Veeam Backup & Replication 9.5 Update 4
User Guide for VMware vSphere
Related documents

Tape Encryption

Veeam Backup & Replication supports two types of encryption for tape media:

  • Hardware level: library- and driver-managed encryption mechanisms provided by the tape vendor
  • Software level: the encryption mechanism provided by Veeam Backup & Replication

Hardware encryption has a higher priority. If hardware encryption is enabled for the tape media, Veeam Backup & Replication automatically disables its software encryption mechanism for such tape libraries. The Veeam encryption mechanism can only be used if hardware encryption is disabled at the tape device level or not supported.

To use the Veeam encryption mechanism, you need to enable encryption at the level of media pool. In this case, Veeam Backup & Replication will encrypt data for all jobs that use tapes from this media pool. Encryption is supported for both types of tape jobs:

  • Backup to tape jobs
  • File to tape jobs

Tape Encryption 

Encryption of data on tapes includes the following steps:

  1. You enable encryption for a media pool and specify a password.
  2. You select the media pool as a target for a backup to tape or file to tape job.
  3. Veeam Backup & Replication generates the necessary keys to protect data archived to tape.
  4. During the backup to tape or file to tape job, the key is passed to the target side. In case of hardware encryption, Veeam Backup & Replication passes the key to the tape device, and the tape device uses its mechanism to encrypt data on tapes. In case of software encryption, Veeam Backup & Replication passes the keys to the tape server, and encrypts data when it is archived to tape.

Tape Encryption 

Backup to tape jobs allow double encryption. The backup to tape job uses a backup file as a source of data. If the backup file is encrypted with the initial backup job and the encryption option is enabled for the backup to tape job, too, the resulting backup file will be encrypted twice. To decrypt such backup file, you will need to subsequently enter two passwords:

  • Password for the initial backup job
  • Password for the media pool

Tape Encryption 

Restore of encrypted data from tape includes the following steps:

  1. You insert tape with encrypted data into the tape drive and perform tape catalogization. The catalogization operations lets Veeam Backup & Replication understand what data is written to tape.
  2. You provide a password to decrypt data archived to tape.
  3. Veeam Backup & Replication uses the provided password to generate a user key and unlock the subsequent keys for data Veeam Backup & Replication retrieves data blocks from encrypted files on tapes and decrypts them.

Tape Encryption 

This Document Help Center
User Guide for VMware vSphereUser Guide for Microsoft Hyper-VEnterprise Manager User GuideVeeam Cloud Connect GuideVeeam Agent Management GuideVeeam Explorers User GuideBackup and Restore of SQL Server DatabasesVeeam Plug-ins for Enterprise ApplicationsPowerShell ReferenceVeeam Explorers PowerShell ReferenceRESTful API ReferenceRequired Permissions ReferenceQuick Start Guide for VMware vSphereQuick Start Guide for Microsoft Hyper-VVeeam Backup for AWS DocumentationVeeam Availability for Nutanix AHV DocumentationVeeam Backup for Microsoft Office 365 DocumentationVeeam ONE DocumentationVeeam Agent for Windows DocumentationVeeam Agent for Linux DocumentationVeeam Management Pack Documentation
I want to report a typo

There is a misspelling right here:

 

I want to let the Veeam Documentation Team know about that.