• EN
Solved

Encryption At Rest Amazon S3 and Disk

P
Userlevel 2
  • PeteM
  • Comes here often
  • 0 comments

Veeam Backup & Recovery 9.5 (VMWare)

When setting up my Backup Jobs. “I Enable backup file encryption.” If I am correct this would mean that the file is “Encrypted at Rest” on the backup disk.

After 30 days I move this to a Amazon S3 Bucket. I have set up the Capacity Tier to “Encrypt data uploaded to object storage”. Is the Backup “Encrypted at Rest” in the S3 Bucket or do I need to turn on disk Encryption in Amazon?

Is there some documentation that explains the above scenario?

icon

Best answer by haslund 17 March 2021, 15:55

View original

3 comments

Chris.Childerhose
Userlevel 7
Badge +20

For the first point, the answer is yes that it is encrypted at rest.

 

I am pretty sure for point 2 that if you have the Capacity Tier set up with encryption on your SOBR that it will be encrypted in-flight and at rest without the need for encryption in Amazon.

 

Here is a great reference from the Best Practice site - Encryption - Veeam Backup & Replication Best Practice Guide

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
haslund
Userlevel 7
Badge +11

When you enabled encryption on the backup job, it is encrypting data inside your vbk/vrb/vib backups files on your local backup storage.

The question is, what happens when you then also enable the encryption feature on the capacity tier?

Link: https://helpcenter.veeam.com/docs/backup/vsphere/new_capacity_tier.html?ver=110

Good question, I am not sure if it will just off-load the data as-is or if it will encrypt it a second time. I’ll find out. Regardless, the data uploaded will be encrypted 100%

No need to worry about additional encryption at AWS.

Check out my blog on https://rasmushaslund.com - Rasmus is a Veeam Certified Trainer and passionate about all community work.
Link State
Userlevel 7
Badge +7

 

Do you have 9.5 U4? 

here the guide for your version  Data Encryption - Veeam Backup Guide for vSphere 9.5 U4

there are differences between the various supported versions related to cryptography

How Data Encryption Works - Veeam Backup Guide for vSphere  version 11 not 9.5

Backup Repository Encryption - Veeam Backup & Replication Best Practice Guide Version 9.5 Update 4a

 

gl

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)

Comment


Terms & Conditions