Security on restores from Object Storage to On Prem

mjm599 · Post by **mjm599** » Oct 02, 2023 4:42 pm this post

Hi All,

The scenario is we have a Veeam Backup Server on premises with an SOBR configured. Capacity Tier is set to Azure BLOB.

No S2S VPN in place and No Express Route in place.

My understanding is that Veeam SOBR Tiering from performance to capacity tier (Azure) would be encrypted?

If we select to restore a veeam backup that is in Azure BLOB to On Prem, would that traffic be encrypted?

Thanks,

Post by **Mildur** » Oct 03, 2023 7:30 am this post

Hello mjm599

Data traffic between Veeam and Object Storage is always encrypted. It could be disabled by a registry key, but I don't expect Microsoft to provide a unencrypted endpoint for their Azure Blob service.

Additionally, you can encrypt objects which you want to store in object storage:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120

Best,
Fabian

VBR999 · Post by **VBR999** » Oct 03, 2023 8:29 am this post

Hi Fabian,

Thanks for the reply.

Is traffic between Azure BLOB and Veeam On Premises encrypted?

So if in the Veeam Server On premises we select to restore data thats in the BLOB Storage, this will then have to copy over the internet from Azure BLOB to On Premises, is that unencrypted with no security? I believe the answer is yes.

If it is unsecured, then this is where a S2S VPN or Express Route would be valid to protect that data?

Thanks

Post by **Mildur** » Oct 03, 2023 9:12 am this post

Connection between Veeam and Object Storage (Azure Blob) is always encrypted.
https://learn.microsoft.com/en-us/azure ... abs=portal

Communication between a client application and an Azure Storage account is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet.

Best,
Fabian

VBR999 · Post by **VBR999** » Oct 03, 2023 9:28 am this post

Hi,

On Premises > Azure BLOB = Agreed this is encrypted with TLS etc.

Azure BLOB > On Premises = ?????

The question i need answering is above - is data in transit from Azure to On Premises encrypted?

Oct 03, 2023 9:39 am

Azure Blob cannot contact your environment by itself.

The backup server starts an encrypted session to ask for the blobs. The blob is then downloaded over this encrypted session.

Best,
Fabian

VBR999 · Post by **VBR999** » Oct 03, 2023 9:49 am this post

Yes, so the restore of data from Azure Blob would be initiated from the On Premises Veeam B&R Console and from what you have said, that data in transit from Azure Blob to On Prem would also be encrypted with TLS, etc

Oct 03, 2023 11:58 am

Correct. You will always have to start the restore from your backup server console.
The backup server then requests blobs from the Azure Storage account, which he requires for the current recovery session.

Best,
Fabian

R&D Forums

Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Re: Security on restores from Object Storage to On Prem

Who is online