-
- Expert
- Posts: 121
- Liked: 6 times
- Joined: Mar 24, 2010 12:15 pm
- Full Name: Mark Fellows
- Contact:
Encrypted Offsite Backup Files
Can anyone tell me if Encrypted Backup Files will be a feature in Veeam Backup & Replication 5.0?
If not has anyone got any strategies that they have in place to keep Veeam backup files encrypted off site.
Currently thinking of going down the TrueCrypt and USB/NAS device route (maybe a local backup and then manually taken offsite)
Thanks,
Mark.
If not has anyone got any strategies that they have in place to keep Veeam backup files encrypted off site.
Currently thinking of going down the TrueCrypt and USB/NAS device route (maybe a local backup and then manually taken offsite)
Thanks,
Mark.
-
- VP, Product Management
- Posts: 27371
- Liked: 2799 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Encrypted Offsite Backup Files
Hello Mark,
No, backup encryption is not going to be a part of the upcoming release (v5). But I've heard that some of our customers are using EFS for encryption, additionally you can find some forum posts talking about using TrueCrypt to encrypt the filesystem of the removable disks.
Thanks!
No, backup encryption is not going to be a part of the upcoming release (v5). But I've heard that some of our customers are using EFS for encryption, additionally you can find some forum posts talking about using TrueCrypt to encrypt the filesystem of the removable disks.
Thanks!
-
- Enthusiast
- Posts: 28
- Liked: never
- Joined: Jul 06, 2011 7:39 pm
- Full Name: Derek Fage
Re: Encrypted Offsite Backup Files
I was wondering if encrypted backup files have been revisited for v6?
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
Hi Derek, no backup encryption is not a part of v6. Thanks.
-
- Enthusiast
- Posts: 28
- Liked: never
- Joined: Jul 06, 2011 7:39 pm
- Full Name: Derek Fage
Re: Encrypted Offsite Backup Files
Is it on any future roadmap?
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
Yes, sure.
-
- Enthusiast
- Posts: 28
- Liked: never
- Joined: Jul 06, 2011 7:39 pm
- Full Name: Derek Fage
Re: Encrypted Offsite Backup Files
Will have to bribe you with beer in Vegas
-
- Influencer
- Posts: 12
- Liked: never
- Joined: Nov 11, 2010 7:50 pm
- Full Name: Jason Knight
- Contact:
Encryption
[merged]
I would guess that this has been a feature request? I'm currently using TrueCrypt and robocopy to encrypt my offline backups. Are there any plans for adding this feature directly into Veeam?
I would guess that this has been a feature request? I'm currently using TrueCrypt and robocopy to encrypt my offline backups. Are there any plans for adding this feature directly into Veeam?
-
- Enthusiast
- Posts: 32
- Liked: 9 times
- Joined: May 24, 2011 3:17 pm
- Full Name: Jason Bottjen
- Contact:
Re: Encryption
Would be nice.
We do a similar thing - on B&R we do reverse incrementals, then copy the VBKs to a TrueCrypt encrypted drive for off-site storage.
Jason
We do a similar thing - on B&R we do reverse incrementals, then copy the VBKs to a TrueCrypt encrypted drive for off-site storage.
Jason
-
- VP, Product Management
- Posts: 27371
- Liked: 2799 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Encrypted Offsite Backup Files
Yes, this feature is on our roadmap.
-
- Expert
- Posts: 115
- Liked: 1 time
- Joined: Sep 15, 2010 3:12 pm
- Contact:
Enhanced VBK Security: Adding Password Protection
[merged]
I am still running B&R v5.
1. Is it possible to add this feature? As I understand if someone got our vbk, then he got the key to heaven without any restriction.
It would be much safer if there is a password to open those VBK or VRK files.
2. If it's possible, will Veeam support also add this feature to existing v5 users? I understand most current version is v5.02, could this feature be a hot-fix instead of v5.03?
Thanks.
I am still running B&R v5.
1. Is it possible to add this feature? As I understand if someone got our vbk, then he got the key to heaven without any restriction.
It would be much safer if there is a password to open those VBK or VRK files.
