Encrypted VMs

Note

All limitations and considerations below also apply to a VM with a Virtual Trusted Platform Module (vTPM) as vTPM requires VM encryption to be enabled.

Veeam Backup & Replication provides support for VMware vSphere encrypted VMs.

Note

CDP meets specific requirements for VMs encrypted on VMware side. For more information, see the Virtual Machines section.

Backup of Encrypted VMs

To back up VMware encrypted VMs, the backup infrastructure must meet the following requirements:

Restore of Encrypted VMs

Veeam Backup & Replication supports the following restore options:

The backup infrastructure must meet the following requirements:

If you restore a VM as an encrypted one to the specified location, ensure that the target datastore is under the VM Encryption Policy node.

If a VM has several disks, you can optionally restore some disks as encrypted and some disks as unencrypted. Keep in mind, that even if one disk is restored as encrypted, the VM configuration file must also be placed on a datastore under the VM Encryption Policy node.

Replication of Encrypted VMs

To replicate VMware encrypted VMs, the backup infrastructure must meet the following requirements:

Note

If you do not set up KMS, the replication job will not fail, but replicated VMs will not be encrypted in this case.

To replicate a VM as an encrypted one, place disks and the configuration file of the VM replica on datastores compatible with the VM encryption policy:

  1. At the Destination step of the wizard, click Choose near the Datastore field.
  2. In the Select Datastore window, select a datastore under the VM Encryption Policy node.

Note

Multi-OS guest OS file restore for encrypted VM replicas is not supported.

Failback of Encrypted VM Replicas

To fail back VMware encrypted VMs replicas, the backup infrastructure must meet the following requirements:

If you fail back an encrypted VM replica to the specified location, ensure that the target datastore is under the VM Encryption Policy node.