Veeam Kasten is now protecting the world’s most demanding Kubernetes workloads: At the largest retailers and travel sites during peak shopping events, in federal agencies operating under strict air-gapped conditions, across global financial services and healthcare with regulatory requirements, and the rapidly expanding AI estate.
Veeam Kasten is the only Leader and Outperformer in the GigaOm Radar for Kubernetes Data Protection for the sixth year running, and our customers are pushing the platform into scales that include hundreds of millions of files and fleets of clusters spanning continents.
Today, we’re announcing Veeam Kasten v9.0, our most capable release yet. Built on proven foundations, v9.0 advances three areas that matter most to customers operating at scale: Enterprise choice and scale, multi-workload resilience, and security and observability. And as Kubernetes continues to mature — with finer-grained GPU scheduling and accelerated AI adoption — Kasten v9.0 keeps your AI applications and modern data platforms protected. Grab your favorite beverage and let’s dive in.
Enterprise Choice and Scale
Performance That Matches the Scale of Our Customers
The takeaway is simple: Protect more, recover faster, and consume less infrastructure to do it. Veeam Kasten v9.0 includes significant performance optimizations which reduce memory consumption and improve export efficiency. For example, new approaches to sharing and caching for index data that dramatically cut resource usage for backup operations.
We’ve also squeezed additional gains out of the export pipeline — fewer small-object operations, smarter parallelism, and less metadata overhead. Everyone benefits from faster exports and a smaller resource footprint. At petabyte scale, those gains translate into materially shorter backup windows and more flexibility on RPO without spending more on infrastructure.
Customer success at this scale demands choice: Across distributions, clouds, storage backends, and backup targets, multi-CPU architecture support (x86_64, ARM, IBM Power), and an expanded ecosystem with partners. Freedom of choice is a foundational pillar for Kasten, and in v9.0 we continue to build on it.
Export to Veeam Vault on AWS
An earlier version had introduced Kasten export to Veeam Vault on Azure. Now we’re extending support to AWS-backed Veeam Vault — A fully managed, immutable, predictably priced cloud storage tier built for the cloud where Kubernetes data commonly lives. No bucket policies to write, no lifecycle rules to maintain, no end-of-quarter cost surprises.
Kubernetes teams shouldn’t have to run storage infrastructure on the side; with Veeam Vault on AWS, your immutability and 3-2-1-1-0 strategy are covered in a single, predictable line item.
Export to Multiple Locations (Preview)
You can now send the same backup to multiple destinations in a single policy: One immutable copy in Vault and another to your on-prem object storage, or a copy to your on-prem file storage and another to a regional sovereign cloud that provides object storage services.
Modern resilience strategies like sovereignty mandates and regional failover used to require chained policies and brittle scripting. Now it’s one policy with multiple targets.
Simplifying Recovery with Native Veeam Backup and Replication Integration
As Kubernetes environments grow, recovery workflows need to stay simple and efficient. With v9.0, Kasten can export the manifest data that defines Kubernetes application configuration directly into Veeam Backup & Replication, where it can be stored alongside persistent volume data that protects application state — all in native Veeam format. The result is simpler architecture, more portable backups across sites and repositories, and faster recovery.
Multi-Workload Resilience
Modern Kubernetes carries everything: Stateless microservices, stateful databases, AI/ML pipelines, and full virtual machines with environments, including OpenShift and SUSE Virtualization. Over the last several releases, Kasten has become the most capable platform for that mix — VM-centric protection policies, file-level recovery (FLR) for both containers and KubeVirt VMs across ext4, xfs, FAT, and NTFS, hot-plugged disk protection, restore point validation, and AI blueprints. v9.0 extends each dimension.
Blueprint Hooks for Custom Resources and AI Databases
This advancement unlocks more consistent backup and recovery for a broad set of modern data services, including AI-focused vector databases that sit in the critical path for training and inference.
In this release, Kasten expands its blueprint inventory with a new, logical blueprint for PGVector. This builds on prior blueprint support and gives customers proven patterns they can adapt to their environments. These blueprints are also intentionally flexible reference implementations that customers and SI partners can customize to adopt and scale AI workloads with confidence, while ensuring data protection keeps pace.
OpenShift Virtualization Incremental Backup API (Preview)
This one is significant. With KubeVirt v1.8 introducing Changed Block Tracking (CBT) through QEMU and libvirt, true storage-agnostic incremental VM backups are now possible.
Kasten v9.0 ships with Preview support for the OpenShift Virtualization incremental backup API, letting customers move beyond full-image VM snapshots to deltas-only backups — no special CSI driver required.
For anyone migrating off legacy hypervisors onto OpenShift Virtualization, the economics of backup just changed: Smaller backup windows, dramatically lower storage footprints, and less cluster network traffic. This is what makes VMs on Kubernetes production-grade for serious enterprise workloads.
Label-Based VM Policies
Backup policies that scale the way Kubernetes scales: By label selector, not by name. Define policies that protect every VM with tier=production, or every VM in a particular cost center, and the policy automatically picks up new VMs as they’re created. Enterprise VM estates change daily; label-based policies remove the operational tax of keeping protection in sync with reality.
Security and Observability
Previous releases established Kasten’s Kubernetes-native security baseline with low-privileged services, an ISO/IEC 27001-compliant code base, FIPS 140-3, and Validating Admission Policies for self-service migrations — and expanded it with federated identity for Azure Blob, Azure Key Vault integration, the passkey UI, and Prometheus remote write. With v9.0, Kasten takes the next step by making security and observability even more seamless, so platform teams don’t have to treat data protection as a silo.
Featured: Multi-Cluster Kasten Observability via Red Hat ACM
Customers running Kasten across fleets of OpenShift clusters have been asking for one thing more than anything else: Stop making me open another console. With v9.0, Kasten delivers exactly that. Every backup and cluster in one pane of glass: Inside Red Hat ACM.
Kasten v9.0 also brings native multi-cluster observability into the Red Hat Advanced Cluster Management observability stack you already operate. No second monitoring system. No new license. No new training. What you get:
- Fleet-wide visibility, instantly: Total clusters protected, applications compliant, backup status — all on one dashboard, native to ACM.
- Drill from fleet to single backup in two clicks: Click a fleet number, pivot to the cluster, the application, or the policy. Audit answers in seconds, not days.
- Backup alerts where your team already lives: Kasten alerts route through your existing OpenShift alerting console and on-call paths: PagerDuty, Slack, and ServiceNow. Failed backups appear next to your platform alerts. The on-call engineer gets the right cluster and policy in the alert. No tab-switching, no second login.
- Pre-built alerts, day-one ready: Failed backups, storage running out, snapshots at capacity — critical and warning severities, ready for your routing rules.
- Cleaner audits, lower risk: Compliance posture across the fleet, backup success rate, storage health, and policy coverage at a glance. License usage and expiry tracked alongside backup health.
The business outcome: Less platform sprawl, more predictable spend, and re-use of the observability stack you already paid for and trained your team on. Backup stops being its own island and becomes part of the platform’s fabric.
Admission Controller Policy Enforcement for Backup and Restore Operation (Preview)
Building on the Validating Admission Policy work we shipped in v8.0 for self-service migrations, v9.0 brings backup and restore operations under the same policy enforcement your platform team already runs for every other resource in the cluster. Actions and RestorePoints are now evaluated by Kyverno, OPA Gatekeeper, or Kubernetes-native Validating Admission Policies at admission time — before the operation executes, not after.
Platform teams define the guardrails in whichever policy engine they already use: Prevent cross-namespace restores, strip resource types that users aren’t authorized to recover, require expiration dates on manual actions, and control who can modify backup policies (and how).
Hardened Kasten Pods with Read-Only Root Filesystem
Backup infrastructure is the last line of defense against ransomware, and attackers know it. That makes the security posture of your backup software as important as the backups themselves.
Kasten v9.0 enforces read-only root filesystems across Kasten pods by default, eliminating an entire class of post-exploitation techniques where attackers modify container filesystems to inject code, alter configurations, or establish persistence.
This brings Kasten in line with NIST 800-190 container hardening guidance and meets the same security baseline that platform teams in regulated industries already enforce across their own workloads.
Come See What’s New, and Get a Peek at What’s Next
Veeam Kasten v9.0 brings all of the above together — and then goes further — with enterprise choice at scale, multi-workload resilience, and security and observability that fits the way platform teams operate. If you’d like to go deeper on any of these capabilities, we’d love to walk you through what’s new and what it unlocks for your environment.
Peeking ahead, security is becoming data-centric: Understanding your data everywhere it lives, along with the identities, AI models, and systems that touch it, so you can bring dark data into the light, reduce ROT, secure data and AI, and recover with precision. With Veeam’s Securiti.ai acquisition, we’re investing in that next trust layer.
In Atlanta for Red Hat Summit 2026? Stop by the Veeam booth to engage with our subject matter experts in booth 439!
Join us on June 23 to explore Veeam Kasten v9.0 in this live What’s New in Kubernetes Resilience: Smarter Protection for VMs and Containers at Scale.
Try Veeam Kasten today.
The post Announcing Veeam Kasten for Kubernetes v9.0: Enterprise Resilience for Modern Workloads appeared first on Veeam Software Official Blog.
from Veeam Software Official Blog https://ift.tt/pAouiek
Share this content: