Backup Exec
Backup Exec is a comprehensive data protection software solution designed for backup, recovery, and cyber resilience across physical, virtual, and multi-cloud environments, enabling organizations to safeguard business-critical data from loss, theft, or corruption.[1] Originally developed in 1982 by Maynard Electronics as a basic backup utility for tape subsystems, Backup Exec evolved through a series of acquisitions and enhancements, starting with its acquisition by Archive Corporation in 1989, followed by Conner Peripherals in the early 1990s, Seagate Technology in the mid-1990s, and Veritas Software in 1999 for $1.6 billion as part of Seagate's network and storage management group.[2] In 2005, Symantec acquired Veritas for $13.5 billion, integrating Backup Exec into its portfolio and releasing key versions such as 10.0 in 2005 with disk-to-disk-to-tape support and 11d in 2006.[3] Symantec spun off its information management business, including Backup Exec, to form the independent Veritas Technologies in 2016 following a $8 billion sale to private equity firms Carlyle Group and GIC.[4] In December 2024, as part of Cohesity's acquisition of Veritas' enterprise data protection assets (such as NetBackup), Backup Exec was separated into a new standalone company called Arctera, which focuses on data management solutions including Backup Exec, InfoScale, and Enterprise Vault.[5] As of November 2025, Arctera operates independently, with Cloud Software Group announcing its intent to acquire the company in August 2025, expected to close in Q4 2025 subject to regulatory approvals.[6] Key features of Backup Exec include a unified console for managing all workloads, forever-incremental backups for virtual machines with instant recovery, integrated protection for Microsoft 365 applications such as Exchange Online, OneDrive, SharePoint, and Teams, and support for major cloud platforms like AWS, Azure, and Google Cloud with certified connectors.[1] It incorporates security measures like encryption, multi-factor authentication, and role-based access control, along with cyber resilience tools for detecting and recovering from ransomware attacks.[1] Trusted by over 45,000 businesses worldwide, Backup Exec offers flexible subscription licensing and is available in versions such as 25.1, which adds support for Microsoft Entra ID backups and enhanced Microsoft 365 performance.[7]History
Origins and Early Development
Backup Exec traces its origins to Maynard Electronics, a company founded in 1982 by Kim and Alison Knapp in a Florida suburb, where they developed a bundle of software utilities to enable data backups from personal computers to tape drives. This initial software, branded as MaynStream, served primarily as drivers and a simple menu-driven interface to accompany the company's MaynStream Tape subsystems, simplifying backup processes for early PC users and boosting hardware sales.[2][8][9][10] Designed as a DOS-based tool, MaynStream targeted small business and enterprise environments reliant on tape storage, with a focus on backing up data from Novell NetWare servers to ensure reliable data protection in networked settings. The software emphasized ease of use for tape-based operations, integrating directly with hardware to handle PC data transfers without complex configurations.[2][9] In its early iterations during the late 1980s, MaynStream evolved to support broader compatibility, culminating in version 3.1 released in 1989, which extended functionality to DOS, OS/2, Windows, and NetWare platforms. This version introduced foundational features like multi-OS backup capabilities and improved tape drive integration, laying the groundwork for automated data management in heterogeneous environments.[2] By the mid-1990s, the software transitioned to accommodate emerging server technologies, becoming the first backup solution to support Microsoft Windows NT and shifting from standalone DOS utilities to a client-server architecture that enabled centralized backup operations across networks.[9]Ownership Changes and Milestones
Backup Exec's corporate journey began to accelerate in the early 1990s with key acquisitions that shaped its development as a network backup solution. In 1992, Conner Peripherals agreed to acquire Archive Corporation, which had previously purchased Maynard Electronics and its MaynStream software in 1989, leading to the rebranding of the product as Backup Exec in 1993. This move positioned Backup Exec as a versatile backup tool for emerging client-server environments. Seagate Technology then acquired Conner Peripherals in a $1.1 billion deal completed in 1996, incorporating Backup Exec into Seagate Software and enhancing its focus on Windows NT compatibility, with NDMP support for NAS devices introduced in subsequent versions to enable efficient backups over networks.[11][12] A major shift occurred in 1999 when Veritas Software acquired Seagate Software's Network and Storage Management Group, including Backup Exec, for $1.6 billion in stock.[2] This integration renamed it Veritas Backup Exec and bolstered its capabilities with advanced SAN support, allowing multiple servers to share storage resources via [Fibre Channel](/page/Fibre Channel), as exemplified by the launch of the Shared Storage Option in the late 1990s to optimize enterprise storage utilization.[13] In 2005, Symantec Corporation acquired Veritas for $13.5 billion, merging Backup Exec into Symantec's portfolio and prompting versioning updates from numeric schemes (e.g., 9.0) to year-based releases like Backup Exec 2010 R3.[14] This era emphasized virtualization integration, aligning the product with growing demands for VM backups. Symantec's ownership continued until 2016, when Veritas Technologies was spun off as an independent entity in a $7.4 billion deal involving private equity firms, enabling focused innovation on Backup Exec under Veritas. Veritas sustained Backup Exec's evolution through the 2010s and early 2020s, introducing deduplication features in Backup Exec 2010 to reduce storage needs by eliminating redundant data blocks.[15] Cloud connectivity advanced with the Cloud Connector in Backup Exec 15 (2015), facilitating direct backups to services like Amazon S3 and Microsoft Azure for hybrid environments.[16] In 2024, amid Cohesity's $7 billion acquisition of select Veritas assets including NetBackup, the Backup Exec business was divested to form Arctera, a new independent company completing the transfer in December 2024 to prioritize data management specialization.[17][18] In August 2025, Cloud Software Group announced its intent to acquire Arctera for an undisclosed amount, with the transaction expected to close in the fourth quarter of 2025, subject to regulatory approvals. As of November 2025, the acquisition remains pending.[6]Overview
Purpose and Scope
Backup Exec is designed as a unified backup and recovery software solution that provides comprehensive data protection for physical, virtual, and cloud workloads, primarily targeting small to medium-sized businesses (SMBs) and midmarket enterprises seeking cost-effective scalability without the complexity of larger-scale tools.[19][20] Its core purpose centers on ensuring business continuity by enabling automated backups, rapid restores, and disaster recovery capabilities that minimize downtime and data loss risks in diverse IT environments.[21] This approach allows IT administrators to manage protection from a single console, simplifying operations for organizations with limited resources while supporting agent-based deployment for efficient data handling.[20][22] The scope of Backup Exec encompasses a wide range of assets, including endpoint devices, servers, databases such as Microsoft SQL Server and Oracle, critical applications, and SaaS platforms like Microsoft 365 (covering Exchange, OneDrive, SharePoint, and Teams).[23][24][19] It emphasizes secure, scalable protection through features like encryption and ransomware resilience, making it suitable for businesses handling sensitive data such as financial transactions while adhering to compliance requirements.[19] Trusted by over 45,000 organizations worldwide, Backup Exec democratizes cyber resilience by offering tools that detect threats and enable quick recovery, particularly beneficial for SMBs facing evolving data protection challenges.[19][25] In contrast to enterprise-focused solutions like NetBackup, which cater to large-scale deployments, Backup Exec prioritizes simplicity and affordability for IT teams in smaller environments needing straightforward, agent-based safeguards across hybrid infrastructures, including support for platforms like Windows Server.[22][26] This focus ensures that organizations can achieve reliable data availability without extensive configuration overhead, supporting use cases from routine backups to full system recovery in the event of disruptions.[19]Supported Platforms and Environments
Backup Exec supports a range of server operating systems for both the media server and remote agents, enabling deployment in diverse enterprise environments. The media server installs exclusively on 64-bit Windows Server editions from 2012 through 2025, including Standard, Datacenter, and Essentials variants.[27] For Linux servers, compatibility includes Red Hat Enterprise Linux 7.0 to 9.0, SUSE Linux Enterprise Server 12 SP5 and 15 SP1 through SP7, Ubuntu 14.04 LTS to 25.10, Debian 10 to 13, and Oracle Linux 7 to 10, all on x86-64 architectures.[27] These platforms allow Backup Exec to protect file systems, databases, and applications through dedicated agents. In virtualization environments, Backup Exec provides agentless backup and recovery for virtual machines, minimizing downtime. It supports VMware vSphere and ESXi hosts from versions 6.7 to 9.0, including vCenter Server management, with features like changed block tracking for efficient incremental backups.[27] For Microsoft Hyper-V, compatibility extends to hosts on Windows Server 2012 through 2025, supporting live VM migration and granular recovery of VHDX files.[27] These integrations facilitate protection of hybrid physical-virtual setups without requiring VM agents. Backup Exec extends to cloud and hybrid scenarios, supporting offsite replication and direct backups to public cloud storage. It integrates with Amazon Web Services (AWS) S3 for object storage, VMware Cloud on AWS, and Amazon FSx for Windows File Server, enabling tiered storage and immutability options.[27] In Microsoft Azure, it backs up to Blob Storage, Azure Files, and Azure VMware Solution (AVS) 2.0.[27] Google Cloud Storage buckets are also compatible via S3-compatible connectors, with support for new regions as of 2025.[28] For SaaS applications, Backup Exec protects Microsoft 365 workloads, including Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams (with private channels), and Entra ID configurations for identity data.