Showing results for 
Search instead for 
Did you mean: 

Protect Microsoft’s Shielded Virtual Machines using Veritas Backup Exec


Virtualization has increased IT productivity, efficiency, agility, and responsiveness. Compared to physical environments, it has greater business continuity and disaster recovery capabilities. However, this also comes with a new set of challenges as server admins and storage admins have access to these VM files which can be misused and go undetected. If any of the VMs is an Active Directory domain controller, the malicious admin can use readily available brute force techniques to crack the passwords in the Active Directory database ultimately giving them access to everything else. Attack vectors like these are real threats for all virtualization platforms.

Shield_Lock.pngMicrosoft introduced Shielded Virtual Machine in Windows Server 2016 by extending virtual machines the same security capabilities that physical machines have enjoyed for years. For more details refer to the Microsoft Shielded Virtual Machine article.

We recommend using Microsoft’s Shielded Virtual Machine feature to protect against root-kits, boot-kits, and kernel-level malware.

Shield_Backup.pngProtecting Microsoft’s Shielded Virtual Machine using Backup Exec

Veritas Backup Exec provides seamless protection of Microsoft’s Shielded Virtual Machine running on a guarded host with secure boot and bit-locker encryption.

  • With our Ransomware Resilience feature, the backup disk storage and deduplication storage location are protected against a ransomware attack. Starting with Backup Exec 21, there is added protection to the Backup Exec services, preventing malicious code injection by ransomware.
  • Validate VM for Recovery provides automated DR testing of Shielded VM Backups.
  • When it comes to restoring Shielded Virtual Machine, Backup Exec supports in-place restore as well as restore to a different Hyper-V host.
  • In case of disaster, the Shielded VM can be recovered instantly on the guarded host using the Backup Exec Instant Recovery feature. It provides near-zero RTO by standing-up Shielded Hyper-V VMs in a matter of minutes.

While Microsoft has continued to focus on the security of virtual machines with enhancements in Windows Server releases, Veritas also shares Microsoft’s focus on securing VMs by not just allowing for protection of shielded VMs but also protecting the storage where the shielded VMs are backed up.

For more details and best practices on Shielded VM protection refer to the Backup Exec Agent for Microsoft Hyper-V guide.

Refer to the Increasing Ransomware Resilience white paper for protection against external threats.

Refer to the Backup Exec software compatibility list for the supported Windows Server versions.