Comprehensive data protection for all workloads
Post Reply
mattmcg
Influencer
Posts: 10
Liked: 1 time
Joined: Mar 02, 2017 8:50 am
Full Name: Matthew McAtamney-Greenwood
Contact:

PR: Managed Backup Encryption Password History

Post by mattmcg »

As A: Veeam B&R Admin User
I Want: The application to keep a history of previous passwords (for backup encryption password)
So That: I can update the encryption password and not have to manage my password history outside the application
I will Be Happy When: I can restore from a rotated drive backup that was encrypted with previous password
----
Note:
I currently use this process for flattening and restoring my templates in VMWare.
We have a rotated drive repository that we backup several "template" VMs to.
Every 3 months (to ensure our backups are valid) we restore this to a new Labs environment, validate and then switch the main and lab environments over.
As a company policy though we have a rule that any service account should have it's password changed every 30 days.
Currently I am using KeePass to generate and manage my encryption password history, but it would be nice if B&R application could do this for me.

It would also be nice if when restoring a backup file from disk, if it offered me all these passwords (Ui shows the date from-to that the password was used).
Or, even better to automatically attempt to use a known backup encryption password of the correct date.
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: PR: Managed Backup Encryption Password History

Post by PTide »

Hi,
It would also be nice if when restoring a backup file from disk, if it offered me all these passwords (Ui shows the date from-to that the password was used).
Or, even better to automatically attempt to use a known backup encryption password of the correct date.
Well, I see the reasoning behind that request. The only thing that is not clear is whether you are willing to be prompted for some sort of a master password (like in KeyPass) each and every time you perform a restore, or only once during the session (session ends when you close the VBR console). Also I guess it could be a good thing to restrict usage of such functionality over remote VBR console so that if you really want to perform some remote restore and use that password storage then you'd have to login remotely and start VBR console locally. Please let me know what you think.

Thanks!
mattmcg
Influencer
Posts: 10
Liked: 1 time
Joined: Mar 02, 2017 8:50 am
Full Name: Matthew McAtamney-Greenwood
Contact:

Re: PR: Managed Backup Encryption Password History

Post by mattmcg »

I would be happy with the use of a master password entered per session (I assume it would only ask for the master password at the point of first use?).
Having said that, I wonder if having the ability in config to change this setting? As we potentially have different sets of servers that may require different permissions.
Gostev
Chief Product Officer
Posts: 31460
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: PR: Managed Backup Encryption Password History

Post by Gostev »

Veeam does maintain the encryption key history, which should allow you to restore without supplying the password - unless backups you're restoring from are no longer under retention. Do you restore those backups from the same backup server that creates them, or from a different backup server?
Post Reply

Who is online

Users browsing this forum: No registered users and 246 guests