[29] Storage compatibility encompasses traditional and modern options for scalable data protection. Tape libraries support LTO generations 3 through 9, including drives and automation from vendors such as Hewlett Packard Enterprise (e.g., MSL series, Ultrium drives), IBM (e.g., TS3100/TS3500/TS4500 series), Dell (e.g., PowerVault TL series), and Quantum (e.g., Scalar i3/i6).[30] Disk-based storage includes NAS and SAN arrays like Dell PowerStore, HPE StoreOnce, NetApp FAS series, and IBM Storwize, with native support for deduplication and replication.[30] Deduplication appliances are certified for Dell EMC Data Domain (with DDOS plugin), HPE StoreOnce (optimized duplication), and Quest QoreStor/DR series, reducing backup storage needs across environments.[30] For endpoints, Backup Exec deploys remote agents to protect desktops and laptops in Windows, macOS, and Linux environments. Windows support covers versions 10 and 11 (Pro, Enterprise editions, x86-64), while macOS and Linux endpoints receive file-level backups via the Desktop and Laptop Option or Unix/Linux agents.[31][32] These agents enable scheduled, automated protection of user data across distributed workforces.Architecture
Core Components
The Backup Exec Server serves as the central management console for the software, enabling administrators to create backup policies, schedule jobs, monitor operations, and generate reports on data protection activities. It operates on a Windows Server environment and coordinates all backup and recovery tasks across the network.[33] Agents form the foundational layer for extending backup capabilities to remote and virtual systems. The Remote Agent for Windows and Linux facilitates file-level and application-consistent backups on those operating systems by installing on target servers to handle data collection and transfer back to the Backup Exec Server. The Virtual Agent, designed for hypervisors such as VMware and Microsoft Hyper-V, enables image-level backups of virtual machines, allowing for granular recovery options without disrupting host operations. In Backup Exec 25, agents also support Microsoft Entra ID backups.[34][35][7] The Media Server component manages the physical and logical transfer of backup data to storage devices, supporting features like multiplexing to optimize throughput across multiple drives and synthetic backups to create full backups from incremental sets without additional source reads. It integrates directly with the Backup Exec Server to ensure efficient data streaming and device management.[36] Backup Exec relies on a database to store critical operational data, including job histories, backup catalogs, and configuration settings. By default, it uses the embedded Microsoft SQL Server Express edition for smaller deployments, but supports external SQL Server instances for larger-scale environments requiring enhanced performance and scalability. Supported versions include SQL Server 2008 SP3 through 2022.[37][27] The storage architecture in Backup Exec encompasses diverse options for data handling, including integration with robotic tape libraries for automated, high-capacity archiving; cloud-based tiers such as Amazon S3, Microsoft Azure, Google Cloud, and OVHcloud S3 for scalable offsite storage; and deduplication storage to eliminate redundant data blocks, thereby optimizing space and reducing backup windows. These elements connect through the Media Server to provide a unified, efficient framework for long-term data retention.[36][38][39][1]Optional and Add-on Components
Backup Exec offers several optional and add-on components that extend its core functionality, enabling advanced data management, centralized oversight, and integration with specialized environments. These modules are designed to address specific needs such as storage optimization, multi-site administration, and cloud-based operations, allowing users to scale and customize their backup infrastructure without relying solely on built-in features.[40] The Deduplication Option provides both client-side and server-side deduplication capabilities, identifying and eliminating redundant data blocks during backups to optimize storage usage. Client-side deduplication processes data on the source machine before transmission, reducing network bandwidth, while server-side deduplication occurs on the Backup Exec media server. This option integrates with disk-based storage and OpenStorage devices.[41][42] Backup Exec supports off-host backups as an integrated feature to minimize impact on production servers, using technologies like Microsoft VSS for Windows or VMware VADP for virtual environments to offload processing. This enables remote site mirroring for disaster recovery via job configurations, leveraging SAN or network connections without a dedicated replication server.[43][44] The Central Admin Server Option (CASO) enables centralized management of multiple Backup Exec instances across different sites, allowing administrators to delegate jobs, monitor activities, and coordinate resources from a single console. It supports a hierarchical structure where a central server oversees managed media servers, facilitating policy enforcement and reporting without direct intervention on remote systems. This option is essential for enterprises with dispersed infrastructure, streamlining administration while maintaining local autonomy.