Licensing is available for several products and workloads, check out the list here. Is your product or workload not on this list, such as the case for Veeam Availability Orchestrator or Veeam Backup for Microsoft Office 365? No sweat — keep licensing those the way they are today.
  • Subscription Licenses will no longer be sold “by product,” because they can be used for ANY product, but rather in a pool of Instances in minimum bundles of 10.
  • Customers can now, for the first time, have both Perpetual and Instance Subscription licensing in the same centrally managed environment. This was a huge request before — and we made it happen! Just keep the edition consistent and you’re all set.
  • Perpetual licensing IS NOT going away! Continue using Perpetual, per socket, licensing for your VMs on premises. BONUS: We’re even going to give you up to 6 instances to kick the tires of Agents, Availability for AWS and more with no strings attached!

  • Legacy subscription licenses will be converted to Instances and upon installing Update 4, these customers will be asked to update their license file and will have a 90-day grace period to do this. Those of you who have both perpetual and agent licenses, this applies to you too, but you’ll also need to merge your licenses into the single file. After upgrading to Update 4, you will have 90 days to get your legacy agent license replaced with an Instance license — and until you do, you can use unlimited agents. So, don’t worry if you run into any license management issues — our licensing support department is here to help.


Veeam continues to raise the bar and do what is right for our customers. Licensing is becoming more portable for the masses and no longer a barrier for multi-cloud users. Learn more about VIL on our Instance licensing page and check out our Instance license configurator. 2019 is off to a great start and we are so excited about what lies ahead. Veeam Availability Suite 9.5 Update 4 and its complementary products are cloud-ready and so is our licensing solution. Let us help you achieve your goals in 2019!

See more:


The post Veeam Instance Licensing changes everything, except price! appeared first on Veeam Software Official Blog.

Veeam Instance Licensing changes everything, except price!

Compliant data recovery with Veeam DataLabs Staged Restore

Source: Veeam

It’s safe to argue that, to date, the May 2018 implementation of the General Data Protection Regulation (GDPR) in the European Union, as well as the two-year ramp-up period that lead to the activation date, has elevated the status and industry press coverage of compliance-related issues more than any other data protection and compliance standard set by governing bodies.

The truth is, today, the stakes are high for organizations that continue to struggle with the proper management of sensitive, personal data or regularly failed audits, and IT professionals know this. In fact, in a recent study, Veeam customers were asked which corporate governance regulations have had the greatest impact on their data protection strategy and even though the new standard had been active for less than half a year, 28% answered “GDPR”, which was enough to make it second on a long list of regulation standards, some of which have been in effect for two decades (source: ESG Data Protection Landscape Survey).

So why is there so much concern? Because no business can afford a data breach and the subsequent debilitating press coverage, or customer alienation and fines that accompany such a negative event. According to a 2018 study, the average total cost of a data breach is $3.86 million, which for those of you who are curious, breaks down to $148 lost or stolen per record! And probably most concerning, for those respondents who had been through a data breach, they said they’re not completely convinced they can prevent a future data breach event from occurring. Almost 28% of this group indicated a recurring material breach was likely to happen over the next two years (source: 2018 Cost of a Data Breach Study).

The good news is, for Veeam customers who are losing sleep at night over compliance or other use cases, the latest release of Veeam Availability Suite includes Veeam DataLabs Staged Restore, which is a new and powerful feature designed to help manage compliance and ensure that sensitive data is removed from backups before the data has a chance to make it back to a live environment. Veeam DataLabs Staged Restore can also be used for other helpful use cases outside of compliance, including masking data for DevOps.

As I have already mentioned, the primary purpose of Veeam DataLabs Staged Restore is to enable a process to be injected into the recovery process of your virtual machines (VMs) that can help you easily and confidently manage compliance-related issues, such as those related to GDPR. The most typical use case is ensuring compliance after a failure scenario when recovering a machine back into production where data potentially needs to be removed or masked.

The ability to inject a script into the recovery process allows for the restore point to be modified before landing into the environment. In this scenario, a use case may be a DevOps environment where a business would like to leverage the latest version of data in their own segregated environment for versioning. But, from an operations point of view, the data may contain personal identifiable information (protected by compliance standards) that must be masked before landing in the new environment.


Veeam DataLabs Staged Restore is one of the latest additions you will see as a selection option when the entire VM recovery wizard is started. If needed, this also gives us the option to inject an additional script into the VM we are recovering. The wizard shown below has several options.


Virtual lab – The virtual lab is an isolated virtual environment that is fully fenced off from the production environment. The network configuration of the virtual lab mirrors the network configuration of the production environment.

Application group (optional) – An application group consists of any VMs that the machine you are recovering may need to have to authenticate and function. It’s a group of dependants to the proposed machine for recovery.

Script – It’s required that the script remains located on the Veeam Backup & Replication server as this is the route taken for the injection into the virtual lab.

Credentials – For the script to be injected into the VM and to be executed, the required credentials should have the ability to authenticate and run the script.

Advanced – This allows for different options to take place. The first option is memory. As part of the recovery process, if you would like to increase or decrease the memory percentage assigned to the VM, then you can manage that here. You can also define boot and application time. This will depend on the services and resources available on the VM, but those that can be adjusted accordingly as well.


Once the wizard is completed, the recovery process will begin with the virtual lab appliance powering on within the environment, along with the presentation of the backup folder from the backup repository to your virtual environment. This uses a patented technology called vPower NFS.

vPower NFS

vPower NFS is used to present the backup file into your virtual environment as a datastore. This allows for a very fast way to get a machine up and running in the environment. However, the performance depends on the performance of the backup disk being used. So, the next step in the process is to power on that VM from the new datastore into our virtual lab environment. This environment is safely isolated away from production, however the VM has not had its IP address changed and will still have this when it boots. The IP is masqueraded through the virtual lab appliance so you can gain access through the Veeam Backup & Replication server.

