Hidden Shortcuts in Veeam Backup & Replication (VBR) – Boost Efficiency Like a Pro

Introduction

Most administrators use Veeam Backup & Replication (VBR) every day—but few know the hidden shortcuts that can significantly speed up management tasks. These built-in tricks improve efficiency, simplify navigation, and make backup operations smoother.

In this article, we’ll reveal the hidden VBR shortcuts, console tricks, and best practices that can turn you into a Veeam power user.

Why Learn Veeam Shortcuts?

Veeam’s interface is designed for usability, but keyboard shortcuts and hidden console functions allow experienced users to work faster.

Benefits include:

• Save time on daily backup administration.

• Quickly access logs, job settings, and reports.

• Enhance accuracy by avoiding repetitive clicks.

📌 According to Veeam’s Knowledge Base, using built-in console shortcuts reduces operational workload by up to 30% in large environments.

[Ctrl] + Right Mouse Click

In many operations, you can use Ctrl + Right Mouse Click to bring up special menus. Generally, if you don't hold down the Ctrl key, you won't see these hidden menus when you right-click normally.

Performing a brand new job in the NAS backup

Normal NAS file backups in Veeam are forever-incremental backups. However, some users still need to perform a brand new full backup. Veeam also provides this function in NAS backups. Simply select the backup job you want to execute, hold down the Ctrl key, and then right-click. The full backup button will then appear.

After performing this full backup, a situation slightly different from a regular virtual machine full backup/synthetic full backup will occur: the previous backup data will be moved to Disk(Imported), and the new backup chain will replace the old one, becoming the new active NAS forever-incremental backup chain.

Oracle/SAP HANA Backup Job Force Delete

After configuring and running Oracle or SAP HANA backup jobs, VBR will display jobs of type Oracle Rman backup or SAP Backup. Right-clicking these jobs will show a Delete option, but this Delete option requires first deleting the RMAN or SAP HANA backup archives. If you don't want to delete the archives but only want to remove the backup job, you can use Ctrl+right-click to access the Force Delete option.

SOBR's Run tiering job now

I think many friends must be troubled by the rigid setting of uploading data to the cloud every 4 hours. Actually, there's a hidden right-click menu. Hold down Ctrl and right-click on the Scale-Out Backup Repository, and you'll discover this button to immediately run the Tiering job.

Directional Arrow Keys

In VBR's Jobs section, double-clicking each backup job allows you to view the latest execution details. However, if you want to look at older historical jobs, you might get lost in VBR's console. A slightly more complex method is to open the History panel and manually search for the desired date, or use keyword filters.

Actually, you don't need to open the History panel at all. VBR provides a way to view historical jobs directly from each job's details screen. Simply press the left and right arrow keys on the detailed task information interface to browse through past records. While not as flexible as selecting from the History panel, this method is excellent for quick troubleshooting.

Other Hidden Right-Click Menus

In some interfaces, there are hidden right-click menus that are not easy to discover but can be very useful. In most cases, these right-click operations are designed not to interfere with normal user actions, which is why they aren't easily noticeable.

Right-click in the SureBackup Statistics window

Double-click a SureBackup Job to open the Statistics window, where you can see the success or failure status of each VM from the last job execution. In addition to this static view, there is a hidden Start button. By selecting any VM in the Statistics window, you can not only view the execution details in the log below, but also right-click to Start this Datalab again.

This Start button is primarily used for troubleshooting when SureBackup fails. After clicking Start, the Session log will indicate that SureBackup has switched to Troubleshooting mode. In this mode, the SureBackup Job will not be terminated immediately upon success or failure—it will remain running until manually stopped. Please ensure that after troubleshooting or use, you press the Stop button to end it.

Backups stored in a backup repository containing a Capacity Tier

Typically, when you right-click on a backup in the Backups properties dialog, a regular backup repository will only have a "Copy Path" button. This is designed to allow us to quickly locate the corresponding .vbk or .vib file within the file system.

However, in some cases, if the Scale-Out Backup Repository (SOBR) includes a Capacity Tier and certain conditions are met, right-clicking on these backup files will bring up a new context menu.

This restarts the management console without rebooting the host.