[45][46][40] The Cloud Connector provides tools for archiving backups to public cloud providers and supports instant cloud recovery, integrating with services like Amazon S3, Microsoft Azure, and Google Cloud. It handles secure data transfer, encryption, and direct restoration from cloud storage, enabling hybrid environments to leverage cloud scalability for long-term retention. Configuration involves setting up credentials and storage endpoints within the Backup Exec console, with support for deduplicated data uploads to minimize costs.[47][48][49] Specialized agents enhance Backup Exec's support for complex data types and hardware. The Agent for Applications and Databases offers granular recovery for platforms like Microsoft Exchange and SQL Server, allowing item-level restores without full database recovery. The NDMP Option enables backups of tape libraries and NAS devices using the Network Data Management Protocol, supporting robotic control and direct device access. Additionally, OpenStorage integration allows connectivity to third-party deduplication appliances, enabling Backup Exec to utilize external storage optimization without native processing. These agents ensure compatibility with enterprise-grade systems, focusing on application-aware protection and hardware-specific operations. In Backup Exec 25, support extends to Microsoft 365 applications including Entra ID.[40][50][51][52][53]Deployment
Installation Process
The installation of Backup Exec begins with verifying system requirements to ensure compatibility and optimal performance. The software requires a minimum of 8 GB RAM dedicated exclusively to Backup Exec, with 16 GB or more recommended for production environments; a multi-core CPU such as Intel Pentium, Core, Xeon, or compatible AMD processor running at 2 GHz or higher is advised. It supports 64-bit operating systems including Windows Server 2016, 2019, 2022, or 2025, but not Windows Server Core, ReFS file systems, or Cluster Shared Volumes.[27] Disk space needs at least 2 GB for a typical installation, plus an additional 525 MB for the included SQL Server Express Edition, and further space for the catalog database which can grow significantly based on backup volume—up to hundreds of GB in large deployments. Microsoft SQL Server 2014 SP3 or later (such as 2016 SP2, 2017, or 2019) is supported, with SQL Express bundled for standard setups or a remote SQL instance for environments like Read-Only Domain Controllers.[54] Other prerequisites include .NET Framework 4.8 or later, administrative privileges, and compatible hardware drivers from the Backup Exec Hardware Compatibility List.[54][27] To obtain the installer, users access the Arctera or Veritas portal using their entitlement credentials; for trials, a 60-day version is available directly from the Arctera website without a credit card. Once downloaded, the setup is initiated by running the executable as an administrator, launching the Installation Wizard which offers typical (default components) or custom options. During the wizard, users select the SQL instance—either the bundled Express edition or an existing full SQL Server—and configure basic settings like the installation path and service accounts. The process includes an environment check to validate prerequisites and generates an installation summary report upon completion.[55][56][57] Agent deployment for remote systems follows the core server installation, enabling backups across networked environments. From the Backup Exec console, administrators can push the Remote Agent for Windows Systems (RAWS) to target servers via the deployment wizard, which handles authentication and installation automatically; alternatively, manual installation uses the agent MSI package on each remote machine. Firewall configurations are essential, requiring open TCP ports such as 10000 for Backup Exec server communication, 13724 for the agent, and dynamic high-range ports (e.g., 49152–65535) for data transfer during backup and restore operations—at least two dynamic ports per concurrent job. For non-Windows agents like Linux/Unix, separate installers are used with trust establishment via SSH.[58][59] Post-installation verification confirms functionality and readiness. Administrators should activate the license key through the console under Tools > License Keys, ensuring all editions are applied correctly. A test backup job can then be created and run against a local or remote resource to validate data capture and storage, followed by checking the job history for success and reviewing logs for errors. Initial storage devices, such as disk folders or tape libraries, must be inventoried and configured in the console under Storage to prepare for production use; the installation summary report and event logs provide additional confirmation of service status.[60][57] Upgrading Backup Exec, such as from version 24.x to 25.1, supports in-place methods to preserve configurations. The process requires a valid license for the target version and a full backup of the catalog database beforehand using built-in tools or SQL utilities to mitigate data loss risks. Run the new installer on the existing server, which detects the prior installation and prompts for migration; review and stop Backup Exec services manually if needed, then follow the wizard to update components, agents, and the SQL database schema. Post-upgrade, generate a migration report to verify settings and test a backup job to ensure continuity.[61][62]Initial Configuration