2. If it's possible, will Veeam support also add this feature to existing v5 users? I understand most current version is v5.02, could this feature be a hot-fix instead of v5.03?
Thanks.
-
- VP, Product Management
- Posts: 27371
- Liked: 2799 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Encrypted Offsite Backup Files
1. Yes, this feature is on our radar.
2. All features that are in our roadmap will be added to the new releases only.
2. All features that are in our roadmap will be added to the new releases only.
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
As per our support policy, with v6 out, v5 is now in limited support mode and will NOT be receiving any more hotfixes or patches. Thanks.
-
- Novice
- Posts: 3
- Liked: never
- Joined: Jan 05, 2012 12:50 pm
- Contact:
Password protection on a Backup
[merged]
Is there a Password protection on a Backup?
How can i set a protection on a backup?
So when the backup is out of the office that nobody can access the backup, only the one who has the security credentials.
Kind regards,
Is there a Password protection on a Backup?
How can i set a protection on a backup?
So when the backup is out of the office that nobody can access the backup, only the one who has the security credentials.
Kind regards,
-
- Influencer
- Posts: 24
- Liked: never
- Joined: Nov 11, 2010 8:41 am
- Full Name: Alexandru Ilie
- Contact:
Encryption of backup
[merged]
Hi. I do not know if this is the place where Feature Requests should be placed. If not, sorry. One of our customers has asked that he would like to have his backups encrypted. However, after checking the veeam Backup software i have seen that the backup itself cannot be encrypted, just the traffic. I think it could be a good idea to have the possibility to encrypt the backup file as well.This way it will be very hard to break into the actual data. Hope that this will be implemented asap, since i believe that it is a feature which adds security to the backup. Thank you!
Hi. I do not know if this is the place where Feature Requests should be placed. If not, sorry. One of our customers has asked that he would like to have his backups encrypted. However, after checking the veeam Backup software i have seen that the backup itself cannot be encrypted, just the traffic. I think it could be a good idea to have the possibility to encrypt the backup file as well.This way it will be very hard to break into the actual data. Hope that this will be implemented asap, since i believe that it is a feature which adds security to the backup. Thank you!
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Apr 05, 2012 11:00 am
- Contact:
Re: Encrypted Offsite Backup Files
The encryption feature has been an request for a long time. Since version 4 the answer to this request, it is on the roadmap. But when can we really expect it in a version?
Veeam is a beautifull product, and I hope we can finally enjoy encryption in the coming version.
Veeam is a beautifull product, and I hope we can finally enjoy encryption in the coming version.
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
Hi, you can expect it not in the long term, but not in the immediate release either. Frankly, the need for this feature has not been pressing (which affected its priority comparing to other features), although we do recognize the importance of this feature to some customers. Thanks!
-
- Novice
- Posts: 4
- Liked: never
- Joined: Mar 21, 2012 3:32 pm
- Full Name: F. vd Kroon
- Contact:
Re: Encrypted Offsite Backup Files
I hope this feature will be implemented soon. We are also waiting for it. Also your biggest competitor Quest vRanger supports its already.
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
Your information is a bit outdated. They were. These days, we almost never see Quest vRanger in the short list in case of competitive situations, and it has been so past 2 years. Either they are completely dead, or they are selling to completely different market segment than we and Symantec sell to, I do not know. But while adding 5'000 customers each quarter, we only see them in less than 1% competitive situations.fvdkroon wrote:your biggest competitor Quest vRanger supports its already
5 years ago, Vizioncore vRanger was truly #1 in VMware backup. No questions. But after Quest has acquired them, they literally gave us away all their market share. In my opinion, watching them closely past 5 years, particularly what ruined them is bad product management. They were picking absolutely random features for their releases, clearly without performing any ROI analysis on pending features. Something we are doing all the time.
Now, I do realize this fact does not make your life any easier, since we do lack this feature today
-
- Novice
- Posts: 4
- Liked: never
- Joined: Mar 21, 2012 3:32 pm
- Full Name: F. vd Kroon
- Contact:
Re: Encrypted Offsite Backup Files
You're right about that since Quest acquired them it isn't getting any better, that's why we are moving to Veeam
Only thing I miss is the encryption feature
Hope it will be implemented soon.
