Hi.
We're currently running a PVE cluster of a few nodes and a PBS in the same datacenter.
The PBS is used for the backup of the VMs and these backups are encrypted (using integrated encryption feature).
We're going to add another PBS in another datacenter (far from the first one) so we have the backups availaible in case of physical issue in the the datacenter.
We intend to use the integrated replication feature between the two PBS.
I don't see any reason this (replication) would not work because of encrypted backups on the first PBS.
But I have concerns about disaster recovery (restoring the VM from the second PBS): they will be encrypted with the key used for the first PBS (locally stored on PVE nodes).
So this means I have to save (and keep safe outside of first datacenter) the encryption key on PVE side (/etc/pve/priv/storage/*).
And rename them to the second PBS name before deploying them manually on new PVE nodes if I want to disaster recover.
Is there anything else to prepare (save) in this use case?
We're currently running a PVE cluster of a few nodes and a PBS in the same datacenter.
The PBS is used for the backup of the VMs and these backups are encrypted (using integrated encryption feature).
We're going to add another PBS in another datacenter (far from the first one) so we have the backups availaible in case of physical issue in the the datacenter.
We intend to use the integrated replication feature between the two PBS.
I don't see any reason this (replication) would not work because of encrypted backups on the first PBS.
But I have concerns about disaster recovery (restoring the VM from the second PBS): they will be encrypted with the key used for the first PBS (locally stored on PVE nodes).
So this means I have to save (and keep safe outside of first datacenter) the encryption key on PVE side (/etc/pve/priv/storage/*).
And rename them to the second PBS name before deploying them manually on new PVE nodes if I want to disaster recover.
Is there anything else to prepare (save) in this use case?