👉 Related reading: Making VBR Login More Secure – Complete Guide

Conclusion

These hidden shortcuts in Veeam Backup & Replication may seem small, but together they deliver huge time savings for IT administrators.

By mastering VBR console shortcuts and PowerShell automation, you can work smarter, reduce errors, and maximize productivity in your backup environment.

Try integrating these techniques into your daily workflow—you’ll notice immediate performance improvements and smoother Veeam operations.

 Backup Software: Agent vs Agentless – Which Solution is Better for Your IT Environment?

Introduction

Choosing between agent-based and agentless backup software can significantly impact your IT infrastructure’s performance, complexity, and cost.

This guide explains the key differences, advantages, and best practices for each method—helping you determine which backup strategy suits your VMware, Hyper-V, or cloud environment best.

Virtualization technology is a revolutionary force in the IT world. Similarly, in the backup domain, the concept of agentless backup, introduced with the adoption of virtualization, continues to challenge traditional technologies. However, as a pair of contradictory technologies—agent-based backup and agentless backup—their respective advantages and disadvantages are quite pronounced. Yet, Veeam's agentless backup technology leverages the best of both worlds, achieving application awareness while performing agentless backups.

1. What Is Agent-Based Backup?

This IT term is difficult to define clearly and precisely, which often leads to ambiguity in our daily technical discussions. Sometimes we talk about agents in a broad sense, and other times in a narrow sense. I tried to find a definition on Baidu Baike but came up empty-handed. On Wikipedia, there is a definition for a Software Agent, but it only lists some characteristics that such an agent should possess based on a common understanding:

• Persistent Operation - Typically remains running, even when idle, staying in a wait state.
• Autonomous Operation - Can operate without human intervention or interaction.
• Application Interaction Capability - Can interact with other programs, activate other modules, communicate, and collaborate.

Upon closer reflection, the agent software used in traditional agent-based backup does indeed fit these characteristics of what an Agent should be.

An agent-based backup requires installing a small software agent inside every system you want to protect.

Advantages:

• Deep visibility into applications and operating systems.

• Ideal for databases, mail servers, and legacy systems.

Disadvantages:

• Higher maintenance and update complexity.

• Increased CPU and memory overhead on each host.

📌 Example: Veeam Agent for Windows is a common solution for granular physical or endpoint protection (Veeam Docs).

2. What Is Agentless Backup?

Virtualization backup technology does not require installing any such programs within any operating system; therefore, backups do not depend on the system's running state.

Application awareness, on the other hand, involves automatically running a process within the operating system during the backup process to handle application awareness, ensure consistency, and manage file system consistency. It then closes the application and exits. This process is merely an optional step during backup execution and is entirely different from the aforementioned agent program.

Consequently, the problems typically faced by agent programs also apply to backup agents:

• You constantly need to manually install agent programs on newly deployed virtual machines (we consider push installations convenient, but they still count as a form of "manual" work, requiring remote or local configuration);
• During software updates, you need to upgrade the agent on every single machine.
• In large-scale, long-term operations, you also need to consider using some software to monitor these agents—what we call an "agent babysitter"—to ensure they don't suddenly stop working without anyone noticing;
• All of these consume computing resources—CPU, memory, network, storage—continuously, and often redundantly.

The process that backup software uses for application-level awareness runs for just a few minutes at the start of the backup and then immediately shuts down and exits. Therefore, it completely avoids all the issues mentioned above. No need for per-deployment installation, no updates, no long-running monitoring.

What's more interesting is that in today's IT world, the more you run, the greater the risk. When we have no applications running, we are in the safest possible state. Each additional application increases the risk of attack by hackers, viruses, or ransomware. Reducing the number of continuously running applications on each system adds a layer of security to our infrastructure.

Furthermore, if a system is shut down, an agent program that needs to be running to perform backups is completely useless. A backup target going offline is a common sight in traditional backup software interfaces. In such cases, the only thing a backup administrator can do is to find the application or infrastructure administrator to boot up the operating system. With agentless technology, backups remain unaffected even when the system is powered off. And during the restore process, the backup software's diverse granular recovery options can still be performed manually, making it a perfect solution for both backup and restore.