After installing Backup Exec, the initial configuration involves setting up backup policies through the console to define selections, schedules, and retention. Administrators access the Backup and Restore tab to create a backup definition, selecting data sources such as servers, applications, or virtual machines using installed agents like the Backup Exec Agent for Windows. Schedules are configured to run full backups, which capture all selected data, alongside incremental backups for changes since the last backup or differential backups for changes since the last full backup; for example, a common setup includes weekly full backups on Fridays and daily incrementals. Retention periods are specified via media sets in the console, determining how long backup sets are kept before overwriting, typically ranging from days to years based on compliance needs.[63] Storage configuration follows, enabling the addition of devices and offsite options to support backup operations. Using the Configure Storage wizard on the Storage tab, users add media servers for distributed environments, tape drives via the Hot-swappable Device Wizard, or cloud storage by entering credentials for providers like Amazon S3, Google Cloud, or Azure. Duplication rules are set up through dedicated jobs in the console, automating copies to offsite locations such as secondary tapes or remote cloud instances to ensure data redundancy.[64][65] User roles and security are established via role-based access control (RBAC) to manage permissions securely. In the Configuration and Settings menu, select Role-Based Access Settings to define roles such as Administrator for full access or Operator for limited job monitoring and execution. Integration with Active Directory occurs through logon accounts configured in the console, allowing Backup Exec to authenticate users and browse domain resources using AD credentials.[66][67] Notification and reporting setup ensures proactive monitoring of operations. Email alerts for job failures, such as missed backups or storage errors, are enabled under Alerts and Notifications by configuring SMTP settings and adding recipients; text notifications are also supported for mobile alerts. Dashboard views are customized in the Job Monitor on the Home tab, filtering alerts by severity (e.g., error or warning) and displaying real-time job status for quick oversight.[68][69] Best practices during initial configuration emphasize security and efficiency, particularly for encrypted and virtualized environments. Enable encryption at rest for stored backups and in transit for data transfers via job options in the console, using Backup Exec's built-in keys or third-party certificates to protect against unauthorized access. For virtualization hosts like VMware or Hyper-V, optimize by deploying the respective agents and selecting changed block tracking in policies to reduce backup windows and resource usage.[70][71]Features and Capabilities
Backup and Recovery Functions
Backup Exec supports several backup types to facilitate efficient data protection strategies. A full backup captures all selected data from the source, providing a complete baseline copy regardless of prior backups. Incremental backups include only the data that has changed since the last backup, whether full or incremental, minimizing storage and time requirements for subsequent operations. Differential backups, in contrast, back up all changes since the last full backup, accumulating modified data across runs until the next full backup. Synthetic backups optimize for large datasets by creating a new full backup image on storage without re-reading the source data; instead, they combine the existing full backup with incremental changes in a process that reduces resource usage on the source system.[72][73][74] The backup process in Backup Exec begins with job initiation through backup definitions, which serve as containers encompassing selections of data sources, job templates, schedules, and storage destinations. Administrators define policies within these backup definitions to automate recurring jobs, such as scheduling full backups weekly and incrementals daily. Once initiated, data is streamed directly from the source to the designated storage device, such as disk, tape, or deduplication folders, enabling parallel processing for improved throughput. During or after streaming, Backup Exec generates catalogs—indexes of backup sets that include metadata like file names, sizes, and locations—to enable rapid searches and restores without scanning the entire backup image.[75][76] Granular recovery in Backup Exec allows for item-level restores, enabling users to recover specific files, folders, email messages, virtual machine components, or database objects without restoring the entire system or volume. This feature relies on Granular Recovery Technology (GRT), which must be enabled during the backup job to index individual items for selective access. For virtual machines, GRT supports restoring guest OS files or application data directly from the VM backup image. Similarly, for databases like Microsoft SQL Server or email systems like Microsoft Exchange, GRT facilitates recovery of tables, mailboxes, or messages in non-clustered environments.