Last week Veeam released its newest Veeam Data Platform version – 12.3. Though I've only recently upgraded, after reviewing their What's New document and perusing around the Console a bit, I thought I would take some time to share with the Community some hidden gems in this newest VDP release.

Some of us in the Community were already aware of a “big news” feature to be released “soon”, which was spoken about at VeeamON in Ft. Lauderdale back in June – Entra ID Backup. This feature did indeed make it as part of the v12.3 release…no need to wait for v13, slated for sometime in 2025 Q1 (hopefully). But, there are quite a few other features in this release you may not be aware of. So I thought I'd do another follow-up to my previous two Hidden Features posts – v12 Hidden Features and v12.1 Hidden Features. Let's dive right in!

Cyber Resiliency Enhancements

The main one here is what I’m most anxious to test drive – Veeam Threat Hunter. This new feature may not be a "hidden" one, but if what Veeam says about it is true, it is for sure a welcomed one. What is Threat Hunter? Veeam Threat Hunter is a proprietary signature-based scan engine used as an alternative to other antivirus and malware scan software. To be able to use it, Veeam installs the Veeam Threat Hunter Service on a Mount Server. The Mount Service is then tasked to mount VM disks from Backup and perform a Threat Hunter scan. According to Veeam, this new scan engine is  significantly quicker than traditional A/V software scans. How much quicker is yet tbd but I’m bullishly optimistic. Keep in mind a couple requirements to use Threat Hunter → both VBR and the Mount Server need access to the Internet to connect to both the Veeam License Update Server and Veeam Signature Update Server on port 443. You also need to be running a minimum of Veeam Data Platform Advanced to use this scan engine. When running a Scan Backup task, make sure to select the option in the Scan Backup window to use Threat Hunter (or, the option to use Threat Hunter if performing a Secure Restore or SureBackup)
 

To enable this feature, go into the Veeam Console  main menu > Malware Detection > Signature Detection tab.
 

Workload Support
 

Veeam VDP v12.3 now supports both the latest Windows Server and Hyper-V version 2025. At the very least, this would be a good opportunity to test these new versions out to see what they offer.

Security

Veeam already enabled the ability to forward events to a SIEM since v12.1. Though having this capability was great, it was lacking one key feature to help prevent what I call “noise forwarding” → Syslog Filtering. This is now a reality! To forward desired events, just modify your Syslog configuration as shown below:

Make sure to follow the Event ID documentation when adding your filters to properly configure your filters

Image-Level Backups

New to v12.3, you now have the ability to add a Repository backed with Rotated Drives for Backup Copy Jobs, giving you flexibility and another means by which you can have an air-gapped copy of your backups. How cool is that?!

Recovery and CDP
 

In this new VDP release, Veeam states its Instant Recovery engine has undergone multiple optimizations, enabling restore performance up to 4x faster, e.g. from 45mins to 10mins on 200 VMs. Additionally, compute resource consumption is up to 3x less for CPU and 7x less for RAM. I would never have 200 VM IRs to perform (hope not, at least), but I do perform IRs on occasion. Any performance enhancements with this feature is a welcomed one.

There are a couple CDP enhancements some of you may be ecstatic about → the first one is the short-term retention period has been extended from 24hrs to 168hrs (7 days). This will significantly help those organizations who are needing extended RPO coverage for weekends and public holidays. Keep in mind, this will obviously significantly increase your Restore Points storage requirements. Another enhancement to CDP is you now have the ability to Clone a CDP Policy, essentially allowing you to have a source "template" Policy from which to create other CDP Policies from. I highly recommend taking a look at the User Guide to review all the Considerations and Limitations before using this.

Enterprise Applications
 

There has been a post or 2 recently here on the Community Hub regarding the Microsoft SQL Plugin button not displaying within the SQL Server Management Studio (SSMS) Ribbon. After gathering more info from the posters, it was because they were using a newer, but unsupported, version of SSMS. Before VDP v12.3, the only supported SSMS version was 19.x. Veeam has now enabled support for SSMS v20x
 

The Plugin for Oracle RMAN has also been updated with a pretty neat feature you may not have been aware of – the ability to recover from data block corruption of RMAN Plugin Backups running the recover block command from within the RMAN Console. This is natively done in the Console; no additional configurations are required. Once the command is run, the corrupted data file block will be replaced with a healthy one from the backup. Nice! 
 

Backup Infrastructure
 

Do you have Scale-Out Backup Repositories (SOBRs) in your environment? What about Object Storage? Do you also use immutability everywhere? Then this next feature enhancement may be just what you've been waiting for! Veeam has now provided support to have a mixed bag of extents in the Performance and Capacity Tiers. What do I mean by this? You can now have extents from different Object Storage systems, as well as storage extents with and without immutability enabled in the same Tier. Whoa!

To top it all off, if you utilize Archive Tier and encryption, you no longer are required to enable encryption in the Backup Job itself for your Archive copies to be encrypted. This scenario may not be best suited for orgs who utilize deduplication storage systems. You can now just configure encryption on your Archive Tier directly.

I'll finish this post off with just a few minor, but welcomed enhancements, and in my opinion proving the Product Management team does indeed listen to its customers:

• Cross Platform – In v12.3 Veeam has added the ability to restore virtual, physical, and cloud systems directly to RHV and OLVM hypervisors, enabling you to have more flexibility in deciding which hypervisor is best to use for your production workloads

• ISO – Have you ever had to use the Database Configuration Utility? Maybe you had a need or requirement to change your DB authentication mode (“sa” to “windows auth” or vice versa?). Have you also struggled to find the file path where the utility is located? Fret no more. Veeam has now included it in the VDP install ISO starting with v12.3 and moving forward. It is located at: <unpacked-ISO>\tools\DBConfig\ Veeam.Backup.DBConfig.exe
  It is also still in the following directory: C:\ProgramFiles\Common Files\Veeam\Backup and Replication\DBConfig 

• Service Providers – Last but not least, some of you MSPs may not have noticed this in the What's New doc, but you all now have the abiity to perform a Scan Backup operation for your tenants in VMware Cloud Director; and this includes the ability to use the new Veeam Threat Hunter. 

There you have it! Was there anything shared above you weren't aware of? What stood out for you? Anything above, or something else, you're most looking forward to using in this new release? Please comment below…