+14
Happy Monday! 
I’ll try and post a little pop quiz question each day, hope to hear from many of you. Did you know the answer? Did you look it up in the documentation? Did you try it in a lab? Please share some details along with your answer.
The virtualization team uses vSAN for all datastores and is considering to enable vSAN datastore encryption. What impact would this have to the Veeam deployment?
Best answer by JMeixner
View original
+17
This is rather transparent to Veeam once the encryption is correctly configured on vSphere.
I have this looked up in documentation to have to correct wording:
Veeam Requirements
The backup proxy used for backup must be working in the Virtual appliance transport mode or Network transport mode with SSL encryption enabled.
The backup proxy working in the Virtual appliance transport mode must be deployed on an encrypted VM. Ensure either that you use a common Key Management Server (KMS) or that the Key Management Server clusters at both sites use common encryption keys.
+14
Just a friendly reminder, VM encryption referenced in the post by
+20
For the Veeam deployment as long as you deploy your Proxy server(s) on the encrypted VSAN datastore using virtual appliance mode the backups will work just fine even with encryption enabled. I believe Veeam receives the blocks from the VMDK files as unencrypted when doing the backup.
+17
Eeehhhhh…. Oh yes, you are right 
My mistake.
Then my first thought should be correct. Veeam does not recognize vSAN encryption because it receives decrypted data blocks from the vSAN.
When I remember right my ESX admin colleagues have activated this on one cluster once and it was no problem with Veeam.
+14
For the Veeam deployment as long as you deploy your Proxy server(s) on the encrypted VSAN datastore using virtual appliance mode the backups will work just fine even with encryption enabled. I believe Veeam receives the blocks from the VMDK files as unencrypted when doing the backup.
Actually, any transport mode (other than Direct Storage Access for obvious reasons) will work when backing up VMs on a vSAN datastore with datastore level encryption enabled.
+20
For the Veeam deployment as long as you deploy your Proxy server(s) on the encrypted VSAN datastore using virtual appliance mode the backups will work just fine even with encryption enabled. I believe Veeam receives the blocks from the VMDK files as unencrypted when doing the backup.
Actually, any transport mode (other than Direct Storage Access for obvious reasons) will work when backing up VMs on a vSAN datastore with datastore level encryption enabled.
So does that mean partial marks for this one. 
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