[77][78][79] Disaster recovery capabilities in Backup Exec include automated bare-metal restores for physical servers, which rebuild the operating system, partitions, and data from bootable recovery media without requiring the original hardware configuration. The Simplified Disaster Recovery (SDR) process captures system-level information during backups, such as boot configurations and drivers, to facilitate automated reconfiguration during restore. Users can create verifiable bootable media, like ISO images or USB drives, from SDR backups to initiate the recovery on dissimilar hardware. This ensures minimal downtime by restoring the server to a pre-disaster state, including data files protected by Backup Exec agents.[80][81] Performance optimizations enhance backup and recovery efficiency, particularly for virtualized and application environments. True Image Restore (TIR) for virtual machines allows restoration of VM directories or files to their exact state from any full or incremental backup point, preserving directory structures and dependencies without conflicts from later changes. Application-aware backups leverage Microsoft Volume Shadow Copy Service (VSS) for VSS-compliant applications, ensuring consistent snapshots of databases and other apps by quiescing them during the backup process to avoid data corruption. These features, combined with multi-streaming options, support faster processing for large-scale VM environments.[82][78][79]Security and Compliance Tools
Backup Exec incorporates several built-in tools to enhance ransomware resilience, including AI-based anomaly detection that monitors backup data for unusual patterns indicative of threats, such as unexpected encryption or file modifications. This proactive feature, introduced in version 22.2, alerts administrators to potential attacks in real-time, enabling swift intervention. As of version 25.1 (October 2025), enhancements include expanded malware detection for additional threats and support for new environments like Windows Server 2025.[83][84] Additionally, the software supports immutable storage options through integration with Object Lock on compatible cloud providers like Azure Blob Storage, ensuring backup data cannot be altered or deleted during a specified retention period. Air-gapped tape support further bolsters protection by allowing offline storage of backups on physical media, isolating them from network-based threats as recommended in Arctera best practices.[85][86] For encryption, Backup Exec employs AES-256 standards to secure data both in transit via TLS 1.2 with SHA-256 certificates and at rest on disk, tape, or cloud storage. This FIPS 140-2 compliant encryption applies to user data, metadata, and catalogs during backups and restores, with hardware-accelerated options available for T10-compliant tape drives. Key management is handled through the console, where administrators can create, replace, or delete keys using passphrases of at least 16 characters, supporting both common (shared) and restricted (passphrase-protected) access to ensure secure handling without external dependencies.[87][88][89] Compliance tools in Backup Exec facilitate adherence to regulatory standards through Write Once, Read Many (WORM) functionality for media and cloud storage, meeting requirements like SEC Rule 17a-4 for immutable retention of financial records. For GDPR, the GDPR Guard feature blocks restoration of sensitive personal data items to production systems, generating detailed reports on data handling requests to support privacy audits, while similar reporting capabilities aid HIPAA compliance by tracking access and erasure. Comprehensive audit logs record all administrative actions, including configuration changes, job executions, and user activities, providing a verifiable chain-of-custody for regulatory reviews.[90][91][92] Access controls are enforced via multi-factor authentication (MFA) for console logins, adding a secondary verification layer beyond passwords, and role-based access control (RBAC) that assigns granular permissions to users based on their responsibilities, such as limiting restore operations to authorized personnel. Version 25.1 (October 2025) includes enhancements to RBAC for improved centralized access management. Data masking is achieved through features like GDPR Guard, which obscures or blocks sensitive items during restores to prevent unauthorized exposure. In incident response, automated quarantine isolates suspicious backup jobs detected by anomaly or malware scanning, while audit logs can be exported for integration with security information and event management (SIEM) tools like Splunk to correlate events across environments. Microsoft Entra ID protection, added in version 25.1, enables backups of identity configurations to enhance cyber resilience against identity-based threats.[20][66][93][29]Integration and Automation
Backup Exec provides automation capabilities through its Backup Exec Management Command Line Interface (BEMCLI), a PowerShell module that enables scripting for tasks such as creating and managing backup jobs, configuring storage devices, and monitoring job status. This allows administrators to integrate Backup Exec into custom workflows, including job orchestration via scheduled scripts or tools like cron for Unix-like environments. For example, BEMCLI cmdlets like Get-BEJob and New-BEBackupJob facilitate programmatic control over backup operations, reducing manual intervention in large-scale deployments.[94] While comprehensive REST APIs are not prominently documented in official guides, community discussions indicate limited support for RESTful interactions in newer versions, primarily for querying job details and basic operations, though PowerShell remains the primary method for advanced automation.[95] Backup Exec integrates seamlessly with virtualization platforms via dedicated agents. The Agent for VMware leverages vStorage APIs for Data Protection (VADP) to perform agentless backups of virtual machines, supporting features like forever incremental backups and automated VM discovery for efficient protection of vSphere environments. Similarly, the Agent for Hyper-V utilizes Microsoft Volume Shadow Copy Service (VSS) integration to enable host-level backups and instant recovery of Hyper-V clusters, including support for live migration scenarios. For cloud environments, Backup Exec includes certified connectors to AWS, allowing backups to S3 storage tiers (including Glacier Deep Archive) and AWS FSx file shares, with marketplace templates for rapid deployment in hybrid setups. Azure integration supports Blob storage, Files shares, and Instant Cloud Recovery for failover to Azure VMs. Additionally, Backup Exec protects Microsoft 365 workloads through direct API access, enabling incremental backups and granular restores of Exchange Online mailboxes, OneDrive files, SharePoint sites, and Teams data after adding tenants via the console. Version 25.1 (October 2025) introduces significantly faster OneDrive backups and improved scalability for high-volume Microsoft 365 environments.[96][97][98][99][29] Automation features in Backup Exec enhance operational efficiency through policy-driven scheduling and job chaining. While built-in SLA-based policies are monitored via integrated reporting for compliance tracking, such as backup success rates, the core automation relies on configurable rules for job execution. Auto-duplication allows backup sets to be automatically copied to secondary sites or cloud storage post-primary backup, using optimized methods for deduplicated data to minimize bandwidth usage. Robotic library management is facilitated by the Advanced Device and Media Management (ADAMM) system, which automates tape inventory, drive allocation, and partition creation in multi-drive libraries, ensuring seamless handling of physical media without manual intervention.[100][101][102][103] Reporting and analytics in Backup Exec include customizable dashboards for real-time visibility into job performance, storage utilization, and deduplication ratios, with pre-built reports like Backup Job Success Rate and Media Audit to forecast capacity needs. For advanced log analysis, Backup Exec supports forwarding events to external tools, though direct Splunk integration is more established for related Arctera products like NetBackup via add-ons; users can export logs for Splunk ingestion to enable predictive analytics on failure patterns. Optional components, such as Central Admin Server, extend these capabilities across multiple sites.[104] Workflow examples demonstrate Backup Exec's flexibility in orchestrated processes. For instance, event-driven backups can be initiated via application alerts or external scripts using BEMCLI to trigger jobs upon database commits or file changes. Chained workflows commonly involve a primary backup to disk followed by auto-duplication to AWS S3 for offsite retention, and subsequent export to tape via robotic libraries for long-term archiving, ensuring compliance with 3-2-1 backup rules.[101][1]Limitations and Considerations
Performance Constraints
Backup Exec's multiplexing capabilities are limited, as the software does not support sending multiple data streams from parallel backup jobs to a single tape drive, restricting operations to one concurrent stream per drive in standard configurations. This constraint can reduce overall throughput in environments requiring simultaneous backups from multiple sources to tape, necessitating the use of additional drives or staging to disk to achieve parallelism. [105] Scalability in Backup Exec is influenced by hardware and configuration limits, with each media server capable of managing up to 125 TB of deduplication storage with adequate hardware. [106] There is no hard limit on the number of remote agents; the central console can handle thousands depending on server performance, with licensing based on data capacity rather than agent count, often requiring additional media servers for large-scale environments. [107] Resource dependencies play a significant role in performance, particularly for deduplication processes, which require substantial RAM to avoid bottlenecks—typically 8 GB for the first 4 TB of deduplicated storage, plus 1 GB per additional TB, equating to roughly double the RAM needs relative to smaller datasets for optimal operation without paging. CPU-intensive tasks during deduplication can further strain systems with insufficient cores, while network latency in remote backups can significantly extend job times in high-latency environments, emphasizing the need for low-latency connections like 10 GbE or Fibre Channel. [107] Throughput is affected by several factors, including synthetic backups, which incur overhead from combining full and incremental data, often resulting in verification steps that are slower than standard full backups due to additional processing. Volume Shadow Copy Service (VSS) snapshots introduce delays for large volumes, as the snapshot creation competes with system I/O and writer coordination. [108] To mitigate these constraints, administrators can employ storage tiers—such as using high-speed disk for active backups before offloading to tape—and implement policy-based throttling to limit concurrent jobs, balancing resource loads and preventing overload on CPU, RAM, or network components. [109]Known Issues and Workarounds
