Veeam Backup & Replication 9.5 Update 4
User Guide for VMware vSphere
Related documents

Data Encryption

Data security is an important part of the backup strategy. You must protect your information from unauthorized access, especially if you back up sensitive VM data to offsite locations or archive it to tape. To keep your data safe, you can use data encryption.

Data encryption transforms data to an unreadable, scrambled format with the help of a cryptographic algorithm and a secret key. If encrypted data is intercepted, it cannot be unlocked and read by the eavesdropper. Only intended recipients who know the secret key can reverse encrypted information back to a readable format.

In Veeam Backup & Replication, encryption works at the following levels:

  • Backup job
  • Transaction log backup job
  • Backup copy job
  • VeeamZIP
  • Tapes in media pools

Veeam Backup & Replication uses the block cypher encryption algorithm. Encryption works at the source side. Veeam Backup & Replication reads VM or file data, encodes data blocks, transfers them to the target side in the encrypted format and stores the data to a file on the backup repository or archives the data to tape. Data decryption is also performed on the source side: Veeam Backup & Replication transfers encrypted data back to the source side and decrypts it there.

Data Encryption 

Data Encryption Note:

Veeam Backup & Replication will pass encryption keys to the target backup repository or cloud repository in the following cases:

  • If you run a backup copy job over WAN accelerators
  • If you perform health check for the encrypted backup files

Beside the job-level encryption, Veeam Backup & Replication allows you to encrypt network traffic going between the primary site and the disaster recovery site. Network traffic encryption is configured as part of global network traffic rules that are set for backup infrastructure components. For network traffic encryption, Veeam Backup & Replication uses the 256-bit Advanced Encryption Standard (AES).

Data Encryption and Deduplication

Data encryption has a negative effect on the deduplication ratio if you use a deduplicating storage appliance as a target. Veeam Backup & Replication uses different encryption keys for every job session. For this reason, encrypted data blocks sent to the deduplicating storage appliances appear as different though they may contain duplicate data. If you want to achieve a higher deduplication ratio, you can disable data encryption.

Data Encryption and Compression

If data compression and data encryption are enabled for a job, Veeam Backup & Replication compresses VM data first and after that encodes the compressed data blocks. Both operations are performed at the source side.

Note, however, that if the Decompress backup data blocks before storing check box is selected in the backup repository settings, Veeam Backup & Replication does not compress VM data before encryption. Therefore, in the job statistics, you may observe a higher amount of transferred data (the Transferred counter) as compared to a job for which encryption is disabled. For details on job statistics, see Viewing Real-Time Statistics.

In This Section

This Document Help Center
User Guide for VMware vSphereUser Guide for Microsoft Hyper-VEnterprise Manager User GuideVeeam Cloud Connect GuideVeeam Agent Management GuideVeeam Explorers User GuideBackup and Restore of SQL Server DatabasesVeeam Plug-ins for Enterprise ApplicationsPowerShell ReferenceVeeam Explorers PowerShell ReferenceRESTful API ReferenceRequired Permissions ReferenceQuick Start Guide for VMware vSphereQuick Start Guide for Microsoft Hyper-VVeeam Backup for AWS DocumentationVeeam Availability for Nutanix AHV DocumentationVeeam Backup for Microsoft Office 365 DocumentationVeeam ONE DocumentationVeeam Agent for Windows DocumentationVeeam Agent for Linux DocumentationVeeam Management Pack Documentation
I want to report a typo

There is a misspelling right here:

 

I want to let the Veeam Documentation Team know about that.