Questions about Encryption and backup client

[Thomas Plant]

Hello,

we are evaluating to install a Proxmox Server and while reading the documentation, some question have arisen:

1. is the datastore encrypted or do I have to use client-side encryption? We do not need client-side-encryption, but would be nice if the datastore itself is encrypted, especially the datastore on the replication server which we will place in our office, it is not publicly accessible, but you could never know if a burglar breaks in....

2. at which point is the backup client regarding other OS (mainly CentOS and Windows).

Regards,
Thomas

 

[fabian]

Hello,

we are evaluating to install a Proxmox Server and while reading the documentation, some question have arisen:

1. is the datastore encrypted or do I have to use client-side encryption? We do not need client-side-encryption, but would be nice if the datastore itself is encrypted, especially the datastore on the replication server which we will place in our office, it is not publicly accessible, but you could never know if a burglar breaks in....

you can encrypt the disk underneath the datastore for encryption at rest - it is not supported by the installer or GUI though, you have to do it yourself using standard tools (e.g., setup ZFS native encryption, or LUKS/dm-crypt with cryptsetup). the built-in encryption feature has the advantage that the PBS server itself cannot access the plain data, so even if it is compromised, all the attacker gets is the encrypted chunks and some metadata. the downside is that you have to keep your keys somewhere to ensure you can access your backups for recovery (e.g., using the paper key feature and a printout in your bank vault/safe/..).

2. at which point is the backup client regarding other OS (mainly CentOS and Windows).

some users have already started using custom builds on CentOS, those seem to work fairly well. Windows is on the roadmap, but the difference between Windows and Debian is quite a bit bigger than CentOS/RHEL and Debian

 

[AngryAnt]

@fabian Sorry to butt in, but if you wouldn't mind confirming/correcting a few understood details:

• Encryption performed by PBS happens client-side or not at all.
  • Meaning if you want to avoid client-side encryption, your option is encrypting the host storage of the datastore.
• Encryption in pbs-client, as currently officially available for Debian, is optional.
• Encryption in proxmox-pbs integration is enabled by default and not configurable?

 

[fabian]

@fabian Sorry to butt in, but if you wouldn't mind confirming/correcting a few understood details:

• Encryption performed by PBS happens client-side or not at all.
  • Meaning if you want to avoid client-side encryption, your option is encrypting the host storage of the datastore.

correct.

• Encryption in pbs-client, as currently officially available for Debian, is optional.

correct

• Encryption in proxmox-pbs integration is enabled by default and not configurable?

no, for PVE->PBS backups encryption is also optional (when setting up the PBS storage, you can choose to setup encryption as well).

the connection between clients and server is always encrypted, since the server only talks TLS and never plain HTTP.

 

[AngryAnt]

Excellent. Thank you very much for the overview.
I realized that I mistakenly had failed to enable encryption on some VM backups. Reading up on pve-docs/chapter-pvesm.html#storage_pbs_encryption I see that encrypted and unencrypted backups can live on the same datastore - with the caveat of deduplication between such backups not being available. Does that caveat apply to backup retention/pruning as well? As in:
If I re-add backups of the previously unencrypted VMs to a new encrypted storage using the same datastore, will pbs pruning routines identify unencrypted previous backups and new encrypted backups of the same VM as being the same from a retention perspective? Or will they be treated as separate - following the same logic of the deduplication caveat?

 

[fabian]

Excellent. Thank you very much for the overview.
I realized that I mistakenly had failed to enable encryption on some VM backups. Reading up on pve-docs/chapter-pvesm.html#storage_pbs_encryption I see that encrypted and unencrypted backups can live on the same datastore - with the caveat of deduplication between such backups not being available. Does that caveat apply to backup retention/pruning as well? As in:
If I re-add backups of the previously unencrypted VMs to a new encrypted storage using the same datastore, will pbs pruning routines identify unencrypted previous backups and new encrypted backups of the same VM as being the same from a retention perspective? Or will they be treated as separate - following the same logic of the deduplication caveat?

pruning/retention happens on the backup group (e.g., "vm/123") level. if you mix encrypted and unencrypted backups in a group (e.g., by activating encryption after already having made some backups, or disabling it again after a while), they will still be pruned together irrespective of their encryption mode.

the reason why deduplication does not work across encryption boundaries (e.g., between encrypted/unencrypted, but also between encrypted with key A and encrypted with key B) is that for a single chunk ZZZZ, not only the final chunk will be different (obviously, a plain chunk and an encrypted one can't have the same content else the latter would be unencrypted as well ), but already the digest will be different (for encrypted chunks, the digest is derived from the plain text content AND key, not just the plain text content) so that we can never mix them up accidentally either.

 

[AngryAnt]

Very lovely. Thank you for taking the time for this overview.