Loading...

We've detected that your browser language is Chinese. Would you like to visit our Chinese website? [ Dismiss ]
By: Dylan

What is VMware Cloud Backup?

VMware cloud backup refers to duplicate VMware virtual machine backups to cloud-based storage targets, such as Amazon S3, Azure Blob Storage, or S3-compatible platforms. This is a great strategy to protect VMware data assets from hardware failures, cyberattacks, and natural disasters while reducing local storage costs.

This guide provides a comprehensive walkthrough of VMware cloud backup. You will find actionable information on selecting the right solution for your environment.

The Importance of Backup Solution in VMware Environment

The failure of a single ESXi host, a misconfiguration in vCenter, or a ransomware attack impacting the management plane could all result in the simultaneous paralysis of dozens of workloads.

1. Simplified Recovery

In a VMware vSphere environment, a corrupted VMFS datastore, an improperly configured storage policy, or a compromised administrator account can affect large portions of the infrastructure within minutes. As VMware environments scale, recovery operations also become more complex.

An effective VMware backup solution should therefore be agentless, application-aware, and deeply integrated with vCenter to streamline protection and recovery workflows. Relying solely on native VMware snapshots is not sufficient. A dedicated backup solution separates backup data from production systems, reducing the risk of simultaneous data loss.

2. Overcome legacy VM Protection

Many organizations initially depend on scripted snapshots, manual exports, or simple NAS-based file copies for VM protection. While these approaches may appear adequate under normal conditions, they are not always the best, especially during an actual outage or recovery event. Common issues include the lack of application-consistent backups for databases, the absence of Changed Block Tracking (CBT) for efficient incremental backups, inconsistent scheduling, and weak retention management.

These operational gaps can lead to backup sprawl, missed recovery point objectives (RPOs), and prolonged downtime. Choose a solution that provides centralized policy management, automated verification, and faster recovery workflows. Features such as instant VM recovery, granular file-level restore, and automated backup validation help reduce manual intervention and eliminate operational bottlenecks when rapid recovery is critical.

3. Backup Security and Compliance requirement

Backup infrastructure has become a primary target in modern ransomware attacks. As a result, security and compliance requirements now extend beyond simply retaining copies of data. Modern VMware backup solutions increasingly incorporate immutable storage, encryption for data in transit and at rest, multi-factor authentication, and role-based access controls to strengthen backup resilience.

A properly designed backup architecture with immutable cloud or offsite copies can significantly reduce recovery time and limit the impact of destructive attacks. Organizations need a backup strategy that protects workloads consistently across a hybrid infrastructure.

Top 6 VMware Cloud Backup Solutions

In this section, we will introduce the most commonly used cloud backup solution for VMware. You will know their architecture, key features, and use case.

1. AWS Backup for VMware

AWS Backup for VMware provides agentless, policy-driven protection of on-premises VMware VMs directly to Amazon S3 storage. It integrates with vCenter through a Backup Gateway appliance deployed as an OVF template.

  • VMware integration: Connects to vCenter Server via the AWS Backup Gateway; discovers VMs and enables backup across multiple vSphere hosts.
  • Agentless backups: Leverage VADP to capture VM snapshots without installing agents inside guest operating systems.
  • Backup modes: Supports both crash-consistent and application-consistent backups using VMware Tools quiescing.
  • Incremental backups: Uses VMware CBT to identify and transfer only changed blocks after the initial full backup, reducing bandwidth and backup windows.
  • Storage and immutability: Backups are stored in AWS Backup vaults; immutability is enforced through AWS Backup Vault Lock, which prevents deletion or modification of recovery points during the retention period.
  • Cross-region replication: Recovery points can be copied across AWS regions for disaster recovery and compliance.
  • Recovery options: Restore entire VMs back to on-premises vSphere or perform file-level recovery to Amazon EBS volumes; supports cross-platform recovery to Amazon EC2 instances

2. Microsoft Azure Backup Server (MABS)

Azure Backup Server is Microsoft’s officially documented backup solution for AVS workloads. It is deployed as a virtual appliance within the AVS environment or in an Azure IaaS VM with network connectivity to the AVS private cloud.