Agentless backup performs backups remotely without installing software on each system. It connects via APIs, hypervisor integrations, or remote protocols.

Advantages:

• Easier to deploy and manage across large environments.

• Less system impact and faster backups.

• Works perfectly for VMware, Hyper-V, and cloud workloads.

Disadvantages:

• Limited application-level recovery in some cases.

• May not capture OS-specific logs or configurations.

👉 Related reading: Free Backup for VMware and Hyper-V with Vinchin

3. More Drawbacks of Traditional Backup Agents

Data backups that utilize agent technology overwhelmingly rely on the network. When we design DMZ zones for security isolation and enforce strict inbound/outbound rules, we suddenly realize that to implement this backup insurance, we must have a data stream into the DMZ zone to extract data. This breaks the originally completely isolated architecture, undermining the carefully designed, perfect structure.

Agentless application insertion technology is completely different from traditional agents. When performing application awareness, this execution can be carried out at the hypervisor level via VIX without requiring network connectivity. Therefore, in the design philosophy of backup software, it can bring an extra layer of security to backups in DMZ zones.

4. Which Backup Type Should You Choose?

Environment	Recommended Method	Why
Virtual Machines (VMware/Hyper-V)	Agentless	Easy to manage, faster
Physical Servers	Agent-based	Better for app-level consistency
Cloud Workloads	Agentless (API-based)	Scalable, cost-efficient
Legacy Systems	Agent-based	Required for deeper integration

For modern virtualized or hybrid environments, agentless backup is preferred due to efficiency and scalability. However, agent-based backup remains essential for mission-critical applications.

5. Combining Both for Best Results

A hybrid approach can deliver the best of both worlds:

• Use agentless backup for general VM protection.

• Deploy agents only where necessary (e.g., databases, ERP systems).

This approach simplifies management while maintaining granular recovery capabilities.

📖 For additional insights, see Gartner’s Data Protection Market Guide on backup technologies and trends.

Conclusion

The debate between agent vs agentless backup software isn’t about which is universally better—it’s about choosing what fits your infrastructure.

For large-scale VMware and Hyper-V environments, agentless backup provides simplicity and scalability. Meanwhile, agent-based backup remains vital for detailed application-level restores.

By understanding both approaches, you can design a balanced data protection strategy that ensures reliability, performance, and compliance.

An Alternative Method to Defend Against Ransomware – Advanced Data Protection Strategies

Introduction

Ransomware remains one of the biggest cybersecurity threats to businesses today. Even organizations with strong firewalls and antivirus software are not immune.

To ensure full resilience, IT administrators must explore alternative methods to defend against ransomware, going beyond traditional endpoint protection to secure data backups, isolate networks, and strengthen recovery plans.

1. The Rising Threat of Ransomware

According to Cybersecurity Ventures, ransomware attacks are expected to cost businesses over $265 billion annually by 2031. Attackers target backups, encrypt data, and demand payment, leaving companies helpless without recovery options.

Traditional defenses (antivirus, intrusion detection) are no longer enough — you need a layered, backup-driven defense strategy.

2. Alternative Ransomware Defense: Immutable Backups

Immutable backups are the backbone of a modern ransomware protection plan. These backups cannot be modified or deleted, even by administrators.

Best practices:

• Store critical backups in immutable storage (e.g., Veeam Hardened Repositories or cloud object storage).

• Use air-gapped or offline backup copies.

• Test recovery regularly to ensure data integrity.

👉 Related reading: Making VBR Login More Secure – Complete Guide to Veeam Authentication

3. Offline Storage

Today, I want to share an unconventional data storage method with everyone: using a rotating system of external hard drives for backup storage. This approach is quite creative and rarely used by administrators. Typically, such rotation methods are more common with optical discs and tapes, and are rarely used with external hard drives. It's important to note that this method isn't a foolproof solution that lets you rest easy; it's more of an unconventional workaround for using offline drives.

Scenario and Requirements:

- A portable hard drive enclosure that allows for easy drive swapping—the faster, the better. Generally, interfaces like USB 3, USB-C, or eSATA are good choices, with USB 3 and USB-C being more universal.

- Multiple high-capacity mechanical hard drives, preferably 7200 RPM SATA drives, which are usually compatible with these portable enclosures.

- Backup data is written to each drive in rotation based on a set cycle, and the backup administrator removes the drives periodically for offline storage.

Achieved Outcomes:

- As long as the data hasn't been tampered with or encrypted before going offline, the data on the drive is secure once offline.

- The backup data on each drive is self-contained and doesn't depend on other drives.

- Each drive contains its own metadata configuration file for reading information during data usage.

- Compared to tapes, this method has advantages: data usage and restoration are more straightforward.

4. Network Isolation and Zero Trust Architecture

Prevent ransomware from spreading by implementing Zero Trust principles:

• Limit network access with role-based security.

• Segment networks to isolate critical workloads.

• Disable unnecessary protocols like SMB and RDP.

📌 Refer to CISA’s Zero Trust Maturity Model for detailed recommendations.

5. Leverage Backup Software with Built-in Security

Tools like Veeam Backup & Replication or Vinchin Backup & Recovery offer ransomware defense through:

• Immutable repositories

• Encrypted backups

• Multi-factor authentication for console access

• Built-in anomaly detection

Conclusion

The best way to defend against ransomware isn’t just prevention—it’s resilient recovery. By combining immutable backups, network isolation, and layered protection, organizations can guarantee data safety even after an attack.

The future of cybersecurity depends on proactive data protection — make sure your backup and recovery strategies are ready.

Calculation Method for Data Center Resources – Power, Cooling, and Capacity Planning

I'm often asked at work, "How effective is your backup software's deduplication? How much space does the backup data take up?" Honestly, in terms of effectiveness, this is often directly related to the type of data and how it's stored. Different methods and different types of equipment can produce vastly different results, so this question is honestly very difficult to answer in a single sentence. However, no matter what, backup data requires disk space for storage, and during the design phase of a backup project, the capacity of the backup repository must be designed. This design is usually directly related to the user's storage costs, storage efficiency, and backup availability, making it a critical part of the backup project. Designing the storage capacity and bandwidth as accurately as possible is directly related to the success or failure of the project.

Introduction

Data centers are the backbone of modern IT, but managing resources like power, cooling, and capacity requires precise calculations. Without proper planning, businesses risk downtime, inefficiency, and high costs.

This guide explains the calculation methods for data center resources, helping IT administrators achieve the right balance between performance, efficiency, and scalability.

Here, I will use a typical virtualized environment as an example to illustrate how this calculation should be performed.

Environment information:

ESXi Hosts: 25

VMs: 500

Average disk capacity per VM: 200GB

Total Datastore used capacity: 100TB

Bandwidth Design

Typically, the backup process involves two modes: full backup and incremental backup. Generally, the first backup is a full backup, which transfers all data from the virtualized environment to the backup storage device, so the amount of data transferred is almost the entire used capacity of the Datastore. All subsequent transfers are incremental backups, transferring the amount of changed data in the virtualized environment, commonly the daily change rate. For this article, we will temporarily use the daily change rate as the unit for calculation.

In each environment, the daily change rate can be obtained from the Veeam ONE change assessment report, which provides a relatively accurate value. I will assume this change rate is 7%. So we get the following values:

Initial transfer data volume: 100TB

Daily incremental transfer data volume: 7TB

After enabling optimized compression and deduplication, assuming it achieves a conventional effect, the actual data transferred is 50% of the Datastore capacity:

Actual initial transfer data volume: 50TB

Actual daily transfer data volume: 3.5TB

Therefore, the required bandwidth is calculated as follows. Assuming for the initial transfer, we can run a continuous transfer for 24 hours on Saturday, and subsequent incremental backups are performed during daily business idle hours from 8:00 PM to 6:00 AM. After accounting for the basic configuration time of the backup job, we estimate that the actual data transfer time is about 80% of the total time. So, out of a 10-hour backup window, 2 hours are for basic backup configuration and waiting, and 8 hours are for actual data transfer. A simple calculation example is as follows:

Full backup required bandwidth: 50 * 1024 * 8 / (24 * 3600 * 80%) = 5.93 Gbps (1 GB/s = 8 Gbps)

Incremental backup required bandwidth: 3.5 * 1024 * 8 / (10 * 3600 * 80%) = 1 Gbps (1 GB/s = 8 Gbps)

From the above, we can see a general picture. The read/write throughput on the network and disks can be planned according to this data, configuring the appropriate number of NICs/HBAs to achieve the required backup throughput.

