Veaam backup/tape encryption notes
Veaam backup/tape encryption notes
Some customers have started encrypting their backups, or are just beginning to. This is a smart move because, in case of an attack, backups can be stolen as well as deleted.
And when it comes to tapes — especially those being transported to/from a bank or another site — they can be easily lost or stolen… physically.
*Veeam *handles encryption intelligently. For tapes, encryption settings are found in the *Media Pool *configuration. If the tape library supports hardware-level encryption, **the best part is that you don’t have to choose whether to configure encryption in Veeam or in the library — just enable it in Veeam, and the key will be automatically passed to the library, which will handle encryption without consuming CPU resources on the Tape Server. If the library doesn’t support encryption, *Veeam *takes care of everything, at the cost of some processing load on the Tape Server.
The challenge with backup encryption is the same as with a chastity belt: you must not lose the key! Luckily, *Veeam *helps with that too, thanks to its password protection/recovery feature provided by Enterprise Manager.
Important note: For this “safety net” feature to work, the Veeam Server must be connected to the Enterprise Manager, and the feature must be enabled on Enterprise Manager before you start encrypting tapes. As the manual states:
“If you enable password loss protection, the public Enterprise Manager key is automatically sent to the backup server and stored in the configuration database. When Veeam Backup & Replication encrypts backup files, it uses a secret key or a KMS key and a public Enterprise Manager key simultaneously.”
References:
Best practices for Tape encryption
Enterprise Manager password loss protection
Fabrizio De Andrè “Re Carlo Martello torna dalla battaglia di Poitiers”
“se ansia di gloria e sete d’onore spegne la guerra al vincitore non ti concede un momento per fare all’amore
chi poi impone alla sposa soave di castità la cintura aimè grave in battaglia può correre il rischio di perder la chiave”