in-flight encryption for Veeam Agent for Linux backups?

Backup agent for Linux servers and workstations on-premises or in the public cloud

in-flight encryption for Veeam Agent for Linux backups?

Veeam Logoby phishpin » Wed May 03, 2017 8:08 pm

Does anybody have any ideas on ways to provide in-flight encryption for Veeam Agent for Linux backups? That is, how do I encrypt the NFS or SMB traffic? (If B&R can encrypt in-flight, I'd like to know, but I currently can't afford the license, so I need an NFS or SMB solution.)

I cannot use Kerberized NFS4, so haven't even tried.

Things I've already considered:

Mount SSHFS with a pre-job script and configure Veeam to use that as a "local" repository. I don't like this, because if the SSHFS mounting fails, the path will be on a filesystem I'm trying to back up. Dunno how Veeam might handle that. I can mark the directory immutable to prevent it from being able to write if SSHFS is not mounted, but that just feels janky.

Use SSH port forwarding to tunnel NFS. This lets me use an NFS repository, so I avoid the problem of Veeam trying to do a backup if the target is not actually available. But this feels really janky. And this and SSHFS would require keeping track of SSH keys and is more hassle than I want to commit to.

Use Samba with "smb encrypt = mandatory" for the share. This doesn't seem to work at all. I get access denied messages in my logs, where without that config line, it mounts and backs up just fine. Apparently mount.cifs didn't support encrypted shares until kernel 4.11 [1], which came out Monday!

Alternatively (and preferred), does anybody know if the Veeam agent is going to support native encryption in the client? How is that missing?

[1] https://lists.samba.org/archive/samba/2 ... 07530.html
phishpin
Lurker
 
Posts: 1
Liked: never
Joined: Wed May 03, 2017 6:28 pm

Re: in-flight encryption for Veeam Agent for Linux backups?

Veeam Logoby PTide » Fri May 05, 2017 8:52 am

Hi,

If B&R can encrypt in-flight, I'd like to know, but I currently can't afford the license, so I need an NFS or SMB solution.)
Currently we encrypt disks data that is transmitted between source (VAL) and target (VBR repository) datamovers. Also I'd like to remind you that you don't need a full-blown VBR license to be able to send backups to VBR repository, just install agent license on VBR instead, and select "Encryption" in the "Storage" tab in repository setting.

Dunno how Veeam might handle that
Being unable to write data to the destination the backup job will fail.

Native backup encryption will be added later this year.

Thanks.
PTide
Veeam Software
 
Posts: 3019
Liked: 245 times
Joined: Tue May 19, 2015 1:46 pm


Return to Veeam Agent for Linux



Who is online

Users browsing this forum: No registered users and 7 guests