Symantec admits all its VMware backup customers are in danger

Modern Architecture Wins Every Time: Veeam Customers Unaffected

Last week Symantec published a blog post scaring all VMware customers about backups on vSphere 5.1. In this post they made insinuations that backup vendors claiming support for vSphere 5.1 were misleading their customers and putting them into unsafe recoverability conditions. While we’d like to think that Symantec did this as a service to their customers, we believe this is just another example of a Symantec trying to use scare tactics against their biggest competitor, Veeam. We believe this creative FUD was created just to explain why Symantec still does not support the latest vSphere release – unlike Veeam which does support it.

Symantec went on a campaign to scare people from using Veeam and more importantly to scare them from upgrading to vSphere 5.1. Here’s a Tweet sent out from the official Backup Exec account using the #Recoverynightmare tag:

This is a very bold, public claim since VMware itself states in the KB that the issue is intermittent. Symantec even used this language in their original blog post that has since been updated. Here’s a screenshot of the original that is quoted below.

“During our testing with the VMware vStorage 5.1 API Symantec discovered issues* that introduce data recovery risks

“During these weeks of close examination VMware also confirmed that any 3rd party vendor depending on the current API cannot perform consistent backups and cannot ensure a reliable recovery point

Here’s what the KB article actually says (emphasis added):

“This article describes an issue with the VMware Virtual Disk Development Kit (VDDK) that may cause backup and restore operations to hang or fail. Third-party backup vendors that are using the VMware VDDK may encounter backup or restore issues when backing up VMware vSphere environments.”

So Symantec is saying the VDDK WILL cause issues and VMware is saying it MAY cause issues.

Modern Architecture Wins Every Time

The problems in the vStorage API for Data Protection (VADP) and specifically, the VDDK that Symantec pointed out do, in fact, exist. What Symantec didn’t say is that similar issues have existed in previous VDDK versions. We at Veeam took the time to let our QC double-check earlier VDDK versions, and they were able to confirm that there are issues present in previous VDDK versions that can cause VDDK calls to hang indefinitely. We are currently working with VMware to document our findings regarding previous versions of VDDK. In the meantime, all customers who are using Symantec backup products are potentially at risk.

The Technical Explanation

The reason Veeam customers are immune to the specific issues as well as any other issues is because of our architecture. Veeam was the first vendor to support VADP on vSphere 4.0 back in the beginning of 2009. To achieve that, Veeam started working with VDDK very early on, when it was still in early beta. As is usual when working with beta software, our testers encountered a number of issues. We also recognize that deadlocks and race conditions are quite common and is something that can occur in any software. Due to that, and the fact that VDDK is a frequently updated 3rd party component that we have no control of, our development made the decision to design VDDK interaction architecture in a way that allows us to easily handle unexpected VDDK issues. Our development team wasn’t able to fix these issues but they did realize that separating the VDDK calls into a separate process monitored by a watchdog process will help to dramatically increase overall reliability. In case this process hangs, we simply kill the process without affecting the job. With an alternative architecture not featuring such isolation, VDDK code hang will cause the whole backup and restore “job” to hang just as the VMware KB article explains.

Additionally, Veeam sets extra timeouts on some critical VDDK calls to avoid possible deadlocks.  In short, Veeam customers are immune to VDDK issues while Symantec customers need to go back and verify the recoverability all of their VMware VM backups, as per Symantec’s own tweet.

In Conclusion…

Because Veeam is Built for Virtualization and not simply a retrofit to an outdated backup architecture our customers can sleep easy knowing that Veeam is #1 for virtualization backups.  Since its release, Veeam Backup & Replication 6.5 has been downloaded more than 50,000 times, and we estimate that at least half are evaluating or using this version against vSphere 5.1 without any issues whatsoever. The numbers speak for themselves!


Get weekly blog updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our blog with this weekly digest.

Eliminate Data Loss
Eliminate Ransomware

#1 Backup and Recovery


  • Virde says:

    Happy to have veeam for our virtual infrastructure

  • BillM says:

    Small typos:

    “similar issues have existed in pervious VDDK versions.”

    pervious -> previous

  • Henrik says:

    Converted from Symantec to Veeam a year ago. The best choice i have ever made.

  • Doug Hazelman says:

    Thanks! We’ve fixed the typo

  • Anonymous says:

    Where I work fulltime, Symantec has actually asked us to set up a lab to help beta-test their latest stuff against 5.1. Because we have so much time with ~1400 VM’s.

    And their current implementation is garbage as it is. We had one notable case where their software created over ~200 snaps of 1 VM trying to back it up. Unraveling that was fun.

  • In the last 2 years I’ve picked up some Veeam color, but sadly I’m still making more Symantec installations, not be course of the support for physical machines, but the support for tape. Looking forward to the tape support from Veeam someday, so we can kick out the last of the dinosaur backup products.

  • Erique says:

    We evaluated many products including the Symantec product and by far Veeam was ahead in ease of use to ease of recovery tho creating a virtual lab can be tricky. I have recovered files many times even whole machine recovery with success every time. We have never had any major software issues and I thank you for such a great product. Keep up the great work!

  • Chris says:

    I’m a happy Veeam customer and certainly prefer it to Symantec, but the title of this article is a bit inflammatory. If I understand the logic, Symantec said backup products using the VDDK in 5.1 are at risk of inconsistent backups, and because similar flaws exist in pre-5.1 VDDK, they “admit” indirectly that their product is at risk of inconsistent backups.

    If that is a correct interpretation, then the title is a stretch, and you’re stooping to their level. Their blog post and tweet was inflammatory FUD, sure, but you should take the high road.

    Regardless, nice work staying nimble and quick with your version support. Love the product!

  • Brian says:

    Hi Patrik,
    Just my point of view but I would not want Veeam to support backup to tape. Let someone else handle that, or at least another Veeam product suite.
    The fun with Veeam is that you can do a restore from X restore points, without having to first restore from tape. Tape backup, in my opinion, should only be used to relocate the backup in case of disaster.
    This applies if you have a virtual environment and are using Veeam.
    For tape backups we use Backup Assist. This would perform B2T of the veeam B2D backups. It is very cheap compared to Backup Exec, easy to setup but does not support tape libraries, yet. When we need to backup using a library then we use Backup Exec.
    Just my thoughts :)

    Hope you get Veeamier! :)

  • Dag Kvello says:

    Tape is not an issue any more :-)
    Use IBM LTFS with Veeam.

  • Collective Grooved says:

    I can’t believe how arrogant Veeam is. They have a good product, but ruin it by openly criticising the competition to make youselves feel better. In fact you have a dedicated “competition” section which you blog about.

    You look at other vendors sites and they are not openly criticising Veeam, yet Veeam feel it is their right to tell everyone how they do things better than everyone else and how everyone else is wrong. I say grow up, we are not in kindergarten and customers are intelligent enough to see know what product is best for them.

    Instead of wasting energy on telling people why the competition sucks, tell us why and how we can use your product to the best of its ability.

    If Ceeam behaves like this they will not be welcome in my business.

    Collective Grooves

  • Dan Lah says:

    All startup’s tend to take the approach of bashing bigger incumbents. I’m not a big fan of it either, and often the statements are inaccurate or become out of data almost immediately. If you don’t keep it continuously updated, then I think it looks worse than if you said nothing at all. The Unitrends competitive section comes to mind here…

    That being said, Symantec is the one who started this. That was quite frankly stupid of them to make a statement like they did, and Veeam has every right to respond and articulate why their product isn’t affected by this bug.

  • Collective Grooved says:

    @ Dan Lah
    I read the Symantec blog again and there is no mention of Veeam in the article (or any other vendor). To me all they are saying is that from their perspective they feel that customers may be at risk.

    I am not of the belief that they started anything other than informing their customers.

    I just dont think Veeam are doing themselves any favours by bashing the competition. It just makes them look childish and trying to overcompensate.

    Let the products do the talking. If it meets a customers requirements and fits in well from a commercial perspective then the best product will win.

    I know alls fair love and war, but to me what is going on here is sheer stupidity.

  • Michael says:

    @Collective Groove

    I appreciate the position you’ve taken, but Symantec accused all other VMware based backup solution vendors of not being 100% honest when it came to the reliability of backups in vCenter/ESXi 5.1. That may not mention Veeam directly, but it sure does sound like Veeam needed to make a quick response considering they’re becoming one of top players in that industry. I realize Symantec was trying to do the right thing and warn all of their customers, but the stance they’re taking of “if we can’t do it no one can” is a little short sighted considering how far behind they’ve fallen in recent years to other solutions. That seems more arrogant to me than Veeam’s position.

    Veeam has always been open in their community about modifying their software packages as new versions of VDDK and vCenter become available and have always raced to release compatibility patches or full releases to accommodate the changing technology. Much to my frustration I’ve been on the receiving end of this once or twice waiting for a Veeam release to fully upgrade my production environment. I would imagine that has something to do with delay between the product code from VMware being made available to third party developers.

    In closing my point is Veeam has been in similar situations before with VMware, but has never gone as far as to accuse all other solutions to have missing functionality as well in a desperate attempt to retain customers. Just my two cents. I still use both solutions however I would love to consolidate to just one. Keep up the great work Veeam :)

  • -Disclosure NetApp Emloyee–

    From my perspective I think Veeam’s response was reasonably restrained and fairly lighthearted (at least that’s how I read it). Having said that I’ve indulged in my own competitive sniping, especially when another vendor says something particularly outrageous, and it wasnt far from the kind of thing I’ve written in the past, partly because its a lot of fun. In general though, I think customers are pretty much over it so I try to controll

    In this case I do think Symantec was more than a little out of line, there are all kinds of ways of working around bugs/limitations in SDKs/APIs from any vendor Veeam have theirs as does NetApp, If Symantec wanted to make the case that waiting for the API to be fixed is the safest course, and stress that customers should check with their backup vendor how they deal with the bug/limitation, then I’d say they’re more than entitled to say that, it would have been a public service, but blasting everyone else for making a different choice was probably not in the best interest of the tech community, and I think they should have know better.

    John Martin

  • Grr, typos … (must be getting tired)

    so I try to control myself

    should have known better …

  • james says:

    Symantec now changed their tune. They now support vSphere 5.1 without actually changing any code themselves or vmware.

    Bunch of hypocrites. Trying to buy some time and accuse others of lying.

  • Lala King says:


    thank you.

    Best regards: Joyfax Server

Leave a Reply

Your email address will not be published.