Key features:

  • Agentless VM-level backup: MABS does not require an agent on the vCenter Server or ESXi hosts. Instead, it authenticates to vCenter using IP address or FQDN along with sign-in credentials, then performs backups through the VMware vSphere Storage APIs – Data Protection (VADP).
  • Cloud-integrated backup: Backup data is stored in two tiers: a local disk pool for short-term operational recovery, and an Azure Recovery Services vault — with geo-redundant storage and built-in encryption — for long-term retention and off-site protection.
  • Application-consistent backups: When VMware Tools is installed on Windows VMs, MABS uses Microsoft VSS to quiesce applications such as SQL Server, Exchange, and SharePoint. For Linux VMs, application consistency is supported by calling pre- and post-scripts through VMware Tools.
  • Folder-level auto-protection: MABS discovers vCenter VM folders and can protect entire folder hierarchies — including subfolders. It automatically detects new VMs daily and adds them to the protection group, enabling “set-and-forget” policy management.
  • vMotion awareness: MABS continues protection as VMs move between ESXi hosts within the cluster through vMotion.
  • File-level recovery: Files and folders can be restored from a Windows VM backup without recovering the entire VM.

Limitations:

MABS V3 requires Update Rollup 2 or later. MABS provides VM-level backup only; platform components such as vCenter, NSX Manager, and HCX Manager are backed up by Microsoft and require an Azure support request for restore scenarios.

3. Info2soft’s i2Backup

For organizations managing heterogeneous virtualization environments — VMware alongside other hypervisors, physical servers, databases, and cloud workloads — i2Backup, developed by Information2 Software (Info2soft) provides a unified, enterprise‑grade backup platform. Its combination of broad platform coverage, kernel‑level anti‑tamper security, and flexible recovery options makes it a strong choice for enterprises with complex data protection requirements.

  • Agentless VMware backup: Integrates with VMware vCenter via the native VADP framework, eliminating the need for in‑guest agents. Uses CBT to capture only changed blocks, reducing backup windows and bandwidth consumption.
  • Multiple backup modes: Supports full, incremental, and incremental-forever backup strategies, giving administrators the flexibility to balance backup speed, storage usage, and recovery time.
  • Transport modes: Optimized for different storage infrastructures with HotAdd, SAN, and NBD transport modes, enabling LAN‑free backups that avoid congesting production networks.
  • Broad multi‑hypervisor coverage: Backs up not only VMware vSphere but also Microsoft Hyper‑V, OpenStack, Huawei FusionCompute, Sangfor SCP, ZStack, SmartX, H3C CAS, and other major virtualization platforms — all managed from a single console. This eliminates the need to deploy and operate multiple backup tools in heterogeneous environments.
  • Physical and application support: Extends protection to physical servers, cloud workloads, and over 100 databases and applications, including Oracle, SQL Server, DB2, MySQL, MongoDB, SAP HANA, and more, with database‑level backup capabilities.
  • Kernel‑level immutable storage: Employs a kernel‑level anti‑tampering driver that prevents backup data from being encrypted, modified, or deleted during its retention period — even by a user with root or system administrator privileges. This provides an additional security layer beneath the operating system level, protecting against attackers who compromise backup administrator credentials.
  • Advanced deduplication: Variable and fixed‑length block deduplication using a fingerprint database that can be shared across multiple backup clients and policies. Information2 reports that copy data management reduces storage space by 80‑90% and procurement costs by over 75%.
  • Flexible storage targets: Backup data can be stored on local disk, NAS, S3‑compatible object storage, deduplication appliances, or tape libraries (D2T) — supporting compliance requirements for long‑term offline archiving.
  • Instant VM Recovery: Mounts backup data directly from the backup repository to provision a VM on the target host in minutes, dramatically lowering RTO.
  • File‑level and granular recovery: Restore individual files and folders without recovering the entire VM; database‑level recovery for Oracle, SQL, DB2, and others enables rapid restoration of critical application data.
  • Automated VM discovery: Automatically detects newly created VMs and can assign them to existing backup policies based on name, location, or vCenter folder, enabling “set‑and‑forget” management as environments scale.
  • Centralized RBAC: Role‑based access control with view, operator, and administrator roles ensures that backup operations are securely delegated.

4. Veeam Backup & Replication

Veeam is the market leader in VMware data protection, with a mature, software-defined platform trusted by over 450,000 organizations. Its architecture is built on VADP integration and delivers comprehensive backup, replication, and recovery capabilities.

  • Agentless VMware backup: Interacts with vCenter and ESXi hosts via VADP; uses CBT to perform efficient incremental backups without in‑guest agents.
  • Transport modes: Supports HotAdd (virtual appliance), Direct SAN access, and NBD (network) transport modes to optimize backup performance for different storage topologies.
  • Scale-Out Backup Repository (SOBR) : Extends backup storage into cloud object storage using the Capacity Tier; supported targets include Amazon S3, Azure Blob, Google Cloud Storage, IBM Cloud Object Storage, Wasabi, Backblaze B2, and S3-compatible platforms.
  • Immutability: Leverages S3 Object Lock and Azure Blob immutability policies to make backup data immutable in cloud repositories. Also supports hardened Linux repositories with immutability at the file system level.
  • Application-aware processing: Uses Microsoft VSS integration to quiesce applications — including SQL Server, Exchange, Active Directory, SharePoint, and Oracle — before taking snapshots, ensuring transactionally consistent backups.
  • Veeam Explorers: Granular recovery tools for individual items from application-level backups: Veeam Explorer for SQL Server, Exchange, SharePoint, Active Directory, and Oracle.
  • Instant VM Recovery: Powers on a VM directly from a compressed and deduplicated backup file within minutes, reducing RTO dramatically.
  • Backup copy and replication: Supports backup copy jobs for off‑site retention and built‑in VM replication with configurable RPOs.

5. NAKIVO Backup & Replication

NAKIVO is a high‑value, multi‑platform backup solution known for rapid deployment, strong replication capabilities, and support for a wide range of virtualization platforms.

  • Agentless VMware backup: Integrates with vCenter and ESXi via VADP; leverages CBT for incremental backups with minimal impact on production VMs.
  • Transport modes: Optimized data access via HotAdd and Direct SAN transport modes; supports LAN-free backup to reduce network load.
  • Cloud and local targets: Direct backup to Amazon S3, Wasabi, Azure Blob, Backblaze B2, Google Cloud Storage, and other S3‑compatible storage; also supports local NAS, deduplication appliances, and tape.
  • Immutability: Implements ransomware‑resistant backups using S3 Object Lock, WORM storage, and hardened virtual appliances/AMIs in cloud environments.
  • Real‑Time Replication: Built‑in replication for VMware vSphere VMs with an RPO as low as one second, enabling near‑continuous data protection.
  • Site Recovery: Integrated disaster recovery orchestration with automated failover, failback, and network mapping, reducing the complexity of DR testing and execution.
  • Instant VM Recovery (Flashboot) : Powers on a VMware VM directly from a backup file, enabling recovery in seconds while the full restore completes in the background.
  • Backup verification: Automated Screenshot Verification and Boot Verification for VMware backups to ensure recoverability without manual testing.
  • Application‑aware mode: Creates transactionally consistent backups for Microsoft SQL Server, Exchange, Active Directory, and Oracle databases using VSS or application‑native quiescing.
  • Global deduplication: Deduplication is performed across all backups in the repository, significantly reducing total storage consumption.
  • Multi‑tenancy: Designed for Managed Service Providers (MSPs) with full tenant isolation, self‑service portals, and per‑tenant billing.

6. Acronis Cyber Protect

Acronis Cyber Protect combines backup and cybersecurity into a single platform, making it a compelling choice for organizations that want integrated anti‑ransomware protection alongside data recovery.

  • Agentless VMware backup: Protects VMware VMs through VADP integration; supports vSphere environments alongside Hyper‑V, Nutanix, Proxmox, and legacy platforms.
  • Integrated cybersecurity: Built‑in AI‑enhanced anti‑ransomware, endpoint detection and response (EDR), and anti‑cryptojacking technologies protect backup data and production workloads from threats.
  • Backup storage: Backups can be directed to Acronis Cloud (14+ data centers worldwide), local storage, NAS, or cloud object storage (S3, Azure).
  • Immutability: Acronis Cloud storage supports immutability to prevent backup tampering; on‑premises targets can be configured with write‑once protections.
  • Recovery options: Supports full VM restore, file‑level recovery, and cross‑platform recovery (e.g., restore VMware VM as a Hyper‑V VM or physical machine).
  • Application consistency: Uses VMware Tools quiescing and agent‑based application support for databases when deeper integration is required.

