During failback, Veeam Backup & Replication lets you restore a VM as encrypted.
To let Veeam Backup & Replication successfully restore an encrypted VMs, the backup infrastructure must meet the following requirements:
- VM encryption instances must be pre-configured in the virtual infrastructure: you must set up the key management server, create the VM encryption policy and assign it to VMs in advance.
- The backup proxy used for failback must be working in the Virtual appliance transport mode or Network transport mode with SSL encryption enabled.
- The backup proxy working in the Virtual appliance transport mode must be deployed on an encrypted VM.
- You must place VM disks on datastores to which the VM Encryption policy is assigned. To do this, at the Datastore step of the wizard, select a VM disk, click Datastore and select a datastore under the VM Encryption policy.
If a VM has several disks, you can optionally restore some disks as encrypted and some disks as unencrypted. Keep in mind, however, that the VM configuration file must always be placed on a datastore to which the VM Encryption policy is assigned.