Veeam Data platform update 23H2 – all you need to know related to your AWS workloads

  • 12 January 2024

Userlevel 3

On December 5th, 2023, Veeam unveiled a significant update to our Data Platform. This release introduces enhanced capabilities in detecting and identifying cyberthreats, facilitating faster responses and recovery from ransomware attacks, and ensuring comprehensive protection for our customers' data with robust security and compliance features.


Our latest release incorporates an extensive range of supplementary features associated with cloud-native backup and backup services for AWS. This document will delve into these newly added capabilities.


Veeam Backup and Replication 12.1


Backup of object storage

Protect production data residing in both on-premises and cloud object storage with the powerful new backup and recovery functionality. Built on a storage-agnostic architecture, Veeam helps you to achieve your object storage recovery objectives without additional hardware investments. And when it comes to recovery, we ensure your recovery time objectives (RTO) are met by providing flexible restore options tailored to typical disaster scenarios including: entire bucket recoveries to address complete hardware loss or object storage migration scenarios, point-in-time bucket state rollback for recoveries from ransomware and malicious insider attacks, and object-level recovery for day-to-day operational restores.


The unique benefits of Veeam’s object storage backup engine includes:


Scalable, storage-agnostic architecture — based on a proprietary distributed file system specifically built for the protection of billions of objects of PBs in size to a storage target of your choice. You can backup directly to another object storage or use a scale-out backup repository based on commodity server hardware with internal or directly attached storage to easily scale both performance and capacity of the distributed file system. Or you can even back up your object storage directly to tape!


Extensive data source support — including S3-compatible object storage on-premises or in a public cloud, Amazon S3 and Microsoft Azure Blob storage.

Flexible protection scoping — protect entire storage accounts, or only specific buckets/containers, objects with specific tags or prefixes, or individual objects. The same flexibility is supported for exclusions as well.


Efficient forever-incremental backup engine — that does not require periodic active full backups to be performed — making it possible to protect PB-size buckets with significantly reduced RPOs.


Storage-agnostic changed object tracking — our innovative approach provides industry-leading incremental backup performance, allowing you to achieve low RPOs without requiring native changed object tracking capabilities from object storage. And it goes without saying that object storage backup jobs also include most of the standard Veeam capabilities like backup encryption, backup copy, pre- and post-job scripting for automation, and multiple notification options.


AWS Glacier accelerated restores — added support for leveraging S3 Batch operations to increase data retrieval performance, speeding up restores from scale-out backup repository Archive Tier.


Amazon S3 protection — backup of Amazon S3 buckets and objects to any Veeam supported repository, including to another Amazon S3 repository, Azure Blob and more. Flexible restore options include entire buckets to a new bucket for DR or migrations, point-in-time rollbacks, and granular object-level recovery.



Veeam Backup for AWS v7


Amazon DynamoDB protection — manage your DynamoDB database protection alongside other AWS workloads you’re protecting with Veeam. Use flexible policy-based scheduling and lightning-fast database recovery to a point-in-time to the original or a new location. Make backup copies across AWS regions to protect yourself against many types of possible outages and data loss.


Amazon RDS for PostgreSQL protection — add an additional layer to your PostgreSQL database protection on top of native snapshots by enabling archiving of backups to Amazon S3, S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive, including optional immutability through Amazon S3 Object Lock.


Granular per-workload permissions — you can now grant only required permissions for IAM roles to work with specific workloads for backup and/or restore operations. This allows maximum flexibility in infrastructures with tight security regulations.


Private network deployment — the Veeam Backup for AWS appliance and its workers can now be deployed in networks with no public access to endpoints or object storage to meet the internal security requirements and regulations. The updated Getting Started section of the user interface will guide you through the required configuration steps to make the backup appliance operate while being accessible over the private IP address only.


Worker tagging — increase visibility and control over automatically provisioned worker appliances in your production infrastructure by assigning predefined or custom tags to workers. This will allow you to meet the requirements for newly created cloud resources that are often enforced by cloud management and security teams, enabling them to easily track their usage and resource consumption.


Backup performance improvements — increased EC2 instances backup speed up to 5x depending on scenario, through leveraging multiple copies of the EBS volumes with round-robin read logic.


Standard Accelerated Retrieval support — you can use this new retrieval mode when you need to retrieve your data from Amazon S3 Glacier Flexible Retrieval storage even faster.


Appliance autoconfiguration — appliances on EC2 instances with ephemeral disks will now be automatically configured with swap files.


Worker OS update — operating systems for workers has been upgraded to the latest Amazon Linux v2023.


Repository ownership monitoring — the same backup repository can no longer be added to different backup appliances to increase reliability and protect against potential data loss.


Platform updates


EC2 Helper Appliance IMDS update — we updated EC2 helper appliances’ instance metadata service to the latest version for added security.


AWS SDK update — AWS SDK was updated to the latest version to enable support for new AWS regions (namely Israel).




Please be aware that certain new features in Veeam Backup for AWS necessitate a connection to Veeam Backup and Replication 12.1.


A complete list of Veeam Data Platform new features and capabilities can be found HERE


Userlevel 7
Badge +21

Thanks for sharing this, Roy.  Some good enhancements for AWS components of Veeam.

Userlevel 6
Badge +3

Thanks for the update, it’s great to see the ever-increasing number of native services that are supported by Veeam!

Userlevel 7
Badge +9

Thank you very much for sharing. I will reference this specific post in the guide I am currently crafting on protecting RDS and EC2 instances