Veeam APIs
What are Veeam Data Integration APIs?
“Veeam Data Integration API is a set of Veeam PowerShell cmdlets that allows you to represent data of backup files as a mounted Windows folder. You may want to use this option when you need an existing application to be able to access backed-up data in a read-only manner.”
Security analysis
"Data integration API: The Veeam Data Integration API is best consumed through PowerShell and is part of Veeam Backup & Replication. This capability allows the data of backup files to be exposed as a mounted Windows folder and it allows you access data that is available in the backup created by Veeam Backup & Replication. This capability is a great new technique as a weapon in the war against ransomware, and additional scans can be done on data that has already been backed up."
"This ransomware resiliency technique can provide additional scans of backups for threats, including using additional more-invasive tools that may not be used on production workloads. Additionally, if endpoint backups are in Veeam repositories, there is an incredible surface area to analyze for potential threat introduction."
“A cmdlet is a specialized .NET class that interacts with Microsoft .NET Framework objects. Each cmdlet acts as a single-function command that can perform multiple operations with these objects. Objects represent instances of the Veeam backup infrastructure: jobs, databases, restore sessions and so on.”
Sample: "data integration api.ps1.txt" (Click here)
# Add the Veeam PowerShell snapin - if it is already loaded continue silently with no error
Add-PSSnapin VeeamPSSnapin -ErrorAction SilentlyContinue
# The backup variable $backup is populated by the cmdlet Get-VBRBackup which will return info regarding the backup data
$backup = Get-VBRBackup -Name "BJ-core"
# Provide the host name of the target server (where eveything will be mounted)
$targetServerName = “172.21.237.40”
# Provide the credentials to access the remote server example: lab\administrator
# These must be stored within the Credentials manager in Veeam Backup & Replication
$targetAdminCreds = Get-VBRCredentials -name "lab\administrator"
# Get-VBRRestorePoint is where you find the restore point you wish to use, -Last can be used for the amount of objects you wish to go back
# $restorepoints = Get-VBRRestorePoint -Backup $backup | Sort-Object –Property CreationTime | Select -Last 1
$restorepoints = Get-VBRRestorePoint -Backup $backup | Sort-Object –Property CreationTime
foreach ($point in $restorepoints) {
# Publish the disks for the restore points via the Publish-VBRBackupContent cmdlet
$session = Publish-VBRBackupContent -RestorePoint $point -TargetServerName $targetServerName -TargetServerCredentials $targetAdminCreds
# Obtaining information about mounted disks
$contentInfo = Get-VBRPublishedBackupContentInfo -Session $session
Write-Host "`nBackup Job Name:" $session.BackupName "`nRestore Point:" $session.RestorePoint "`nVM Name:" $session.PublicationName
# Produce a report showing what mount points were published and where
foreach ($contentType in $contentInfo) {
Write-Host "================================"
$disks = $contentType.Disks
Write-Host "Mounted Disk:" $disks.DiskName
Write-Host "Mounted At:" $disks.MountPoints
Write-Host "Mounted As:" $contentType.Mode
Write-Host "Available From:" $contentType.ServerIps "(Port:" $contentType.ServerPort ")"
Write-Host "Available Via:" $disks.AccessLink
Write-Host "================================"
}
}
"By leveraging PowerShell, you can work with the API and mount ANY virtual disk from ANY virtual machine. If you want, you can even use all your backups and present all disks at once! There is no limitation on the amount of data you mount and want to re-use."
“Instead of impacting your production environment, why not leverage your backups to scan for malware, ransomware and other security threats? This takes the burden off your environment and enables you to test your backups for harmful actors which may not trigger until a later event.”
"Veeam PowerShell 101 (Beginners Guide) - Handout.pdf" - Contact me
PowerShell Cmdlet Examples: Add, Clear, Connect, Convert, Copy, Deploy, Disable, Disconnect, Eject, Enable, Erase, Export, Find, Get, Import, Install, Move, New, Publish, Remove, Rescan, Reset, Restart, Restore, Save, Send, Set, Start, Stop, Sync, Test, Undo, Uninstall, Unmount, Unpublish, Update.
Publish-VBRBackupContent - Mounts the content of backup files using the iSCSI protocol.
Get-VBRPublishedBackupContentSession - Returns sessions that are running to mount the backup content to iSCSI target servers.
Get-VBRPublishedBackupContentInfo - Returns details on the mounted content of backup files.
Unpublish-VBRBackupContent - Unmounts content of backup files from iSCSI target servers.
"Once the disks are mounted, you can see them in the well-known VeeamFLR folder, however, they will also be available via Windows Disk Management."
Beat ransomware: Education, Implementation and remediation with Veeam - 30 page PDF (see page 20)
Veeam Data Integration API - Veeam Help Center
Data Integration API - Getting started - Veeam Forums
Veeam Availability Suite v10 - Data Integration API Demo - 5:09 video
Veeam Backup & Replication V10: Data Integration API Examples - Neils Engelen
Machine learning on your Veeam backups? Sure! via the Data Integration API - Ben Young
Veeam Instant NAS Recovery in v11, Malware Detection and Machine Learning - Ben Young
Accessing Linux Volumes with the Veeam Data Integration API - Anthony Spiteri
Veeam Backup & Replication V10: Data Integration API Examples - "Virtual Bits and Bytes"
Veeam V10 Data Re-use: Part 1- Data Classification - "Mr. IT Surgeon"
Multi Engine Malware Scanning on your Backup Data? Veeam Data Integration API makes it possible with MetaDefender Cloud - Ben Young
Data integration API: The Veeam Data Integration API is best consumed through PowerShell and is part of Veeam Backup & Replication v10 . This capability allows the data of backup files to be exposed as a mounted Windows folder and it allows you access data that is available in the backup created by Veeam Backup & Replication . This capability is a great new technique as a weapon in the war against ransomware, and additional scans can be done on data that has already been backed up .
This ransomware resiliency technique can provide additional scans of backups for threats, including using additional more-invasive tools that may not be used on production workloads . Additionally, if endpoint backups are in Veeam repositories, there is an incredible surface area to analyze for potential threat introduction .
Due to the inherent fragmentation of ransomware threats, it is possible the encryption search may not show files that are encrypted from a threat . The possibility of Veeam Data Integration API in coordination with some of the preferred toolkits in each IT organization’s area of expertise are compelling in bolstering the visibility of threats before they are exposed at a larger scale . There is also incredible opportunity to use the Veeam Data Integration API in larger automation scenarios . Consider implementing workflows that take backups, perform SureBackup jobs and then automatically use the data integration API to perform more intensive scan tasks post-backup that may not be done on production workloads . This is an opportunity to reduce the time from threat introduction to threat exploit