Veeam v12.1 KMS Support

Veeam revealed the new features that will be available with the next release of VBR v12.1. With these new releases, Veeam further extends the feature set available in these products with a focus on Security & Compliance general improvements. Here’s blog post about Key Management System Support.

Veeam Availability Suite 12.1

Next release of Veeam Backup & Replication v12.1 (currently version 12) will provide the following new features and enhancements. Security features list:

    Security & Compliance: Malware detection

  • Security & Compliance Dashboard
  • Inline detection (encryption & ransom notes)
  • In-guest detection via guest-index
  • YARA rules support
  • Automated scans via SureBackup
  • On-Demand scans
  • Malware events & false positives
  • Incident API
  • How to test features above
    Security & Compliance: General

  • Key management systems support (KMIP)
  • Four Eyes approval
  • SIEM integration (syslog support)
  • Security & Compliance analyzer
  • Removed “Files” Tab For Non-Admin Users
  • Warning on short encryption passwords
    Security & Compliance: Immutability News

  • Dell Data Domain Retention Lock support
  • HPE StoreOnce Catalyst Copy immutability
  • Object Lock Governance Mode
  • Immutable configuration backup on object storage
  • Consistent immutability in SOBR
  • Hardened Repository: Time step detection


Key Management System Support:

KMS allows increased security with regular password changes and centralized password management via KMIP protocol VBR <-> key management server.


    — Backup & Backup Copy job
    — NAS backup
    — Log backup
    — Managed by Server agents
    — Repository encryption settings (RHV, AHV, Kasten) + external repositories
    — Cloud Connect
    — Capacity Tier
    — Tapes


    — Managed by Agent policies
    — Standalone agents
    — Backup jobs of Veeam Backup for AHV, RHV, Azure, AWS & Google (everything that is a “plugin” product). Please note that repository encryption for AHV & RHV is supported!
    — Configuration backup


The problem with Encryption Passwords:

  • Passwords never change,
  • Weak passwords (Note: At Monaco Digital, we recommend 40 characters minimum).
  • Veeam Availability Suite 12.1 KMS

    Veeam Availability Suite 12.1 KMS


    The solution for Encryption Passwords:

    Key management server:

  • Automatic password changes,
  • Strong password,
  • KMIP version 2.0+ supported.

    A Key Management Server (KMS) is a centralized system or software component that is used to manage and distribute encryption keys in a secure manner. KMS plays a crucial role in ensuring the security and integrity of data in various cryptographic systems, particularly in the context of secure communication and data protection. KMS is commonly used in various applications, including data encryption (to protect sensitive information at rest). It plays a critical role in ensuring the confidentiality and integrity of data in many modern systems and applications.


    Strongly recommended:

  • Configure Enterprise Manager for “lost password protection”.
  • Veeam Availability Suite 12.1 KMS


    Add Key Management Server:

    1) Server certificate: public root CA certificate to validate KMS server,
    2) Client certificate: combined private key + public certificate (this one, including private key, is created by the KMIP server and is provided by the KMIP admin).

    Veeam Availability Suite 12.1 KMS

    Veeam Availability Suite 12.1 KMS


    Configure Encryption In Job / Repository:

    Veeam Availability Suite 12.1 KMS

    Veeam Availability Suite 12.1 KMS

    Veeam Availability Suite 12.1 KMS


    Veeam v12.1 Malware Detection and YARA: Blog Post
    Wasabi Object Storage new features: Blog Post
    VUG Fr Day in Monaco Recap
    Detection & Response to Ransomware with Veeam: Blog Post
    Offline versus Immutable Backups: Blog Post
    Cuba ransomware and Veeam CVE-2023-27532: Blog Post
    Akira ransomware infection routine: Blog Post
    2023 Ransomware Trends Report
    Play ransomware infection routine: Blog Post
    New Veeam v12 Platform Overview: Blog Post
    Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post
    Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
    VeeaMover in v12: Blog Post
    Ransomware & Cybersecurity with Veeam v12: Blog Post
    Why backup directly to Object Storage? Blog Post
    Veeam B&R v12 New Features Overview: Blog Post
    [REPLAY] Webinar Veeam v12 and Wasabi: Replay
    Protect your data with Veeam and Wasabi: Blog post
    Wasabi – Object Lock feature spotlight: Blog post
    Veeam and the S3-compatible object storage solutions: Blog Post
    [PODCAST] VeeamUser Group France #1: Record
    Conti initiates their attacks on Backup: Blog Post
    Backup with Trusted Repository Storage: Blog Post.
    Protect your Backup against Ransomware: Blog Post

    Please follow and like us:

    Enjoy this blog? Please spread the word :)