Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
User Guide for Microsoft Hyper-V

Data Encryption

Data security is an important part of the backup strategy. You must protect your information from unauthorized access, especially if you back up sensitive VM data to offsite locations or archive it to tape. To keep your data safe, you can use data encryption.

Data encryption transforms data to an unreadable, scrambled format with the help of a cryptographic algorithm and a secret key. If encrypted data is intercepted, it cannot be unlocked and read by the eavesdropper. Only intended recipients who know the secret key can reverse encrypted information back to a readable format.

In Veeam Backup & Replication, encryption works at the following levels:

  • Backup job
  • Transaction log backup job
  • Backup copy job
  • VeeamZIP
  • Tapes in media pools

Veeam Backup & Replication uses the block cypher encryption algorithm. Encryption works at the source side. Veeam Backup & Replication reads VM or file data, encodes data blocks, transfers them to the target side in the encrypted format and stores the data to a file on the backup repository or archives the data to tape. Data decryption is also performed on the source side: Veeam Backup & Replication transfers encrypted data back to the source side and decrypts it there.

Data Encryption 

Data Encryption Note:

Veeam Backup & Replication will pass encryption keys to the target backup repository or cloud repository in the following cases:

  • If you run a backup copy job over WAN accelerators
  • If you perform health check for the encrypted backup files

Beside the job-level encryption, Veeam Backup & Replication allows you to encrypt network traffic going between the primary site and the disaster recovery site. Network traffic encryption is configured as part of global network traffic rules that are set for backup infrastructure components. For network traffic encryption, Veeam Backup & Replication uses the 256-bit Advanced Encryption Standard (AES).

Data Encryption and Deduplication

Data encryption has a negative effect on the deduplication ratio if you use a deduplicating storage appliance as a target. Veeam Backup & Replication uses different encryption keys for every job session. For this reason, encrypted data blocks sent to the deduplicating storage appliances appear as different though they may contain duplicate data. If you want to achieve a higher deduplication ratio, you can disable data encryption.

Data Encryption and Compression

If data compression and data encryption are enabled for a job, Veeam Backup & Replication compresses VM data first and after that encodes the compressed data blocks. Both operations are performed at the source side.

Note, however, that if the Decompress backup data blocks before storing check box is selected in the backup repository settings, Veeam Backup & Replication does not compress VM data before encryption. Therefore, in the job statistics, you may observe a higher amount of transferred data (the Transferred counter) as compared to a job for which encryption is disabled. For details on job statistics, see Viewing Real-Time Statistics.

In This Section

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions Reference

Quick Start Guide for VMware vSphere

Quick Start Guide for Microsoft Hyper-V

Veeam Availability for Nutanix AHV Documentation

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation