Comprehensive data protection for all workloads
Post Reply
karsten123
Service Provider
Posts: 508
Liked: 126 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Backup copy encryption

Post by karsten123 »

Hi,

i want to encrypt the primary backups and the backup copies.

After setup the backup job with encryption and configure the copy job, the configuration wizard says „Source backup has encryption enabled. Consider enabling encryption for Backup Copy job as well.“

I thought, that the backup copy is encrypted automatically if the source job is encrypted.

Im confused 🫤

Thanks for clarification
Best regards
Karsten
david.domask
Veeam Software
Posts: 2346
Liked: 555 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: Backup copy encryption

Post by david.domask »

Hi Karsten!

Backup Copy will decrypt the data first on source side if the source backups are encrypted: https://helpcenter.veeam.com/docs/backu ... ml?ver=120

Remember, backup copy is not a "simple" file copy, it's opening the backup file and reading the data blocks out of it, so decryption happens there. Force network encryption if the connection is not going over public route, and enable encryption in the Backup Copy job settings to have encryption on primary backups, backup copy backups, and in-flight between repositories.
David Domask | Product Management: Principal Analyst
karsten123
Service Provider
Posts: 508
Liked: 126 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Re: Backup copy encryption

Post by karsten123 »

Hi David,

thank you very much for the clarification.

Is there any registry key to force encryption for all network traffic or should i configure it via the network traffic rule setup, as you wrote?

Thanks again
david.domask
Veeam Software
Posts: 2346
Liked: 555 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: Backup copy encryption

Post by david.domask »

Happy to shed some light on the matter!

I would set it in the UI as it's best practice, but there is additional registry value to force that the datamover agent traffic is always encrypted: post294901.html#p294901

Name: ForceAgentTrafficEncryption
Type: REG_DWORD
Value: 0 (default) - not forced, respects the UI rules, 1 - Forces datamover traffic to always be encrypted
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication on Veeam Server

I'm not confident the caution in the linked topic is as relevant anymore regarding performance drops (just haven't seen/heard of anything significant on this in awhile), but there may still be some drop. I would advise test first from the UI on specific networks, and if everything looks good, test with the registry value.
David Domask | Product Management: Principal Analyst
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Semrush [Bot] and 108 guests