Skip to main content

Hello guys, 
I was looking the new Security and Compliance feature. 
In my lab the following recommendations are marked as passed :

For the first one if I look in the configuration of my proxies the NBDSSL is not checked
 

For the second, I don’t have configure encryption for the LAN backup network

So I don’t know why by default Veeam mention them as passed. Any idea?​​​​​​​

If I am not mistaken the NBDSSL does not apply unless the transport mode is set to Network mode and yours is Automatic, so Veeam selects the best mode and many of them are encrypted by default.  This I believe then ties to the second option that passed for network traffic encryption.

However, these pages seem to contradict my theory and it looks like you should have a network rule for your LAN to encrypt traffic -

Enabling Traffic Encryption - User Guide for VMware vSphere (veeam.com) -- this does mention encryption within the job.

Network Transport Encryption | Veeam Backup & Replication Best Practice Guide

So, it will be nice to find out what constitutes these as passing if those are not the options that it looks at when running the Analyzer.


Maybe @Rick Vanover can shed some light on this?


If I am not mistaken the NBDSSL does not apply unless the transport mode is set to Network mode and yours is Automatic, so Veeam selects the best mode and many of them are encrypted by default.  This I believe then ties to the second option that passed for network traffic encryption.

However, these pages seem to contradict my theory and it looks like you should have a network rule for your LAN to encrypt traffic -

Enabling Traffic Encryption - User Guide for VMware vSphere (veeam.com) -- this does mention encryption within the job.

Network Transport Encryption | Veeam Backup & Replication Best Practice Guide

So, it will be nice to find out what constitutes these as passing if those are not the options that it looks at when running the Analyzer.

That sounds right. It should apply when set to Network Mode. If Automatic is selected and Veeam selects Network Mode, it should encrypt the data. 

Paging @Mildur for clarification


Hi @Stabz 

Thank you for bringing this to our awareness. 

 

That sounds right. It should apply when set to Network Mode. If Automatic is selected and Veeam selects Network Mode, it should encrypt the data. 

Paging @Mildur for clarification

Thanks Dips for paging me. Discussed with the team and QA. 

Currently it’s green when you choose Automatic.

In an upcoming patch, we'll ensure it's marked as "not implemented" when NBD SSL is disabled, even if the Automatic option is selected. 

 

Best,

Fabian


Thanks @Mildur 


Good to know about this getting fixed in a future build. 😎


Hi @Stabz 

Thank you for bringing this to our awareness. 

 

That sounds right. It should apply when set to Network Mode. If Automatic is selected and Veeam selects Network Mode, it should encrypt the data. 

Paging @Mildur for clarification

Thanks Dips for paging me. Discussed with the team and QA. 

Currently it’s green when you choose Automatic.

In an upcoming patch, we'll ensure it's marked as "not implemented" when NBD SSL is disabled, even if the Automatic option is selected. 

 

Best,

Fabian

Thank @Mildur for this information and good to know than a fix it’s already on the road. I presume it’s the same for the “Network traffic encryption” if encryption is enabled for Internet it’s marked as passed?

 


Good clarification. Thanks Fabian!


Comment