Veeam Backup & Recovery 9.5 (VMWare)
When setting up my Backup Jobs. “I Enable backup file encryption.” If I am correct this would mean that the file is “Encrypted at Rest” on the backup disk.
After 30 days I move this to a Amazon S3 Bucket. I have set up the Capacity Tier to “Encrypt data uploaded to object storage”. Is the Backup “Encrypted at Rest” in the S3 Bucket or do I need to turn on disk Encryption in Amazon?
Is there some documentation that explains the above scenario?
For the first point, the answer is yes that it is encrypted at rest.
I am pretty sure for point 2 that if you have the Capacity Tier set up with encryption on your SOBR that it will be encrypted in-flight and at rest without the need for encryption in Amazon.
Here is a great reference from the Best Practice site - Encryption - Veeam Backup & Replication Best Practice Guide
When you enabled encryption on the backup job, it is encrypting data inside your vbk/vrb/vib backups files on your local backup storage.
The question is, what happens when you then also enable the encryption feature on the capacity tier?
Link: https://helpcenter.veeam.com/docs/backup/vsphere/new_capacity_tier.html?ver=110
Good question, I am not sure if it will just off-load the data as-is or if it will encrypt it a second time. I’ll find out. Regardless, the data uploaded will be encrypted 100%
No need to worry about additional encryption at AWS.
Do you have 9.5 U4?
here the guide for your version Data Encryption - Veeam Backup Guide for vSphere 9.5 U4
there are differences between the various supported versions related to cryptography
How Data Encryption Works - Veeam Backup Guide for vSphere version 11 not 9.5
Backup Repository Encryption - Veeam Backup & Replication Best Practice Guide Version 9.5 Update 4a
gl
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
