На главную | Поддержка | Загрузки
Veeam Backup & Replication 8.0 для Hyper-V: Базовые сценарии

Help Center  > Veeam Backup & Replication: Базовые сценарии > Restoring Data from Encrypted Backup File Without Password

Restoring Data from Encrypted Backup File Without Password

Распечатать данный раздел

Содержание

When you import an encrypted backup file on another Veeam backup server and try to restore VM data from it, Veeam Backup & Replication requires a password to unlock the backup file content. In most products, if you do not provide a password, the file content will remain locked, and the backup will be of no use. Veeam Backup & Replication lets you decrypt encrypted backups even if you have lost a password, or the person who knows the password has left your organization.

To enable data decryption without a password, Veeam Backup & Replication stores the actual encryption key in the backup file twice:

First, Veeam Backup & Replication encrypts the key with a password that you set for the job.
Second, Veeam Backup & Replication encrypts the key with a public key from Veeam Backup Enterprise Manager.

The public key from Veeam Backup Enterprise Manager plays the role of a ‘duplicate key’. To decrypt the backup file, you can either provide a password or submit a request to Veeam Backup Enterprise Manager. Veeam Backup Enterprise Manager will process your request: it will apply a private key matching the public key that was used for backup file encryption. As a result, you will be able to access backup data in the Veeam Backup & Replication console.

Evaluation Case

In this exercise, you will create an encrypted backup and restore data from it without a password. To do this, you will perform the following steps:

1.Create an encrypted backup with a backup job.
2.To emulate a situation of data decryption on another Veeam backup server, remove the created backup from the Veeam Backup & Replication console and re-import the created backup back to the Veeam Backup & Replication console.
3.Decrypt the backup file without a password.

Prerequisites

Make sure that the Veeam backup server is connected to Veeam Backup Enterprise Manager.
Make sure that Enterprise or Enterprise Plus license is installed on the Veeam backup server. You can use a valid trial license or paid license.

Procedure

Step 1. Create an encrypted backup

1.Open properties of a backup job that you have configured in the Performing Backup exercise.
2.Pass to the Storage step of the wizard and click Advanced.
3.In the Advanced Settings window, click the Storage tab.

4.In the Encryption section, select the Enable backup file encryption check box and click Add on the right.
5.In the Password field, enter a password that you want to use for the backup file encryption. To view the entered password, click and hold the eye icon on the right of the field.
6.In the Description field, enter a hint for the password.
7.Make sure that the Loss protection enabled label is displayed under the Password field. In the opposite case, you will not be able to restore data from the encrypted backup without a password.

8.Save the new job settings and run the backup job once again to produce an encrypted backup file.
9.When you enable encryption for an already existing backup job, Veeam Backup & Replication restarts the backup chain — it produces a new full backup. To make sure that the encrypted backup has been created, open the target folder on the backup repository, find a subfolder with the backup job name and make sure that a new VBK file is added to the backup chain.

Click to zoom in

Step 2. Remove the backup from the console and re-import it

1.In Veeam Backup & Replication, open the Backup & Replication view.
2.In the inventory pane, select Backups > Disk.
3.In the working area, right-click the backup job and select Remove from backups.

Veeam Backup & Replication will remove records about the created backup and encryption keys from the Veeam Backup & Replication database. The actual backup files will remain on the backup repository.

Click to zoom in

4.On the Home tab of the ribbon, click Import Backup.
5.From the Computer list, select a backup repository where backup files are located.
6.In the Backup file field, specify a path to the VBM backup file on the backup repository.

Click to zoom in

7.Click OK. Veeam Backup & Replication will import the backup and place it under the Backups > Encrypted node.
8.Additionally, Veeam Backup & Replication will display a warning that the backup file you import is encrypted. Click OK in the message window to close it.

Step 3. Decrypt the backup file without a password

1.In the inventory pane, click the Encrypted node under Backups.
2.In the working area, right-click the imported job and select Specify password.
3.In the Specify Password window, click the I have lost the password link.

Click to zoom in

4.In the Encryption Key Restore wizard, click Copy to clipboard to copy the displayed request for data decryption.
5.Open Veeam Backup Enterprise Manager.
6.In the top right corner of the window, click Configuration.
7.Click Key Management on the left.
8.Click Password Recovery at the top of the view.
9.In the Challenge Request window, enter the copied text of the request.

Click to zoom in

10.Pass through the next steps of the wizard. At the Response step of the wizard, copy the displayed text to the clipboard.

Get back to the Veeam Backup & Replication console; in the Encryption Key Restore wizard, click Next.

11.At the Response step of the wizard, enter the copied response to the text field and click Next. Veeam Backup & Replication will decrypt the backup file and move the imported backup to the Backups > Disk (imported) node.

Validation

1.Open the Backup & Replication view.
2.Select the Disk (imported) node in the inventory pane.
3.Make sure that the imported backup is available in the working area.


Содержание