Capacity Design

Depending on the backup mode, capacity design is easiest to calculate when the data storage has no deduplication technology. The following will use the most common conventional incremental backup as an example to explain the calculation method, which is also a relatively simple calculation.

Keep at least 14 backup copies, perform one full backup per week, and perform one incremental backup per day.

Per week: Full backup 50TB * 1, Incremental backup 3.5TB * 6, Total: 71TB

Per month: 4 Weeks, Total: 71TB * 4 = 281TB

Considering an additional 15% cache-free capacity, the total estimated capacity is: 326.6TB

This is the conventional way to design backup capacity. Here, I also have an excellent tool to recommend: the Veeam Backup Repository Capacity Calculator, created by Veeam. This tool offers more comprehensive and detailed calculation methods, allowing you to input more data based on actual situations. The Veeam calculators online tool address is as follows:

https://www.veeam.com/calculators/simple/vbr/machines/vm

👉 Related reading: How to Solve the Problem of ESXi 7.0 System Storage Occupying Space

Secure Veeam Backup & Replication Login v13– Complete Guide to VBR Authentication

Secure Veeam Backup & Replication Login – Complete Guide to VBR Authentication

Introduction

Among the new features in v13, the most important are the security enhancements. Starting from this installment, I will provide a detailed introduction to the new security functions launched in v13 through practical application examples.

As cyberattacks and ransomware threats increase, securing Veeam Backup & Replication (VBR) login is more important than ever. VBR is often the last line of defense for enterprise data, making it a prime target for hackers.

This guide provides a step-by-step approach to securing VBR authentication, including multi-factor authentication (MFA), account protection, and best practices to prevent unauthorized access.

Today, let's start with identity authentication. In enterprise backup architectures, the security of management console accounts and access governance is crucial. Veeam Backup & Replication (VBR) now supports SAML-based single sign-on (SSO) in v13, which means you can centralize identity authentication to your organization's existing identity provider (IdP)—such as Azure EntraID. Through SAML integration, you can manage VBR logins alongside your company's account lifecycle, group policies, MFA, and auditing: operations become clearer, permission revocation is more timely, and higher compliance is achieved. This article uses Azure EntraID as an example to show you the specific methods for this integration in detail. For other similar solutions, such as Authing domestically or Okta and Auth0 internationally, you can try them yourself, following the Azure method.

Configuration Prerequisites

The prerequisites for configuring and using SAML integration are very simple; just install VBR using the latest Veeam Software Appliance. Of course, because network services are involved, there are still some necessary conditions for configuring SSO:

The VBR server must be able to access Azure EntraID's relevant endpoints.

Time synchronization: NTP servers must be correctly configured on VBR, and the time cannot be out of sync. SAML is timestamp-based, and authentication will fail if there is a deviation.

An Azure EntraID administrator account with permissions to create enterprise applications and assign users.

VBR administrator permissions, which are the foundation for configuring VBR accounts and identity integration.

The Windows machine where VBR Console is installed must correctly resolve the VBR hostname or FQDN; otherwise, the URLs in the SP/IdP Metadata won't match.

Why VBR Login Security Matters

If attackers gain access to Veeam Backup & Replication, they can delete backups or alter configurations, leaving businesses vulnerable.

📌 According to CISA Cybersecurity Guidelines, securing backup solutions is critical in mitigating ransomware risks

Configuration Method

The following configuration is divided into Azure and VBR parts and must be done in a specific order, so it is recommended to proceed sequentially.

Generate SP Information in VBR and Export Metadata

1. First, log in to the VBR console using the veeamadmin account. In VBR, open the hamburger icon (three horizontal lines) in the upper left corner and select Users and Roles from the dropdown menu.
   
