Hey everyone! We're using Veeam with a Scale-Out Backup Repository (SOBR) and the performance tier is on-premises. Due to compliance requirements, we need to ensure those backups are encrypted. Veeam can't retroactively encrypt existing backups, so we're considering using BitLocker to encrypt the whole disk. My question is, will enabling BitLocker on Windows Server deduplicated drives cause any problems?
3 Answers
I really wouldn’t suggest using BitLocker. It tends to slow down write speeds significantly—like 45% to 60% slower on those drives. While that might be fine for personal laptops or desktops, you’d definitely notice it in a backup scenario. Why not just start fresh with new backups instead?
Nope, once you unlock it through the operating system, BitLocker works fine with all applications.
Cool, that’s what I thought. Thanks for confirming!
You could take a new active full backup, and Veeam would handle the encryption during this process. After that, the older backups can just age out of your retention policy.
Good idea, but we can’t do that. If we enable Veeam Encryption, it eliminates deduplication. Plus, letting old backups age out would take nearly 10 years for us, which doesn't meet compliance.
Great info! But we need all our backups, including the old ones, encrypted at rest for compliance. Plus, with deduplication on disk, encrypting Veeam backups would mean losing that capability.