Creating Encrypted Configuration Backups
Veeam Backup & Replication requires that you encrypt the configuration backup if you have created at least one password in the Password Manager on the backup server. We strongly recommend that you encrypt the configuration backup, even if you have not created any passwords.
Veeam Backup & Replication encrypts credentials, encryption keys, and certificates stored in the configuration database using Data Protection API (DPAPI) mechanisms. For more information, see Microsoft Docs. Data Protection API mechanisms in the configuration backup are replaced with password encryption.
If the configuration backup is unencrypted, data from it can be restored to any backup server. Credentials, encryption keys, and certificates will not be stored in the configuration backup. The content of encrypted files and access to the backup infrastructure will become unavailable after the configuration restore. Additionally, sensitive information such as machine or server IP addresses may be exposed to unintended audiences.
If the Password Manager contains at least one password, and you do not enable encryption for the configuration backup, Veeam Backup & Replication disables configuration backup. To enable the configuration backup, you must enable encryption in the configuration backup job settings.
After you enable the encryption option, Veeam Backup & Replication will create encrypted configuration backups. Beside encryption keys, the created backups capture credential records specified in the Credentials Manager. When you restore data from such backup, you will not have to enter passwords for credentials records again (unless the passwords for credentials records have changed by the time of restore).
To encrypt the configuration backup:
- From the main menu, select Configuration Backup.
- Select the Enable backup file encryption check box.
- From the Password field, select a password you want to use for encryption. If you have not created a password beforehand, click Add or use the Manage passwords link to specify a new password. For more information, see Password Manager.
Note |
If you enable encryption and use cloud plug-ins to protect VMs in Google Cloud, AWS and other environments, Veeam Backup & Replication will also create backups for cloud backup appliances. For more information on appliance configuration backup and restore, see the following guides:
|