This is rather transparent to Veeam once the encryption is correctly configured on vSphere.

I have this looked up in documentation to have to correct wording:

• Configuration in vSphere
  VM encryption instances must be preconfigured in the virtual infrastructure: you must set up the key management server, create the VM encryption policy and assign it to VMs in advance.

• Veeam Requirements

  The backup proxy used for backup must be working in the Virtual appliance transport mode or Network transport mode with SSL encryption enabled.

  The backup proxy working in the Virtual appliance transport mode must be deployed on an encrypted VM. Ensure either that you use a common Key Management Server (KMS) or that the Key Management Server clusters at both sites use common encryption keys.

   

   

Just a friendly reminder, VM encryption referenced in the post by @JMeixner  is not the same as vSAN datastore encryption.

For the Veeam deployment as long as you deploy your Proxy server(s) on the encrypted VSAN datastore using virtual appliance mode the backups will work just fine even with encryption enabled.  I believe Veeam receives the blocks from the VMDK files as unencrypted when doing the backup.

Eeehhhhh…. Oh yes, you are right @haslund 

My mistake.

Then my first thought should be correct. Veeam does not recognize vSAN encryption because it receives decrypted data blocks from the vSAN.

When I remember right my ESX admin colleagues have activated this on one cluster once and it was no problem with Veeam.

Actually, any transport mode (other than Direct Storage Access for obvious reasons) will work when backing up VMs on a vSAN datastore with datastore level encryption enabled.

So does that mean partial marks for this one.