How to Evaluate VMware Cloud Backup Solutions

When facing so many backup vendors, these criteria to choose the best one fit your environment.

1. Start With Recovery Requirements, Not Backup Features

List your recovery objectives before looking at a single datasheet. For each application tier, define:

  • RPO tolerance: How much data can you afford to lose — 5 minutes, 1 hour, 24 hours? This dictates backup frequency and whether you need continuous data protection or periodic snapshots.
  • RTO tolerance: How fast must the workload be back online? Instant power-on from cloud object storage might be acceptable for a dev server but not for an ERP system that requires full production storage performance immediately.
  • Recovery granularity: Do you need full-VM restore only, or frequent file-level and application-item recoveries? The latter often requires the backup product to index file systems and databases, adding overhead.
  • Recovery location flexibility: Must you recover on-premises only, into a public cloud, or both? A vendor that only supports restore to the same vCenter it backed up from limits your DR options.

For example,

Requirements

Backup Impact

15-minutes RPO

May require replication or CDP

1-hour RTO

May require instant recovery

Long-term retention

Requires scalable object storage

Ransomware recovery

Requires immutable storage and isolated recovery

Compliance archiving

Requires retention enforcement and audit logging

If a vendor can’t demonstrate a recovery workflow that hits your RTO without hidden egress costs or manual steps, the most elegant backup architecture isn’t worth the contract.

2. Evaluate Recovery Workflows Carefully

A polished demo of a backup job completing in 12 seconds tells you nothing about operational readiness. Spend your POC time on recovery scenarios:

  • Instant VM recovery under load: Mount a 2 TB VM from cloud object storage onto an ESXi host and run a realistic I/O workload. Observe latency. Many solutions deliver instant power-on but with crippling performance until Storage vMotion completes.
  • File-level restore without staging: Browse a point-in-time backup of a Windows file server and pull a 50 GB folder. Note whether the tool downloads the entire backup first or streams only the requested files from the cloud. The latter saves time and egress cost.
  • Application-item recovery: Restore a single SQL database or a mailbox from an application-consistent backup. Check if the recovery process handles transaction log replay automatically or requires manual intervention.
  • Cross-platform restore: If you might move workloads to a different hypervisor or cloud, test restoring a VMware VM as an EC2 instance or Azure VM directly from backup data.
  • Recovery time documentation: Ask the vendor for a written recovery time estimate model that accounts for cloud egress bandwidth, data rehydration, and post-restore configuration. If they can’t provide one, they haven’t tested realistically.

3. Understand the Vendor’s VMware Integration Depth

Some backup platforms are deeply integrated into VMware APIs, while others provide more generalized hypervisor support with weaker VMware optimization.

Strong VMware integration usually includes:

  • VMware CBT support
  • vCenter-native policy management
  • VM tagging integration
  • application-aware snapshots
  • automated snapshot cleanup
  • vSAN awareness
  • support for VMware Cloud on AWS
  • support for Tanzu and Kubernetes ecosystems

4. Examine Ransomware Recovery Capabilities

Ransomware has transformed backup from an operational function into a security control. Evaluate vendors through a security lens:

  • Immutable backup storage: The product must support S3 Object Lock or Azure Immutable Blob at the bucket level, with retention governance that even cloud root account holders cannot override. Ask how the vendor manages lock expiration and whether synthetic operations can violate immutability.
  • Data integrity scanning: Some products scan backup data for signs of encryption or corruption before restore. Does the vendor offer anomaly detection that flags a sudden change in change block rates, which might indicate ransomware encrypting data?
  • Isolated recovery environment: Can the product restore VMs into an isolated network segment for forensic analysis before connecting to production? The vendor should provide automated sandbox recovery workflows.
  • Backup admin role separation: Does the platform include a security officer role that prevents backup administrators from deleting backups or modifying retention policies without a separate authorization? 