Inject script from the Veeam Backup & Replication server

Now that we have our recovered VM that’s running in an isolated environment, the next step is to inject the script that we defined in the wizard. This entire process is automated, so there is no need for intervention. It is likely that by adding the script, the data will be modified in some form. All of these changes will be captured inside a production datastore that was defined during the restore wizard phase and not in the backup file, as we want to keep the backup file as a functional restore point.

Quick Migration to the environment

Finally, when the script has finished successfully, the process will continue the recovery steps. To do this we use a Veeam technology called quick migration. Veeam Quick Migration enables the ability to migrate the VM between datastores.

When the process is complete you will have your recovered VM within the environment, including the injected process. We hope this feature will help you be more reactive and efficient in staying compliant to a multitude of situations and requirements. Give Staged Restore a whirl and let us know your experiences in the comments!


The post Compliant data recovery with Veeam DataLabs Staged Restore appeared first on Veeam Software Official Blog.

Compliant data recovery with Veeam DataLabs Staged Restore

How to improve security with Veeam DataLabs Secure Restore

Source: Veeam

Today, ransomware and malware attacks are top of mind for every business. In fact, no business, large or small is immune. What’s even more concerning is that ransomware attacks are increasing worldwide at an alarming rate, and because of this, many of you have expressed concern. In a recent study administered by ESG, 70% of Veeam customers indicated malicious malware and virus contamination are major concerns for their businesses (source: ESG Data Protection Landscape Survey).

There are obviously multiple ways your environment can be infected by malware; however, do you currently have an easy way to scan backups for threats before introducing them to production? If not, Veeam DataLabs Secure Restore is the perfect solution for secure data recovery!

The premise behind Veeam DataLabs Secure Restore is to provide users an optional, fully-integrated anti-virus scan step as part of any chosen recovery process. This feature, included in the latest Veeam Backup & Replication Update 4 addresses the problems associated with managing malicious malware by providing the ability to assure any of your copy data that you want or need to recover into production is in a good state and malware free. To be clear, this is NOT a prevention of an attack, but instead it’s a new, patent-pending unique way of remediating an attack arising from malware hidden in your backup data, and also to provide you additional confidence that a threat has been properly neutralized and no longer exists within your environment.

Sounds valuable? If so, keep reading.

Recovery mode options

Veeam offers a number of unique recovery processes for different scenarios and Veeam DataLabs Secure Restore is simply an optional enhancement included in many of these recovery processes to make for a truly secure data recovery. It’s important to note though that Secure Restore is not a required, added step as part of a restore. Instead, it’s an optional anti-virus scan that is available to put into action quickly if and when a user suspects a specific backup is infected by malware, or wants to proceed with caution to ensure their production environment remains virus-free following a restore.


The workflow for Secure Restore is the same regardless of the specific recovery scenario used.

  1. Select the restore mode
  2. Choose the workload you need to recover
  3. Specify the desired restore point
  4. Enable Secure Restore within the wizard

Once Secure Restore is enabled you are presented with a few options on how to proceed when an infection has been detected. For example, with an Entire VM recovery, you can choose to continue the recovery process but disable the network adapters on the virtual machine or choose to abort the VM recovery process. In the event an actual infection is identified, you also have a third option to continue scanning the whole file system to protect against other threats to notify the third-party antivirus to continue scanning, to get visibility to any other threats residing in your backups.


As you work inside the wizard and the recovery process starts, the first part of the recovery process is to select the backup file and mount its disks to the mount server which contains the antivirus software and the latest virus definitions (not owned by Veeam). Veeam will then trigger an antivirus scan against the restored disks. For those of you familiar with Veeam, this is the same process leveraged with Veeam file level recovery. Currently, Veeam DataLabs Secure Restore has built-in, direct integrations with Microsoft Windows Defender, ESET NOD32 Smart Security, and Symantec Protection Engine to provide virus scanning, however, any antivirus software with CMD support can also interface with Secure Restore.


As a virus scan walks the mounted volumes to check for infections, this is the first part of the Secure Restore process. If an infection is found, then Secure Restore will default to the choice you selected in the recovery wizard and either abort the recovery or continue with the recovery but disable the network interfaces on the machine. In addition, you will have access to a portion of the antivirus scan log from the recovery session to get a clear understanding of what infection has been found and where to locate it on the machine’s file system.

This particular walkthrough is highlighting the virtual machine recovery aspect. Next, by logging into the Virtual Center, you can navigate to the machine and notice that the network interfaces have been disconnected, providing you the ability to login through the console and troubleshoot the files as necessary.


To quickly summarise the steps that we have walked through for the use case mentioned at the beginning, here they are in a diagram:


Probably my favourite part of this new feature is how Secure Restore fits within SureBackup, yet another powerful feature of Veeam DataLabs. For those of you unfamiliar with SureBackup, you can check out what you can achieve with this feature here.

SureBackup is a Veeam technology that allows you to automatically test VM backups and validate recoverability. This task automatically boots VMs in an isolated Virtual Lab environment, executes health checks for the VM backups and provides a status report to your mailbox. With the addition of Secure Restore as an option, we can now offer an automated and scheduled approach to scan your backups for infections with the antivirus software of your choice to ensure the most secure data recovery process.


Finally, it’s important to note that the options for Veeam DataLabs Secure Restore are also fully configurable through PowerShell, which means that if you automate recovery processes via a third-party integration or portal, then you are also able to take advantage of this.

Veeam DataLabs – VeeamHUB – PowerShell Scripts

The post How to improve security with Veeam DataLabs Secure Restore appeared first on Veeam Software Official Blog.

How to improve security with Veeam DataLabs Secure Restore