Only thing I miss is the encryption feature
Hope it will be implemented soon.
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
Are you mostly interest in in-flight, or at-rest encryption? For example, can this be a setting on backup repository?
-
- VeeaMVP
- Posts: 6166
- Liked: 1971 times
- Joined: Jul 26, 2009 3:39 pm
- Full Name: Luca Dell'Oca
- Location: Varese, Italy
- Contact:
Re: Encrypted Offsite Backup Files
Anton, IMHO the best way to encrypt backups would be to do it directly at the backup files level, so wherever we move them, they are always encrypted.
For sure this will put an extra load on backup repositories while writing the files, but it's as always a tradeoff between functionality and execution speed, just like compression levels.
For sure this will put an extra load on backup repositories while writing the files, but it's as always a tradeoff between functionality and execution speed, just like compression levels.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
OK, so I guess you are saying that at-rest encryption is required, but this does not really answer my question
If the data is encrypted as it leaves the backup proxy (by the source data mover agent), that's in-flight encryption. This, of course, automatically gives at-rest encryption as well, but this is generally bad for all traffic optimizations. Think all sorts of WAN accelerators, and those kind of things.
If the data is encrypted by the backup repository (by the target data mover agent) before it is actually saved to disk, that's at-rest encryption. Because files are saved to disk ecrypted, they will remain encrypted even if they move them. I see this as a preferred option, because this does not mess up traffic optimizations.
If the data is encrypted as it leaves the backup proxy (by the source data mover agent), that's in-flight encryption. This, of course, automatically gives at-rest encryption as well, but this is generally bad for all traffic optimizations. Think all sorts of WAN accelerators, and those kind of things.
If the data is encrypted by the backup repository (by the target data mover agent) before it is actually saved to disk, that's at-rest encryption. Because files are saved to disk ecrypted, they will remain encrypted even if they move them. I see this as a preferred option, because this does not mess up traffic optimizations.
-
- VeeaMVP
- Posts: 6166
- Liked: 1971 times
- Joined: Jul 26, 2009 3:39 pm
- Full Name: Luca Dell'Oca
- Location: Varese, Italy
- Contact:
Re: Encrypted Offsite Backup Files
Right, sorry have been not clear. At-rest encryption is best for me, for the reasons I gave and those you added here.
in-flight will work bad with wan accelerators indeed, but also at-rest will have to deal with deduplication appliances I supposed. Anyway, as I wrote is a trade-off and also, some deduplication appliances already have encryption at rest, so Veeam backups can be saved here without internal encryption.
in-flight will work bad with wan accelerators indeed, but also at-rest will have to deal with deduplication appliances I supposed. Anyway, as I wrote is a trade-off and also, some deduplication appliances already have encryption at rest, so Veeam backups can be saved here without internal encryption.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
Exactly. As soon as you say "encrypted backups", you can forget deduplicating storage appliances altogether. Unless you send the raw data in, and have the appliance do the encryption AFTER deduplicating the data. This is one big issue with encryption many people seem to overlook when asking us to add native encryption.
I have always had strong opinion that it is best to have encryption handled by the storage device. Windows have had EFS forever, and many storage appliances support encryption as well. This is particularly why adding native encryption has not been a high priority for us so far.
I have always had strong opinion that it is best to have encryption handled by the storage device. Windows have had EFS forever, and many storage appliances support encryption as well. This is particularly why adding native encryption has not been a high priority for us so far.
-
- Expert
- Posts: 213
- Liked: 26 times
- Joined: Feb 01, 2012 7:24 am
- Full Name: Espen Dykesteen
- Contact:
Re: Encrypted Offsite Backup Files
We move some full backups offiste on disks, it would be great if Veeam could encrypt them.
We used this feature for backup when we were using Acronis. However their customer support and ultimalty their product got worse after every new release....
Thats why we moved to the green corner . Never looked back.
But "at-rest encryption" would be more then welcome.
We used this feature for backup when we were using Acronis. However their customer support and ultimalty their product got worse after every new release....
Thats why we moved to the green corner . Never looked back.