One common issue encountered in Backup Exec is agent connectivity failures, often caused by firewall blocks on TCP port 3527 or certificate mismatches between the media server and remote agents.[59] To resolve this, administrators should verify that port 3527 is open in firewalls and test connectivity using tools like telnet; if mismatches occur, re-push the agent from the Backup Exec console after regenerating certificates.[110] Catalog corruption in Backup Exec can arise from power failures interrupting backup or cataloging jobs, leading to incomplete database entries.[111] Resolution involves running the Backup Exec Utility (BEUtility.exe) to repair the BEDB database, followed by exporting and re-importing catalogs as a preventive measure to maintain integrity during unexpected interruptions.[112] In version 25.0 of Backup Exec, backups of Microsoft 365 data frequently experienced throttling errors due to rate limits imposed by M365 services, resulting in incomplete jobs.[113] This was addressed in the 25.1 update through enhanced retry logic and automatic request throttling adjustments, which reduce backup failures by dynamically scaling API calls.[114] Early releases of Backup Exec 25.x exhibited compatibility gaps with Windows Server 2025 preview builds, such as incomplete agent installation or backup recognition failures on new kernel features.[115] These were patched via hotfixes, including updates to driver compatibility lists, enabling full support for backups and restores on the OS.[116]Licensing
Edition Types
As of 2025, Backup Exec under Arctera uses a simplified licensing model with a single all-inclusive license that covers all backup features and functionality, reducing administrative overhead. This model is based on a Simple Core Pack, which includes the Backup Exec server, protection for up to 5 compute instances, and up to 10 Microsoft 365 users.[29][117] Licensing is structured on a capacity basis, primarily through subscription models for 1-3 years, with pricing calculated per instance or per terabyte of protected data. Perpetual licenses are available for specific editions like the V-Ray Edition. This flexible approach allows scalability based on usage, including access to updates and support during the subscription term. Add-on licenses extend capacity, such as additional instances for servers or virtual machines, extra terabytes for data protection, and more users for Microsoft 365. These enable granular control over costs for workloads like cloud-based collaboration tools.[118][119] For evaluation, Backup Exec offers a 60-day full-feature trial through the Arctera portal, providing unrestricted access to assess compatibility and performance. The trial includes guided setup and support resources.[56]Upgrade and Support Policies
Backup Exec supports direct upgrade paths from version 22.0 and later to version 25.1, allowing seamless transitions without intermediate installations, provided the source version has the latest service packs and hotfixes.[120] For older versions prior to 22.0 (e.g., Backup Exec 2014 or 20.x), intermediate upgrades are required, such as to 20.x or 21.x first, with validation of active licenses. License keys must be entered during upgrades for versions 20.1 and later to confirm subscription validity.[120][121] The upgrade process involves preparation steps like logging in with the Backup Exec service account, stopping services (e.g., BKUPEXEC64), and backing up the Data and Catalogs folders (typically atX:\Program Files\[Veritas](/page/Veritas)\Backup Exec\) and custom reports. The SQL service is restarted, the latest ISO mounted, and the installer (Browser.exe) run as administrator. Users accept terms, select local upgrade, provide license keys and credentials, and allow automatic migration of jobs, policies, and configurations. Post-installation, review the migration report, reboot if needed, and upgrade remote agents separately to minimize downtime. For deduplication storage, a post-upgrade conversion ensures compatibility, requiring at least 12% free space and log monitoring.[61]
Arctera offers support tiers under its Technical Support Solutions Handbook, including Basic Maintenance with access to patches, hotfixes, upgrades, telephone support during business hours, and 24x7 web support. Essential Support provides 24x7 telephone and web support, priority for severity 1 issues, and dedicated assistance. These are tied to valid agreements or subscriptions, with extended support for up to two additional years post-standard end, offering workarounds and limited fixes.[122]
Backup Exec follows a structured end-of-life policy; version 21.x reached end of support on June 6, 2025, after sustaining support began on June 6, 2023. Users are encouraged to migrate using the Backup Exec Migration Assistant. For 22.x, sustaining support began on March 4, 2025, with full end of support in 2027.[123][124]
Hotfixes and patches are released as needed for issues and security, with maintenance releases as roll-ups. They can be installed via the in-console Arctera Update (for 25.x) or Veritas Update (for 20-24), or downloaded from the support portal. Rollback is possible by reinstalling the prior version or redeploying agents, though not directly in-place; pre-upgrade backups are essential.[125]