-
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: May 28, 2019 3:05 pm
- Full Name: mjm599
- Contact:
Security on restores from Object Storage to On Prem
Hi All,
The scenario is we have a Veeam Backup Server on premises with an SOBR configured. Capacity Tier is set to Azure BLOB.
No S2S VPN in place and No Express Route in place.
My understanding is that Veeam SOBR Tiering from performance to capacity tier (Azure) would be encrypted?
If we select to restore a veeam backup that is in Azure BLOB to On Prem, would that traffic be encrypted?
Thanks,
The scenario is we have a Veeam Backup Server on premises with an SOBR configured. Capacity Tier is set to Azure BLOB.
No S2S VPN in place and No Express Route in place.
My understanding is that Veeam SOBR Tiering from performance to capacity tier (Azure) would be encrypted?
If we select to restore a veeam backup that is in Azure BLOB to On Prem, would that traffic be encrypted?
Thanks,
-
- Product Manager
- Posts: 10278
- Liked: 2746 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Security on restores from Object Storage to On Prem
Hello mjm599
Data traffic between Veeam and Object Storage is always encrypted. It could be disabled by a registry key, but I don't expect Microsoft to provide a unencrypted endpoint for their Azure Blob service.
Additionally, you can encrypt objects which you want to store in object storage:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Data traffic between Veeam and Object Storage is always encrypted. It could be disabled by a registry key, but I don't expect Microsoft to provide a unencrypted endpoint for their Azure Blob service.
Additionally, you can encrypt objects which you want to store in object storage:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 02, 2023 4:35 pm
- Full Name: Michael
- Contact:
Re: Security on restores from Object Storage to On Prem
Hi Fabian,
Thanks for the reply.
Is traffic between Azure BLOB and Veeam On Premises encrypted?
So if in the Veeam Server On premises we select to restore data thats in the BLOB Storage, this will then have to copy over the internet from Azure BLOB to On Premises, is that unencrypted with no security? I believe the answer is yes.
If it is unsecured, then this is where a S2S VPN or Express Route would be valid to protect that data?
Thanks
Thanks for the reply.
Is traffic between Azure BLOB and Veeam On Premises encrypted?
So if in the Veeam Server On premises we select to restore data thats in the BLOB Storage, this will then have to copy over the internet from Azure BLOB to On Premises, is that unencrypted with no security? I believe the answer is yes.
If it is unsecured, then this is where a S2S VPN or Express Route would be valid to protect that data?
Thanks
-
- Product Manager
- Posts: 10278
- Liked: 2746 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Security on restores from Object Storage to On Prem
Connection between Veeam and Object Storage (Azure Blob) is always encrypted.
https://learn.microsoft.com/en-us/azure ... abs=portal
Fabian
https://learn.microsoft.com/en-us/azure ... abs=portal
Best,Communication between a client application and an Azure Storage account is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet.
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 02, 2023 4:35 pm
- Full Name: Michael
- Contact:
Re: Security on restores from Object Storage to On Prem
Hi,
On Premises > Azure BLOB = Agreed this is encrypted with TLS etc.
Azure BLOB > On Premises = ?????
The question i need answering is above - is data in transit from Azure to On Premises encrypted?
On Premises > Azure BLOB = Agreed this is encrypted with TLS etc.
Azure BLOB > On Premises = ?????
The question i need answering is above - is data in transit from Azure to On Premises encrypted?
-
- Product Manager
- Posts: 10278
- Liked: 2746 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Security on restores from Object Storage to On Prem
Azure Blob cannot contact your environment by itself.
The backup server starts an encrypted session to ask for the blobs. The blob is then downloaded over this encrypted session.
Best,
Fabian
The backup server starts an encrypted session to ask for the blobs. The blob is then downloaded over this encrypted session.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 02, 2023 4:35 pm
- Full Name: Michael
- Contact:
Re: Security on restores from Object Storage to On Prem
Yes, so the restore of data from Azure Blob would be initiated from the On Premises Veeam B&R Console and from what you have said, that data in transit from Azure Blob to On Prem would also be encrypted with TLS, etc
-
- Product Manager
- Posts: 10278
- Liked: 2746 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Security on restores from Object Storage to On Prem
Correct. You will always have to start the restore from your backup server console.
The backup server then requests blobs from the Azure Storage account, which he requires for the current recovery session.
Best,
Fabian
The backup server then requests blobs from the Azure Storage account, which he requires for the current recovery session.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 8 guests