Discussions about nuances of using object storage as a backup target.
Post Reply
Posts: 225
Liked: 13 times
Joined: Feb 14, 2012 8:56 pm
Full Name: Collin P

Traffic to S3 encrypted?

Post by collinp »

When data is offloaded to S3 in Update 4, is this data encrypted with TLS over the wire to S3? Does this solution support enabling encryption on the S3 bucket so data is encrypted at rest? Is backing up to S3 FIPS 140.2 validated?
Product Manager
Posts: 20215
Liked: 2232 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Traffic to S3 encrypted?

Post by veremin »

In Update 4, there's the predefined one that is called Internet, this one basically contains all IP addresses from outside of IPv4 private address space. By default, it has encryption enabled.

So, answering your question, yes, by default traffic going to S3 is encrypted, and you can enable backup encryption in the setting of Capacity Tier.

Chief Product Officer
Posts: 31022
Liked: 6428 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Traffic to S3 encrypted?

Post by Gostev »

Veeam Backup & Replication uses FIPS-certified AES-256 CBC algorithm implementation from Microsoft CryptoAPI.

Yes, you can enable encryption at-rest on the S3 bucket itself if you like, this one is transparent for Veeam. However, this encryption type will not protect your data from the object storage provider itself, because encryption keys are stored with the service provider. So, anyone who your object storage provider may be forced to cooperate with, or their own malicious staff, or hackers within their network perimeter may all potentially get access to your unencrypted data (at least in theory).

This is why we provide an option to enable at-source encryption for data that is being offloaded to object storage. This ensures that all data leaving your network perimeter remains encrypted always, not just in-transit and at-rest. You can find this option on the Capacity Tier step of the scale-out backup repository wizard.

Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests