What Veeam Backup & Replication v11 means for Microsoft-oriented Identity-focused admins

Last week, Veeam released Veeam Backup & Replication version 11. Let’s take a quick look at what’s new and what this means to Microsoft-oriented Identity-focused admins.

What’s New

In case you missed it, here’s what’s new in Veeam Backup & Replication version 11:

Continuous Data Protection (CDP)

For Tier-1 VMware vSphere-based workloads, Veeam now offers Continuous Data Protection (CDP). Veeam CDP captures all write I/O directly in the data path with a VMware-certified I/O filter driver, eliminating the need to create snapshots as with classic replication jobs. And with I/O-level tracking, only the data actually changed is sent over to the VMware vSphere implementation at the Disaster Recovery (DR) site, as opposed to the larger virtual disk blocks returned by the changed block tracking feature.

Hardened Repository

With Veeam Backup & Replication version 11, admins can now keep backups safe in hardened, malware- and hacker-proof repositories with immutable backups preventing encryption and deletion by ransomware and malicious actors on Linux-based hardened repositories. Credentials to access a hardened repository are never stored in the database. As such, criminals cannot extract these credentials from a compromised backup server.

With this feature, version 11 successfully passed a 3rd party assessment of compliance with the U.S. financial industry regulations for WORM (Write Once Read Many) storage.

However, with hardened repositories, you are limited to classic forward incremental backup with periodic full backups.

Expanded Object Storage Support

Reduce the costs of long-term data archival and retention by up to 20 times, replace manual tape management and achieve end-to-end backup life cycle management with version 11’s expanded support for hot object storage in the Capacity Tier and support for cold object storage in the new Archive Tier of the Scale-out Backup Repository (SOBR).

For the Capacity Tier and NAS file version archiving, in addition to the wide variety of existing choices, organizations can now use Google Cloud Storage (GCS) as the object storage repository. For the Archive Tier, Veeam is delivering Amazon S3 Glacier (including Deep Archive) and Microsoft Azure Blob Storage Archive Tier support.

To help meet the compliance requirements, in Amazon S3 Glacier, the archived backups can be optionally made immutable for the entire duration of their retention policy.

Expanded Instant Recovery

Make even more of the datacenter’s workloads available instantly with the seamless restore of the following new workloads:

  • Instant Recovery of Microsoft SQL Server and Oracle databases
  • Instant Publish of NAS backups
  • Instant Recovery to Microsoft Hyper-V

Other enhancements

In addition to the above-mentioned major new features, Veeam Backup & Replication version 11includes over 200 other enhancements. You can read all of them in the What’s New in Veeam Backup & Replication version 11 document (PDF).

What’s version 11 means

Everybody benefits from immutable backups. In addition to hardened repositories, Microsoft-oriented Identity-focused admins can harness the new Veeam Backup & Replication version 11 features in the following ways:

DFS configuration restore

Listed as other enhancement, DFS Configuration Restore is announced.
Active Directory admins can now perform restores of the Distributed File System (DFS) configuration in the System Container with the Veeam Explorer for Microsoft Active Directory bundled with version 11.

Continuous Data Protection and Domain Controllers

When Domain Controllers are virtualized on VMware vSphere, you can use the Continuous Data Protection (CDP) feature to replicate Domain Controllers to the Disaster Recovery (DR) site. Combined with the right Site Recovery Manager (SRM) method for making Active Directory available in case of a disaster, this can be very powerful. Veeam CDP beats Active Directory replication, as it offers asynchronous replication of I/O, combined with network traffic compression, whereas Active Directory replication acts on a 15-minute replication schedule between Active Directory sites with default settings…

Instant Recovery to Hyper-V

Veeam Backup & Replication version 11 enables additional data recovery and portability use cases by letting you instantly recover any physical server, workstation, virtual machine or cloud instance backups to a Microsoft Hyper-V virtual machine, regardless of what Veeam product was used to create the backup.

While P2V’ing Domain Controllers is not something I’d advise because your mileage may vary, but for many other Identity-related physical workloads, instant recovery to Hyper-V is a beautiful addition to the migration story: AD FS servers, Web Application Proxy servers, Azure AD Connect servers.


Graphical User Interfaces (GUIs) can be beneficial in many scenarios. However, especially when you’re testing or creating automated pre-production environments, you need robust automation features.

Veeam Backup & Replication version 11 ditched the PowerShell snap-in and now offers a PowerShell module. The module no longer requires PowerShell 2.0. Version 11 adds 184 new cmdlets for both newly added functionality and expanded coverage of the existing features with a particular focus on restore functionality.

Veeam Backup & Replication version 11 also offers a RESTful API for the backup server.

No local admin requirement

In Veeam Backup & Replication version 11, the backup console no longer requires operators to use an account with a membership to the local Administrators group on the Windows Server that runs the backup console. This helps to improve security by not having to assign administrative privileges to the console operators.

When console update installation is required and for restore scenarios that actually do require Local Administrator privileges, you will be offered the opportunity to restart the console with appropriate privileges.

No additional costs

Veeam Backup & Replication version 11 uses the same license file format introduced back with v10. Such license files are no longer tied to a particular software version, allowing organization to use their existing v10 license file for v11 as long as the maintenance contract is still active.

All the above features are part of the Veeam Universal License. When using a legacy Socket-based license, Enterprise Plus edition is required for Veeam CDP and the RESTful API.


Veeam offers a compelling new version of its Backup & Replication solution. Simply upgrading gets your organization many of the benefits, but some other benefits may only be reaped when you make additional changes, like removing admin permissions and redoing your automation work. I think these additional actions are worth performing.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.