Storage-level corruption guard

One of the many gems in Veeam Backup & Replication v9 is the introduction of storage-level corruption guard for primary backup jobs. This was already a feature for backup copy jobs. But now we have the option of periodically scanning or backup files for storage issues.It works like this: if any corrupt data blocks are found the correct ones are retrieved from the primary storage and auto healed. Ever bigger disks, vast amounts of storage and huge amounts of data mean more chances of bit rot. It’s an industry wide issue. Microsoft tries to address this with ReFS and storage space for example where you also see an auto healing mechanism based on retrieving the needed data from the redundant copies.

We find this option on the maintenance tab of the advanced setting for the storage settings of a backup job, where you can enable it and set a schedule.


The idea behind this is that this is more efficient than doing periodical active full backups to protect against data corruption. You can reduce them in frequency or, perhaps better, get rid of those altogether.

Veeam describes Storage-level corruption guard as follows:


Can it replace any form of full backup completely? I don’t think so. The optimal use case seems to lie in the combination of storage-level corruption guard with periodic synthetic backups. Here’s why. When the bit rot is in older data that can no longer be found in the production storage, it could fail at doing something about it, as the correct data is no longer to be found there. So we’ll have to weigh the frequency of these corruption guard scans to determine what reduction if making full backups is wise for our environment and needs. The most interesting scenario to deal with this seems to be the one where we indeed can eliminate periodic full backups all together. To mitigate the potential issue of not being able to recover, which we described above, we’d still create synthetic full backups periodically in combination with the Storage-level corruption guard option enabled. Doing this gives us the following benefits:

  • We protect our backup against corruption, bit rot etc.
  • We avoid making periodic full backups which are the most expensive in storage space, I/O and time.
  • We avoid having no useful backup let in the scenario where Storage-level corruption guard needs to retrieve data from the primary storage that is no longer there.

To me this seems to be a very interesting scenario. To optimize backup times and economies. In the end it’s all about weighing risks versus cost and effort. Storage-level corruption guard gives us yet another tool to strike a better balance between those two. I have enabled it on a number of the jobs to see how it does in real life. So far things have been working out well.

Stand-alone console in Veeam Backup and Replication v9

Stand-alone console in Veeam Backup and Replication v9

One of the smallish, but significant improvements to Veeam Backup and Replication in version v9 is the introduction of the stand-alone console. That means the GUI is no longer tied to the Veeam Backup & Replication server itself. This is a very welcome improvement.

The default install in a green field scenario does not add the console. That requires a separate install. So if you prefer to do so, you can still mimic your installations to be as they used to be and install the console on the server still. This might be desirable just to have the console in place on the server just in case you need it.

You can specify to use the local host, an IP address or the sever name (FQDN) and choose to either use Windows session authentication when applicable for single sign on or specify the domain & username with a password. It’s pretty flexible.


The benefits

What’s the big fuss about this stand-alone console in Veeam Backup and Replication v9Let’s look at what having this stand-alone console enables. Even when you chose to still have the console installed on the Veeam Backup & Replication v9 server itself you’ll enjoy the following new capabilities.

You can install the console on your workstation, laptop, dedicated management server and connect to any Veeam Backup & Replication v9 installation. That could be the one on premises for your company. It could be the ones at your customers. You get the idea. Each admin can have their own console for use with their account or accounts.

An admin can now also easy use multiple accounts or the same account within the same or different environments as long as there is connectivity.

The standalone console allows you to use PowerShell against backup server
remotely, without relying on PowerShell Remoting … A big thank you to Timothy Dewin for pointing this out to me!

You can run multiple instances of the console simultaneously. That  means we can have multiple connections to the same or different VEEAM environments.


Normally when every admin is using his or her own account to RDP into the server this is not an issue. But his has actually also been fixed when you do run the console on the Veeam Backup & Replication server itself! You can actually even run multiple instances under the same account or a different account within the same RDP server session to the same or different deployments.


In any case you can now administer VEEAM Backup & Replication without having to remote in to the server over RDP. The console will work over the LAN, WAN, or a VPN. Just make sure you have about 1Mbps bandwidth available to get the job done. Less than that and you might not find the experience very good. I suggest you test this to see how this works for you as your mileage may vary.

No more RDP ever?

Will I throw away my remote and secured RDP Gateway setup now I have a console? No. For one not every environment will let me connect over VPN. A locked down well secured RDS Gateway setup can provide for very save remote access with basically just keyboard, video, mouse and sound. Add two factor authentication for a more secure solution.. The ability to block the mapping of drives, printers, clipboard etc. secures against dropping content or files form a remote machine into your business environment.

Also, RDP has UDP available since Windows Server 2012 and that is an exceptionally marvelous tools to have when connecting over bad, low quality connections. It is amazing how good it works under such conditions. Even if do not want to RDP to the VEEAM Backup & Replication server I could RDP into a remote management workstation or server and use the console from there to connect to the Veeam Backup & Replication v9 server(s).