Does anybody have any ideas on ways to provide in-flight encryption for Veeam Agent for Linux backups? That is, how do I encrypt the NFS or SMB traffic? (If B&R can encrypt in-flight, I'd like to know, but I currently can't afford the license, so I need an NFS or SMB solution.)
I cannot use Kerberized NFS4, so haven't even tried.
Things I've already considered:
Mount SSHFS with a pre-job script and configure Veeam to use that as a "local" repository. I don't like this, because if the SSHFS mounting fails, the path will be on a filesystem I'm trying to back up. Dunno how Veeam might handle that. I can mark the directory immutable to prevent it from being able to write if SSHFS is not mounted, but that just feels janky.
Use SSH port forwarding to tunnel NFS. This lets me use an NFS repository, so I avoid the problem of Veeam trying to do a backup if the target is not actually available. But this feels really janky. And this and SSHFS would require keeping track of SSH keys and is more hassle than I want to commit to.
Use Samba with "smb encrypt = mandatory" for the share. This doesn't seem to work at all. I get access denied messages in my logs, where without that config line, it mounts and backs up just fine. Apparently mount.cifs didn't support encrypted shares until kernel 4.11 [1], which came out Monday!
Alternatively (and preferred), does anybody know if the Veeam agent is going to support native encryption in the client? How is that missing?
[1] https://lists.samba.org/archive/samba/2 ... 07530.html
-
- Lurker
- Posts: 1
- Liked: never
- Joined: May 03, 2017 6:28 pm
- Contact:
-
- Product Manager
- Posts: 6551
- Liked: 765 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: in-flight encryption for Veeam Agent for Linux backups?
Hi,
Native backup encryption will be added later this year.
Thanks.
Currently we encrypt disks data that is transmitted between source (VAL) and target (VBR repository) datamovers. Also I'd like to remind you that you don't need a full-blown VBR license to be able to send backups to VBR repository, just install agent license on VBR instead, and select "Encryption" in the "Storage" tab in repository setting.If B&R can encrypt in-flight, I'd like to know, but I currently can't afford the license, so I need an NFS or SMB solution.)
Being unable to write data to the destination the backup job will fail.Dunno how Veeam might handle that
Native backup encryption will be added later this year.
Thanks.
Who is online
Users browsing this forum: No registered users and 10 guests