I'm trying to understand what happens, or needs to happen, when I change the encryption key for an existing installation with VB365.
Assuming I have an installation that's been doing daily backups for many months (snapshot based, retention 1 year), to object storage, and has encryption enabled on the repo.
Now I change the encryption key, then what?
In VBR I believe a new full needs to run, but how does this work with VB365?
And assume I do change the encryption key, and after lets say a month I need to restore something from 3 months ago, do I need the 1e key, the 2e key, or both?
Any clarification on this matter would be greatly appreciated.
-
- Service Provider
- Posts: 98
- Liked: 5 times
- Joined: Aug 24, 2010 8:55 am
- Full Name: Alex
- Contact:
-
- Product Manager
- Posts: 9353
- Liked: 2486 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: encryption key rotation
Hi Alex
Only the most recent encryption password is required to access all restore points.
Let me check with our user guide team if we can provide more detailed documentation for our VB365 encryption/decryption behavior.
VBR doesn't require an active full after you change the encryption key. New backup files will be encrypted by the new encryption key. While existing backup file will stay encrypted with the previous key.
Active full in VBR is only required if you enable encryption on an existing job.
Best,
Fabian
Only the most recent encryption password is required to access all restore points.
Let me check with our user guide team if we can provide more detailed documentation for our VB365 encryption/decryption behavior.
VB365 will continue with incremental backup after you have changed the encryption key.In VBR I believe a new full needs to run, but how does this work with VB365?
VBR doesn't require an active full after you change the encryption key. New backup files will be encrypted by the new encryption key. While existing backup file will stay encrypted with the previous key.
Active full in VBR is only required if you enable encryption on an existing job.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Service Provider
- Posts: 98
- Liked: 5 times
- Joined: Aug 24, 2010 8:55 am
- Full Name: Alex
- Contact:
Re: encryption key rotation
Ah check, of course, for vbr only after enabling.
But, trying to fully understand your words, you say "continue with synthetic full backup", does this mean that "extra" processing (in time) is required for the next daily backup or is it just business as usual, same runtime for the daily but somehow the entire chain is restorable with only the new encryption key?
But, trying to fully understand your words, you say "continue with synthetic full backup", does this mean that "extra" processing (in time) is required for the next daily backup or is it just business as usual, same runtime for the daily but somehow the entire chain is restorable with only the new encryption key?
-
- Product Manager
- Posts: 9353
- Liked: 2486 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: encryption key rotation
I apologize. My head is messed up this morning (not enough coffee yet).
I meant incremental. VB365 will continue with an incremental backup after you change the encryption key
Best,
Fabian
I meant incremental. VB365 will continue with an incremental backup after you change the encryption key
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: Semrush [Bot] and 84 guests