What’s New in Veeam v12? 4 New Features and Best Practices

Veeam is an industry-leading data protection platform that offers several, regularly updated solutions for protecting organizations from modern cybersecurity threats and data loss. The v12 release of the Backup and Replication solution offers enhanced features for preventing attacks and assisting in data breach recovery efforts.

In this article:

• Veeam v12 Key New Features
  • Direct-to-Object Storage
  • VeeaMover
  • Enhanced Security
  • VCD/Service Provider Improvements
• Veeam Backup Best Practices
  • Calculate the Right Number of Resources
  • Consider Different Hardware Options
  • Consider a Scale-Out Repository

Veeam v12 Key New Features

Here are the new features introduced in v12:

Direct-to-Object Storage

A major innovation in Veeam v12 is the new architecture of the data backup system. Direct-to-object storage allows customers and their partners to augment their backup capabilities and cloud-based backup solutions. They can store backup data directly to their object storage systems without creating copies or archives.

This feature makes it easier to build a reliable data backup strategy, offering a new approach to security requirements such as the 3-2-1 rule (three copies, two media types, one offline copy).

For organizations that use object storage as their primary data repository, direct-to-object storage offers the following advantages:

• Easy implementation of immutable storage
• High reliability and availability (99.999999999%) in the cloud
• Simpler storage for home and branch office users without the need for dedicated hardware
• Greater flexibility in hyperscale VMware environments (for example, no stage repository or costly virtual hard disks)

VeeaMover

This feature facilitates the management of various types of data. Combined with direct-to-object storage, it allows customers to easily move backup data from their on-prem storage systems to cloud-based object stores while retaining the relationship between the data and the backup jobs.

Before this update, customers would have to change the configuration manually, using different workarounds to enable the backup data to be migrated alongside their related backup jobs. VeeaMover simplifies this process by allowing businesses to implement the whole migration in several clicks.

Additional use cases for VeeaMover include:

• Migrating data to immutable repositories
• Migrating NTFS (new technology file system) repositories to REFS (resilient file system) or XFS (extended file system)
• Migrating workloads to a new object storage system or physical infrastructure
• Balancing and readjusting backup storage

Enhanced Security

Another area of improvement in v12 is security. Veeam has enhanced its data defenses to address the rapidly evolving threats of ransomware and other hacking techniques:

• Each workload has trusted immutability: Organizations can ensure that every backup is immutable and ready to restore in the event of an attack, leveraging options from trusted vendors. For example, they can leverage on-premises storage systems (including object, file, and block storage), deduplicating backup storage appliances, hardened repositories, and cloud-based object storage.
• More resilient systems: Enterprises can respond quickly to ransomware attacks thanks to alerts from Veeam ONE. They can restore only the clean data using automation and more security recovery orchestration across all workloads.
• Multi-factor authentication: Organizations can implement a zero trust security model using MFA. For example, passwordless service accounts (MSAs) can help protect Windows systems, while one-time credentials can strengthen defenses in Linux systems. Veeam v12 also supports IPv6-only and Kerberos-only environments.

VCD/Service Provider Improvements

Veeam has expanded its capabilities for service-provider environments by introducing the following features for the VMware Cloud Director service:

• VCD-to-VCD continuous data protection (CDP): Minimizes downtime and reduces the risk of data loss by enabling multi-tenant CDP in Cloud Director. This feature ensures instant failover to the latest safe state or point-in-time at the virtual application level, with extremely low RPO (recovery point objective) granularity.
• CDP-to-VCD recovery: Veeam Cloud Connect simplifies disaster recovery and minimizes downtime by enabling instant failover. The service provider can replicate a tenant’s VCD resources from the production environment to the disaster recovery servers.

Veeam offers three main capabilities for maintaining business continuity:

• Data security
• Data recovery
• Data freedom

Users can easily back up and restore data from various locations while avoiding vendor lock-in, allowing them to use different clouds and platforms. The Veeam platform is available in a Foundation, Advanced, or Premium edition for enterprises. All tiers include the award-winning backup and replication and instant recovery capabilities of Veeam.

The Advanced and Premium tiers additionally offer advanced resiliency with more sophisticated monitoring, analytics, and recovery features:

• Foundation: This edition provides enterprise-grate data protection with Backup and Replication v12, including 500+ enhancements and new features.
• Advanced: This edition offers additional Veeam ONE capabilities for a deeper, more intelligent observability and monitoring solution, helping customers detect and resolve backup and recovery issues before they arise.
• Premium: This edition provides the highest level of enterprise data protection and backup recovery capabilities, combining Veeam Backup and Replication, Veeam ONE, and Veeam Recovery Orchestrator. It adds end-to-end data recovery automation with near-zero RPOs, automated tests, and comprehensive data security and resiliency. Premium customers also benefit from the Veeam Ransomware Warranty covering up to $5 million of the data recovery costs after a ransomware attack.

