Encrypting Standalone Application Backups in Backup Repositories
At the storage encryption level, you can encrypt backup files created by the following standalone applications:
- Veeam Agents operating in the standalone mode
- Veeam Backup for Nutanix AHV
- Veeam Backup for Proxmox VE
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
- Veeam Kasten for Kubernetes
Veeam Backup & Replication encrypts files at the standalone application side in the following way:
Backup Repository | Encryption |
---|---|
Regular backup repository:
| Backup files are encrypted before uploading to the backup repository. To encrypt backup files, a standalone application uses encryption password specified in the Access Permissions settings. For more details, see Enabling Encryption for Standalone Application Backups. |
Scale-out repository | Backup files are encrypted before uploading to the scale-out backup repository. To encrypt backup files before uploading to a performance tier, a standalone application uses encryption password specified in the Access Permissions settings for the scale-out backup repository. For more details, see Enabling Encryption for Standalone Application Backups. To encrypt backup files before uploading to a capacity or archive tier, a standalone application uses encryption password specified in the capacity tier settings. For more details, see Adding Scale-Out Backup Repositories. |
Requirements and Limitations
Consider the following:
- For backup files created by Veeam Agents operating in the standalone mode, data encryption with KMS keys is not supported. For more information, see Key Management System Keys.
- To encrypt backup files created by Veeam Agents operating in the managed mode, you must configure encryption in the backup job settings. For example, to learn how to encrypt backup files created by managed Veeam Agent for Microsoft Windows, see the Storage Settings section in the Veeam Agent Management Guide.
- To encrypt backup files created by other platforms and applications, you must configure encryption in the backup job settings. For more information, see Creating Backup Jobs.
- Data encryption has a negative effect on the deduplication ratio. If you want to achieve a higher deduplication ratio, use only deduplicating storage appliance encryption. For more details, see Data Encryption and Deduplication.
Enabling Encryption for Standalone Application Backups
To encrypt standalone application backups, do the following:
- Open the Backup Infrastructure view.
- In the inventory pane, select the Backup Repositories or Scale-out Repositories node.
- In the working area, select the necessary backup repository and click Set Access Permissions on the ribbon or right-click the backup repository and select Access permissions. If you do not see the Set Access Permissions button on the ribbon or the Access permissions command is not available in the shortcut menu, press and hold the [Ctrl] key, right-click the backup repository and select Access permissions.
- In the Standalone applications window, select the Encrypt standalone application backups stored in this repository check box and choose the necessary password from the field under the check box. If you have not specified a password beforehand, click Add on the right or the Manage passwords link to add a new password.