Discussions specific to the VMware vSphere hypervisor
Post Reply
cffit
Expert
Posts: 338
Liked: 34 times
Joined: Jan 20, 2012 2:36 pm
Full Name: Christensen Farms
Contact:

How Encryption Works

Post by cffit » Nov 28, 2014 3:22 pm

I am looking to use the new encryption feature in v8. If I set encryption on a job, then the job runs for some time, in a few weeks if I go to do a restore of a file or the whole VM will I need to provide the encryption key? Or is that only if I have a new instance of VEEAM that I'd have to provide the key?

If I restore VM files from tape will I need to provide the key if I'm using the instance of VEEAM where I setup the encryption key?

I'm just curious when I would need to provide the key.

nefes
Veeam Software
Posts: 625
Liked: 155 times
Joined: Dec 10, 2012 8:44 am
Full Name: Nikita Efes
Contact:

Re: How Encryption Works

Post by nefes » Nov 28, 2014 4:05 pm

To get all the details about how the encryption works, you can read corresponding help topic.
Short answer to your question is the following: you don't need to enter password on the console, that made a backup, if it was not deleted from that console.
If you import existing backup into other console, or re-import into the same - password is required.

cffit
Expert
Posts: 338
Liked: 34 times
Joined: Jan 20, 2012 2:36 pm
Full Name: Christensen Farms
Contact:

Re: How Encryption Works

Post by cffit » Nov 28, 2014 4:43 pm

So if I have Enterprise Plus, and I have Enterprise Manager setup, keys are "automatically" created there when I create an encrypted backup?

Also, the best practices suggests that you change this key often. Won't that cause issues with backups made with previous keys? I assume at that point you need to keep track of what backups use what key?

Shestakov
Veeam Software
Posts: 6910
Liked: 700 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: How Encryption Works

Post by Shestakov » Nov 28, 2014 5:31 pm

Not issues but additional steps.
For instance, say you have backup job with increments and the password has changed once or several times.
So when you are importing a backup file, you will need to specify the whole set of passwords that were used for the files encryption in the chain.

cffit
Expert
Posts: 338
Liked: 34 times
Joined: Jan 20, 2012 2:36 pm
Full Name: Christensen Farms
Contact:

Re: How Encryption Works

Post by cffit » Nov 28, 2014 5:57 pm

So are keys automatically created in Enterprise Manager without me doing a thing? Or do I need to make changes there when I enable encryption?

If I have a backup that is a year old that I need to restore from tape, and the encryption key has changed a few times since then, I'd need to have record of what encryption keys go to which backups correct? That is where I think a best practice of continually changing encryption keys can be dangerous.

foggy
Veeam Software
Posts: 18131
Liked: 1536 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: How Encryption Works

Post by foggy » Nov 28, 2014 6:16 pm

cffit wrote:So are keys automatically created in Enterprise Manager without me doing a thing? Or do I need to make changes there when I enable encryption?
No need for any additional steps, everything is pretty automatic. Probably this description will answer most of the questions.
cffit wrote:If I have a backup that is a year old that I need to restore from tape, and the encryption key has changed a few times since then, I'd need to have record of what encryption keys go to which backups correct? That is where I think a best practice of continually changing encryption keys can be dangerous.
If the backup is not registered in Veeam B&R console anymore or information about the tape is not available in the catalog, then yes, you need to remember all the keys. That is why we've implemented lost password protection.

Post Reply

Who is online

Users browsing this forum: Ash_Silva, Bing [Bot] and 16 guests