Veeam Backup Best Practices

The following best practices can help organizations make the most of Veeam v12.

Calculate the Right Number of Resources

It’s important to right-size repositories according to the proxies used by the organization. Planners should divide the number of proxy cores by three and round them up. For instance, if the company has 62 proxy cores, it should provision 21 cores.

Veeam’s repository also has RAM requirements – users should calculate four GB for each repository core to achieve sufficient RAM. For example, if there are 21 cores, the overall RAM should be 84 GB. The overall repository should have a minimum of two cores and 8 GB RAM.

Consider Different Hardware Options

When setting up the backup repository, it’s important to understand the available infrastructure options. Customers can limit the maximum number of concurrent tasks or data transfer rate. Applying these limits is optional, especially if the repository runs on right-sized hardware. However, it might be necessary to throttle an undersized repository to avoid timeouts and overruns.

A Veeam backup repository can be hosted on virtual or physical hardware, but physical hosts are recommended where possible because they improve performance. This approach also helps ensure that backups are stored on separate systems.

When storing the backup repo on a virtual machine, it is recommended to store the repository on a hard disk instead of a VMDK file. This improves resiliency in the event that the VMDK file becomes corrupted.

Consider a Scale-Out Repository

A good guideline for designing the backup architecture is to follow the 3-2-1 rule. This rule indicates that there should be three copies of the data, including the original and two back ups. There should be at least two media types to store these copies (i.e., at least one backup is stored in a separate medium from the original). Finally, there should be at least one off-site copy of the data.

When building the Veeam repository, organizations should assess whether they need a scale-out backup repository. Scale-out repositories have several storage tiers and are ideal for dynamic enterprise environments.

When setting up a scale-out Veeam repository, the organization should specify the performance tier and placement policy, as well as (optionally) a capacity tier . The performance tier comprises the existing repositories, known as performance extents, combined in an overarching scale-out repo.

Learn more in our detailed guide to Veeam best practices (coming soon)

Secure Storage for Veeam v12 Cloudian

Cloudian provides secure storage for Veeam Backup & Replication v12. Here’s how Cloudian ensures secure storage for Veeam backups:

1. Encryption: Cloudian supports data encryption at rest and in transit. You can enable encryption within Veeam to encrypt the backup data before storing it on Cloudian Object Storage. This ensures that your backup data remains encrypted and protected from unauthorized access.
2. Access Control: Cloudian Object Storage offers granular access control mechanisms. You can define access policies and permissions to restrict who can access, read, write, or delete the backup data stored in Cloudian. By properly configuring access control settings, you can enforce strict access controls and limit access to authorized personnel.
3. Transport Security: Veeam Backup & Replication communicates with Cloudian Object Storage over secure channels. Cloudian supports secure protocols such as SSL/TLS, ensuring that data transfers between Veeam and Cloudian are encrypted. This prevents interception or tampering of the backup data during transit.
4. Object Lock: Cloudian Object Storage provides an Object Lock feature that prevents the modification or deletion of backup data during a specified retention period. Once data is locked, it cannot be modified or deleted until the lock expires. This feature ensures the immutability of backup data, protecting it from accidental or malicious alteration.
5. Compliance and Data Governance: Cloudian Object Storage offers features that help meet compliance requirements. It supports WORM (Write Once Read Many) technology, which prevents data from being modified or deleted until a specified retention period expires. Cloudian also provides audit logging capabilities, allowing you to track and monitor access and modification activities related to your backup data for compliance and data governance purposes.
6. Data Protection: Cloudian Object Storage offers advanced data protection mechanisms such as erasure coding and data replication. These features ensure the durability and availability of backup data, protecting against hardware failures and enhancing data resilience.
7. Secure Replication: Cloudian supports replication to remote locations, including AWS S3, Azure Blob Storage, or other Cloudian clusters. This allows you to create offsite backups and implement a secure replication strategy for disaster recovery purposes.

It’s important to configure and implement security best practices specific to your environment, such as secure access credentials, regular software updates, and network security measures. Additionally, compliance with relevant regulations and adherence to your organization’s security policies are crucial for maintaining the overall security of your Veeam backups stored on Cloudian.

Learn more about Cloudian and Veeam V12.