-
- Service Provider
- Posts: 35
- Liked: 6 times
- Joined: Jan 31, 2018 9:31 am
- Full Name: Julien Rick
- Location: Luxembourg
- Contact:
Backup encryption / Data Domain
Hello,
I'm currently testing different solutions to choose the right storage, Data Domain dedup is awesome but as soon as I enable backup encryption it's a drama
I'm afraid that using a "partner solution" didn't support this critical feature, for us as a cloud/service provider it's totaly unthinkable to let the datas unencrypted...
Cloud/service provider, how do you handle this ?
As Data Domain will be totally useless for us, what kind of storage are you using ? We will not use something like Synology, Qnap, ... as they don't have an efficient enterprise support.
Thanks for your help
I'm currently testing different solutions to choose the right storage, Data Domain dedup is awesome but as soon as I enable backup encryption it's a drama
I'm afraid that using a "partner solution" didn't support this critical feature, for us as a cloud/service provider it's totaly unthinkable to let the datas unencrypted...
Cloud/service provider, how do you handle this ?
As Data Domain will be totally useless for us, what kind of storage are you using ? We will not use something like Synology, Qnap, ... as they don't have an efficient enterprise support.
Thanks for your help
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: Backup encryption / Data Domain
Hi Julien, do you mean encryption at rest or in transit? Note that you can save unencrypted data on Data Domain for higher dedupe rates (and then use Data Domain native encryption, if required).
-
- Service Provider
- Posts: 35
- Liked: 6 times
- Joined: Jan 31, 2018 9:31 am
- Full Name: Julien Rick
- Location: Luxembourg
- Contact:
Re: Backup encryption / Data Domain
I want to protect the backup datas if unauthorized user gets access to backup files outside of the backup infrastructure. (Password protectd backup file)
Thanks for your help
Thanks for your help
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: Backup encryption / Data Domain
Built-in Veeam B&R encryption would eliminate dedupe savings, so in this case consider using native DD encryption algorithms.
-
- Expert
- Posts: 170
- Liked: 15 times
- Joined: Apr 20, 2018 8:12 am
- Full Name: Mats Holm
- Contact:
Re: Backup encryption / Data Domain
I know this is an old thread but how is the option Enable DD boost encryption in Veeam Reporistory handled together with DD Boos native "at-rest" encryption, will it effect dedup ratios?
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Jun 21, 2019 5:07 am
- Full Name: Gary Mellor
- Contact:
Re: Backup encryption / Data Domain
In the Veeam Backup Repository, the "Enable DDBoost Encryption" option only affects in-flight network traffic to the Data Domain. Different Veeam repositories on the same Data Domain could use different DDBoost Encryption settings. Internally on the Data Domain, different clients can also be configured to use different in-flight encryption levels.
Once the data has been received (and possibly decrypted if in-flight encryption was used), the deduplication algorithm gets to work and writes out new blocks of data to disk.
Data Domain native "at rest" encryption affects how these new blocks of data are stored on the disks. At-rest encryption causes each block of deduped and compressed data to be also encrypted when it's stored on the disks within the Data Domain. This is a global setting on the whole Data Domain appliance and affects all data written to disk.
Neither of these options make any bit of difference to how well the Data Domain dedup works regarding dedup ratio. There's a little extra work to be done when encryption / decryption is enabled, but unlikely to be noticeable.
There is one Veeam option that can affect Data Domain dedup ratios, and that's in the Repository settings. It's the "Decompress backup data blocks before storing" option. It's description explains it well: "VM data is compressed by backup proxy according to the backup job compression settings to minimize LAN traffic. Uncompressing the data before storing allows for achieving better deduplication ratio on most deduplicating storage appliances at the cost of backup performance". Leave this option ticked if using a Data Domain.
Once the data has been received (and possibly decrypted if in-flight encryption was used), the deduplication algorithm gets to work and writes out new blocks of data to disk.
Data Domain native "at rest" encryption affects how these new blocks of data are stored on the disks. At-rest encryption causes each block of deduped and compressed data to be also encrypted when it's stored on the disks within the Data Domain. This is a global setting on the whole Data Domain appliance and affects all data written to disk.
Neither of these options make any bit of difference to how well the Data Domain dedup works regarding dedup ratio. There's a little extra work to be done when encryption / decryption is enabled, but unlikely to be noticeable.
There is one Veeam option that can affect Data Domain dedup ratios, and that's in the Repository settings. It's the "Decompress backup data blocks before storing" option. It's description explains it well: "VM data is compressed by backup proxy according to the backup job compression settings to minimize LAN traffic. Uncompressing the data before storing allows for achieving better deduplication ratio on most deduplicating storage appliances at the cost of backup performance". Leave this option ticked if using a Data Domain.
-
- Service Provider
- Posts: 153
- Liked: 14 times
- Joined: Sep 27, 2019 5:06 pm
- Contact:
Re: Backup encryption / Data Domain
This is a good thread with some good info but I'm not sure this question was answered: If you only use the DDBoost and DD encryption at rest (no veeam file encryption) are the backup files readable if someone can get to the share in the DD and copy those files elsewhere? Could they be copied out of the DD share and imported into another BnR?
-
- Product Manager
- Posts: 20413
- Liked: 2302 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Backup encryption / Data Domain
No, such files should not be readable. Thanks!
Who is online
Users browsing this forum: Bing [Bot] and 51 guests