Veeam Backup and Replication v13: What the latest release means for your cyber resilience strategy

The public release of Veeam Backup and Replication v13 marks one of the most significant updates Veeam has delivered in recent years. With a redesigned architecture, stronger security controls, and a strategic shift towards Zero Trust data protection, v13 sets a new benchmark for organisations that need reliable, ransomware-resilient backup and recovery.

For Covenco customers, the combination of Veeam v13 and our Cloud Connect service creates a powerful foundation for hybrid data protection, faster recovery, and stronger assurance that your off-site immutable copies remain clean, intact, and ready for use.

A redesigned architecture built for Zero Trust

Veeam v13 introduces an entirely new appliance-based architecture that strengthens operational security and removes many of the deployment and management risks seen in earlier versions. This updated approach is built around two major components: the Veeam Software Appliance (VSA) and the Veeam Infrastructure Appliance (VIA).

Veeam Software Appliance (VSA): A hardened control plane

The VSA delivers a streamlined, hardened control plane designed specifically to reduce the attack surface and eliminate configuration drift. It ships with a secure “just enough OS” image built to DISA STIG standards and receives automated, mandatory patching direct from Veeam. This means:

• No traditional OS management

• No reliance on Windows Server hardening

• No administrative access to the base OS

• Predictable, secure behaviour for your core backup server

This change makes the backup server significantly more resilient and removes one of the most common weak points in the estate.

Veeam Infrastructure Appliance (VIA): Easier, safer component deployment

VIA simplifies how proxies, repositories, and other backup components are deployed and maintained. It also includes a hardened repository profile that removes the need for deep Linux expertise, enabling secure on-site storage with minimal operational overhead.

Both appliance models are designed to complement, not replace, dedicated immutable storage appliances such as Object First Ootbi, which continue to play a crucial role in Zero Trust separation of duties.

Stronger ransomware defence and proactive attack detection

Security is the core theme of v13. The update introduces proactive backup scanning, which moves malware detection earlier in the workflow and prevents compromised workloads from ever reaching your off-site backup repository.

Key improvements include:

• Real-time malware scans during backup and replication

• Suspicious activity detection across Windows, Linux, Azure, AWS, and Google workloads

• Veeam Threat Hunter providing advanced forensics and guided recovery

• Source-side scanning that stops infected data from being pushed to Cloud Connect

For Covenco Cloud Connect users, this significantly reduces the risk of contaminated backup chains and improves the speed and confidence of full recovery.

Improved access control and secure authentication

Veeam v13 also elevates identity and access management. A new RBAC framework allows organisations to create granular, scoped roles that define exactly what operators can view or restore. This is essential for compliance, especially in regulated sectors.

Support for SAML 2.0 Single Sign-On, including deep integration with Microsoft Entra ID, removes password sprawl and centralises authentication into your existing identity controls. This aligns cleanly with Zero Trust principles and supports the use of limited-privilege accounts.

High availability and operational efficiency

For organisations with strict RTOs and RPOs, the backup server is a mission-critical component. Veeam v13 introduces high availability clustering for the VSA, enabling an active/passive setup that maintains continuity during outages or planned maintenance.

Other improvements include:

• A new Web UI, removing dependency on the Windows client

• A more modern protocol layer using gRPC instead of legacy RPC/WMI

• Simplified port requirements and reduced network exposure

• More predictable performance for Cloud Connect replication

These changes create a cleaner, more resilient platform with fewer moving parts.

What this means for Covenco customers

Veeam v13 improves every stage of the data protection lifecycle. For organisations using Covenco’s Cloud Connect service, the benefits are even more significant:

Cleaner data for recovery
Proactive on-premises malware detection ensures the immutable copies stored in our data centre are clean and ready for use.

Better compliance alignment
Our team can help configure RBAC and identity integration to meet sector-specific governance requirements.

Higher performance and resilience
The updated architecture enables faster backup processing, more predictable replication, and greater uptime for critical components.

A smoother upgrade path
Covenco can plan, validate, and manage the full upgrade process, reducing downtime and ensuring the new features are configured correctly from day one.

Plan your Veeam v13 upgrade with Covenco

If you are preparing your move to v13 or want support in reviewing your current data protection architecture, our specialists are here to help. Our Professional Services and Cloud Connect teams can provide guidance on:

• V13 architecture planning

• Secure deployment of VSA and VIA

• Hardened repository design

• Immutable storage strategy

• Cloud Connect optimisation

• Cyber recovery planning

Speak to your Covenco Account Manager to book a review session and start planning your upgrade.

Contact Covenco’s data protection team:
Tel: +44 (0)1753 732 000
Email: sales@covenco.com