   
   
2. Switch to the new Identity Provider interface in v13. By default, the Enable SAML Authentication option here is unchecked. Check it to enable it, and then look at the Service Provider (SP) Information section below. In identity authentication, VBR now acts as the service provider (SP) for the application, so we first need to install a certificate for VBR here. Click Install.
3. You can choose one from the local certificate store. Select an existing certificate from the certificate store and click Next.
4. In the certificate store, find the certificate with the Friendly Name Veeam Backup Server Certificate, then click Finish to complete.
5. At this point, you will see that the Certificate field in the SP Information section now has information, CN=<Backup Server FQDN>. The next step is to click the Download button below Install to download the XML file from the SP side and save it. This file will be used later during the Azure configuration.

Upload SP Metadata in Azure EntraID and Assign Users.

1. First, create a security group for VBR named VBR Users. Add a user to this group, for example, I added my own account.
2. In EntraID, find Enterprise apps. We need to create a new Application for VBR's identity authentication. Click New Application to create it.
3. When creating, do not choose from the catalog. Click Create your own application, then in the pop-up on the right, enter the app name and select Integrate any other application you don't find in the gallery (Non-gallery). For example, mine is called vbrsso.
   
   
   
4. After this Application is created, you will automatically be taken to the Application Overview interface. The Getting Started section clearly lists the next steps. You can configure them one by one as needed, following steps 1, 2, 3, 4, and 5. For VBR, we only need to configure two: Assign users and groups, and set up single sign-on.
5. After assigning the group created in the first step, VBR Users, to this application, click the second step, Set up single sign-on. This will take you to the single sign-on configuration interface. Here, we select the SAML option to integrate with VBR.
6. After entering the SAML configuration interface, steps 1-2-3-4 are clearly listed. However, we don't need to edit each item here individually. Just find the Upload metadata file option at the top, click it, and upload the XML file we just exported from VBR. Save it to complete the single sign-on configuration here. After uploading, you can see that the URLs in Basic SAML Configuration have been correctly updated to my VBR's FQDN.
7. Next, find the last row in the SAML Certificates box in step 3 above, click the Download button next to Federation Metadata XML, and download another automatically generated XML file from Azure EntraID.

At this point, the setup on Azure is complete.

Return to VBR and update the IdP configuration information.

1. Go back to the Identity Provider interface under Users & Roles in VBR, find the Identity Provider (IdP) Information settings. This is the information for the identity provider in the single sign-on setup, which in this case is Azure Entra ID acting as the identity provider. Click Browse next to it and upload the XML file you just downloaded from Azure. After the upload is complete, you will see that all the IdP information below has been correctly updated to Microsoft's URLs.
2. After clicking OK to complete the setup, we can reopen Users and Roles to add a user. Click Add..., and the External user or group option will appear; select it.
3. In the pop-up Add User dialog box, enter the complete Azure Entra ID email address.
4. With this, the entire configuration is complete. Let's test the login. Open the VBR client, and you will see that the Sign in with SSO option has appeared. Click on it directly.
5. After clicking, the login window will automatically pop up with the standard Microsoft login interface. After entering the password, the Microsoft MFA approval for login will also pop up. After approving it on the mobile Authenticator app, the VBR Console will successfully redirect and log in.
6. Let's also try the web interface. In the WebUI, we can similarly see the new Sign in With SSO option.
   
   
   
7. Likewise, after approving the login, we can access the Web UI with Veeam permissions. In the upper right corner of the Web UI, we can see that the accessing user's account and email are correctly displayed.

Viewing login audit information in Azure

In the Azure Entra ID management audit interface, you can clearly see the login information from VBR.

👉 Related reading: Veeam File-Level Recovery Guide

Conclusion

By following the above method, the integration between VBR and Azure Entra ID can be easily configured. It is important to note that users configured this way are only backup system users. They cannot log in to the Appliance's Veeam Management Console like the veeamadmin and veeamso accounts can; this SSO account cannot manage the Appliance.

From a security perspective, this configuration effectively separates backup system permissions. The authentication for the backup system is completely separated from the accounts for the backup infrastructure, which better complies with the usage standards of large enterprises and organizations.