But "at-rest encryption" would be more then welcome.
-
- Enthusiast
- Posts: 27
- Liked: 3 times
- Joined: Jan 26, 2010 4:41 pm
- Full Name: Drew Green
- Contact:
Re: Encrypted Offsite Backup Files
Our solution for offsite backup protection is to create an encrypted TrueCrypt volume out of our external hard drives used for bringing data offsite. Works great. Barring a targeted attack, if a drive is stolen and the thief plugs in the drive, they'll be prompted to format it, wiping out any data. And in that scenario, our data is worthless to the criminal, since not only do they not have the encryption key (or even know that there was any data to begin with), but now it's been wiped out completely (unless a data recovery utility is used). In the case of a targeted attack, we've got bigger issues.
For organizations using network-based offsite backup storage, I'd suggest transferring the backups via an encrypted connection and storing the data on a storage volume that supports Full Disk Encryption (again, could be a TrueCrypt volume).
For organizations using network-based offsite backup storage, I'd suggest transferring the backups via an encrypted connection and storing the data on a storage volume that supports Full Disk Encryption (again, could be a TrueCrypt volume).
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Encrypted Offsite Backup Files
We are now looking at adding this feature. I must say, I don't particularly the way our competition implements this feature. Lots of things to think about, lots of space for innovation. For example, not providing any ways to securely recover the forgotten password seems as a pretty big problem to me.Fiskepudding wrote:But "at-rest encryption" would be more then welcome.
-
- Expert
- Posts: 213
- Liked: 26 times
- Joined: Feb 01, 2012 7:24 am
- Full Name: Espen Dykesteen
- Contact:
Re: Encrypted Offsite Backup Files
Thanx for looking closer at this function.
I see your point, but the risk of forgetting the password VS the risk of badguys having access to all of your data (provided that you somehow lose the backup disks) is a tradeof.
And since (i guess) encrypting the backup will be an option, users has to activly take a decition on witch risk they want to take.
If you think you are going to forget the encryption password you shold not use this function (business as ususal) or you could use a sealed envelope inside the company safe?
Just hope you dont forget the safe combo.
And if you really want to, you can enrypt the file on USB drive and put that in the envelope in the safe with a password you know 100% that you will remember..... overcomplicationg you say? Naaaw
I see your point, but the risk of forgetting the password VS the risk of badguys having access to all of your data (provided that you somehow lose the backup disks) is a tradeof.
And since (i guess) encrypting the backup will be an option, users has to activly take a decition on witch risk they want to take.
If you think you are going to forget the encryption password you shold not use this function (business as ususal) or you could use a sealed envelope inside the company safe?
Just hope you dont forget the safe combo.
And if you really want to, you can enrypt the file on USB drive and put that in the envelope in the safe with a password you know 100% that you will remember..... overcomplicationg you say? Naaaw
-
- Influencer
- Posts: 15
- Liked: 4 times
- Joined: Jan 16, 2012 10:30 am
- Full Name: James Harper
- Contact:
Re: Encrypted Offsite Backup Files
Hi Gostev,
Can you give any indication as to when this feature will be added (release no., date)?
As a managed service provider we use your product for multiple customers mainly due to the instant recovery feature which helps meet SLAs.
However, some of our larger customers store sensitive data and thus to meet regulations, the backup data must be encrypted. Storing the backup files on an encrypted volume is not enough. If the server OS is compromised then the encrypted volume is also - giving them direct access to the vbk's which can be imported without any form of password protection.
Unfortunately in these scenarios we have to choose a different product.
Can you give any indication as to when this feature will be added (release no., date)?
As a managed service provider we use your product for multiple customers mainly due to the instant recovery feature which helps meet SLAs.
However, some of our larger customers store sensitive data and thus to meet regulations, the backup data must be encrypted. Storing the backup files on an encrypted volume is not enough. If the server OS is compromised then the encrypted volume is also - giving them direct access to the vbk's which can be imported without any form of password protection.
Unfortunately in these scenarios we have to choose a different product.
Who is online
Users browsing this forum: Google Adsense [Bot], mbrzezinski, Semrush [Bot], Spex, veremin and 129 guests