Host-based backup of VMware vSphere VMs.
Post Reply
cffit
Veteran
Posts: 338
Liked: 35 times
Joined: Jan 20, 2012 2:36 pm
Full Name: Christensen Farms
Contact:

How Encryption Works

Post by cffit »

I am looking to use the new encryption feature in v8. If I set encryption on a job, then the job runs for some time, in a few weeks if I go to do a restore of a file or the whole VM will I need to provide the encryption key? Or is that only if I have a new instance of VEEAM that I'd have to provide the key?

If I restore VM files from tape will I need to provide the key if I'm using the instance of VEEAM where I setup the encryption key?

I'm just curious when I would need to provide the key.
nefes
Veeam Software
Posts: 649
Liked: 170 times
Joined: Dec 10, 2012 8:44 am
Full Name: Nikita Efes
Contact:

Re: How Encryption Works

Post by nefes »

To get all the details about how the encryption works, you can read corresponding help topic.
Short answer to your question is the following: you don't need to enter password on the console, that made a backup, if it was not deleted from that console.
If you import existing backup into other console, or re-import into the same - password is required.
cffit
Veteran
Posts: 338
Liked: 35 times
Joined: Jan 20, 2012 2:36 pm
Full Name: Christensen Farms
Contact:

Re: How Encryption Works

Post by cffit »

So if I have Enterprise Plus, and I have Enterprise Manager setup, keys are "automatically" created there when I create an encrypted backup?

Also, the best practices suggests that you change this key often. Won't that cause issues with backups made with previous keys? I assume at that point you need to keep track of what backups use what key?
Shestakov
Veteran
Posts: 7328
Liked: 781 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: How Encryption Works

Post by Shestakov »

Not issues but additional steps.
For instance, say you have backup job with increments and the password has changed once or several times.
So when you are importing a backup file, you will need to specify the whole set of passwords that were used for the files encryption in the chain.
cffit
Veteran
Posts: 338
Liked: 35 times
Joined: Jan 20, 2012 2:36 pm
Full Name: Christensen Farms
Contact:

Re: How Encryption Works

Post by cffit »

So are keys automatically created in Enterprise Manager without me doing a thing? Or do I need to make changes there when I enable encryption?

If I have a backup that is a year old that I need to restore from tape, and the encryption key has changed a few times since then, I'd need to have record of what encryption keys go to which backups correct? That is where I think a best practice of continually changing encryption keys can be dangerous.
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: How Encryption Works

Post by foggy »

cffit wrote:So are keys automatically created in Enterprise Manager without me doing a thing? Or do I need to make changes there when I enable encryption?
No need for any additional steps, everything is pretty automatic. Probably this description will answer most of the questions.
cffit wrote:If I have a backup that is a year old that I need to restore from tape, and the encryption key has changed a few times since then, I'd need to have record of what encryption keys go to which backups correct? That is where I think a best practice of continually changing encryption keys can be dangerous.
If the backup is not registered in Veeam B&R console anymore or information about the tape is not available in the catalog, then yes, you need to remember all the keys. That is why we've implemented lost password protection.
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 34 guests