5. Assess Scalability Beyond Small Deployments

A product that handles 50 VMs on a single vCenter might buckle under 2,000 VMs across four vCenters. Probe:

  • Distributed proxy architecture: Can you deploy multiple backup proxies across clusters and automate load balancing? A single monolithic proxy is a bottleneck.
  • Multi-vCenter management: Does the management console provide a unified view across vCenters, with policy inheritance and global compliance reporting? Toggling between separate dashboards wastes time.
  • Task queuing and throttling: How does the product handle overlapping backup windows and resource contention across clusters? Look for intelligent queuing, per-proxy bandwidth caps, and integration with vSphere DRS for proxy placement.
  • API performance at scale: If you run a daily VM inventory sync, how long does it take with 5,000 VMs? Slow API responses cascade into delayed backups and missed RPOs.
  • Licensing granularity: Per-VM licensing is preferable over per-socket or per-host models when you have dense clusters. It lets you pay only for what you protect and scales linearly without large step-costs.

6. Verify Security and Compliance Features

Backup data is subject to the same regulatory scrutiny as production data. Dig into:

  • Encryption everywhere: Client-side encryption before data leaves the proxy, TLS 1.3 for transit, and server-side encryption at rest with customer-managed keys. Verify certificate pinning and mutual TLS for proxy-to-cloud communications.
  • Access control granularity: Role-based access with integration to Active Directory or SAML. Backup operators should not be able to modify retention or delete archives. Compliance officers should have read-only audit access.
  • Audit logging: Every backup, restore, configuration change, and access attempt must be logged immutably, with forwarding to SIEM systems. The logs themselves must be tamper-proof.
  • Compliance certifications: For regulated industries, the vendor should hold SOC 2 Type II, ISO 27001, and HIPAA BAA (if applicable). Check if the cloud storage regions used align with your data residency requirements.

Conclusion

VMware cloud backup is not a simple offsite VM storage. Modern backup strategies now play a central role in ransomware recovery, disaster recovery, and long-term business continuity.

The right solution should not only protect VMware workloads, but also provide reliable recovery, scalable cloud storage, strong security controls, and manageable operations at scale. Features like immutable backups, automated recovery testing, and deep VMware integration have become increasingly important in enterprise environments.

Dylan
Dylan is a data protection specialist and a senior content writer at Information2 with more than 6 years of experience. His passion for writing and sharing data protection solutions such as data backup, replication, high availability and other technology information.

More Related Articles

How to Perform VMware Live Migration [Complete Guide]
This guide explains VMware live migration, vMotion requirements, cluster migration workflows, PowerCLI operations, and migration best practices.
Read Article
How to Use Ghettovcb to Backup VMware ESXi VMs Step-by-Step
This article will guide you on how to set up ghettoVCB backup for VMware ESXI VMs. It cludes the step-by-step guide for installation, coniguration, scripts for single VM backup, all VM backup, backup validation, etc.
Read Article
[10+ Proven Solutions] How to Fix VMware No Internet Connection
Losing internet access in VMware is frustrating, but most issues come down to a handful of fixable causes. This guide walks you through 10+ proven solutions, from network adapter settings to virtual network resets, so you can get your VM back online quickly.
Read Article
Strategic Data Backup and Archiving Solutions for Modern Enterprises
This guide explains the difference between backup and archiving. It covers tiered storage, automated data movement, and how to use deduplication to lower long-term storage costs.
Read Article
Table of Contents:
Stay Updated on Latest Tips
Subscribe to our newsletter for the latest insights, news, exclusive content. You can unsubscribe at any time.
Subscribe
Ready to Enhance Business Data Security?
Start a 60-day free trial or view demo to see how Info2soft protects enterprise data.
Free Trial Contact Sales
Table of Contents:
Subscribe to Our Newsletter
Subscribe
{{ country.name }}
Please fill out the form and submit it, our customer service representative will contact you soon.
By submitting this form, I confirm that I have read and agree to the Privacy Notice.
{{ isSubmitting ? 'Submitting...' : 'Submit' }}