Seeking Encrypted Laptop Redundancy solution

Okay, I'll admit right up front, I'm anal about backups and redundancy. Besides all the usual potential computer problems, I live in hurricane-prone coastal Florida and am therefore subject to evacuation on short notice. Besides the steps below, I also use an online backup service, as well as store local backups on alternating external drives by different manufacturers. Here goes:

In the past:
I run business on primary laptop (A) but keep second identical laptop (B) for redundancy (both drive as well as other hardware).  Backup nightly, and on weekly basis image (Acronis Trueimage) laptop A drive to USB then restore to laptop B so always have live data on redundant machine no older than 1 week. Process worked fine using two Dell laptops.  Due to increasing threat of privacy issues, purchased whole disk encryption software (SecureDoc by WinMagic). Process still worked but imaging time and size was dramatically increased because of encryption. (imaging software must do raw sector-by-sector image due to encryption, which makes image size equal to drive capacity; 60 gig drive=60 gig image)

Recently:
Replaced 2 Dells with 2 IBM ThinkPad Z60Ms with 100gb drives. Now utilize IBM's Rescue&Recovery backup to image drive. SecureDoc software is incompatible with R&R so purchased Utimaco SafeGuard Easy (SGE) whole disk encryption.  Drive encryption does not affect SGE image size (R&R has great compression algorithim). Run same backup/restore process as with Dells above.  

Problem:
Images written to USB drive can only be restored back to laptop A that created the image, or to a NON-encrypted laptop B; cannot keep both drives encrypted and have interchangeable image backups. I NEED to keep both laptops encrypted so both can be used in the workplace simultaneously (laptop A for normal business, laptop B for document imaging workstation and other functions while laptop A is otherwise unavailable, and would like to leave laptop B in office during week)  To accomplish this currently, I must image laptop A to USB (1 hour), decrypt laptop B (3.5 hours), restore to laptop B (1 hour), encrypt laptop B (3.5 hours). A tiresome process!  Another security risk is that the backup images stored on external USB drives are clear text, otherwise the non-encrypted laptop B could not access them for a restore.

Attempted Solutions:
Researched many whole disk encryption programs; none compatible with IBM R&R software. (could dump R&R but then imaging time increases dramatically)Researched peer to peer synchroziation software (between machines after authentication) none will synchronize entire drive.

Looking for other solutions that would allow for whole disk encryption on redundant laptops with reasonable imaging/backup processing time and hardware requirements. Would consider other hardware/software configurations.  Thanks in advance.
japple55Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jfexchangeCommented:
Why don't you just use EFS?  
0
japple55Author Commented:
Thanks but I need the higher level of protection that whole disk encryption offers - better authentication features, encryption of page/swap files, temp files, hidden partitions, etc. - not to mention it is too easy for files to inadvertantly end up in an unprotected folder.
0
carl_legereCommented:
if I were in your shoes i'd not keep anything local on the laptops.
I do appreciate your need for redundance AND backup AND security at the same time, it is a difficult juggling act.

get a rented server in a data center somewhere, access it via TS/RDP, run all your needs off of it if possible.  If not, run applications you cant run there well from your laptops, but keep files elsewhere via VPN.
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

japple55Author Commented:
Carl,

"access it via TS/RDP"
I don't know what that is - could you elaborate?
 
Hadn't really considered this but I'm open-minded. How would that work - just like installing programs on a local server but it is off-site?  What issues should I be aware of with this strategy?
0
Dmitri FarafontovLinux Systems AdminCommented:
TS/RDP=Terminal Services, Remote Desktop Protocol. Basically you can connect to your dedicated server through a tunnel (which can be encrypted), you get a full screen as if you were sitting at that machine. Worth a shot
0
carl_legereCommented:
right...what he said!  I'm sorry!

It will meet you needs unless you are a graphic designer.  Pretty much everything else that can be installed on your PC you install on a rented server, and accessed  exclusivly via  Cost ~$100-$200/month based on features.  Basicly it is the same as a dedicated web server or gaming server rental.

google hosted gaming server or rack server, then make sure you are getting a whole server.

I say instead of backing up online, do the reverse.  (your laptop holds one or more backups of your hosted server.)
0
Rich RumbleSecurity SamuraiCommented:
True, by default TS/RD is encrypted with 128-bit RC4-Stream Cipher, and using a colo facility that runs regular back ups and does all the "dirty work" for you, could be a nice solution...
EFS also falls short of your goals as you mentioned. The inmaging problem probably stems from compression and encryption typically being mutually exclusive. Well most encryption anyway doesn't compress well because there aren't many repeating patterns to compress, same thing if you try to compress an already compressed file.
There are now HD's that are encrypted, meaning the little circuit board on the bottom of the HD does all the encryption/decryption of the data.
http://www.seagate.com/products/notebook/momentus.html 
There are other manufacurers of these types of drives now, however offloading the encryption to the I/O board on the HD means that the data that is going in/out is plain-text, but anything written is encrypted, always. You can also get USB HD's and flash cards that store data encrypted at all times.
I think it's preferrable to have the data "off-line" where it is accessable anytime, rain or shine, lag or loss of connection. TrueCrypt and Steganos Security Suite are still my favorite Free and "Cheap" (as in beer) tools to use for securing my data. Norton Ghost is also my choice for Imaging. If your backing up the data you need, like Doc's, Email etc... then you don't need an identical LT, just a compatible one where you can restore those files to... I think imaging is a bit much for this situation and more overhead than you need. If you can simply restore files, or overwrite old files on another LT or even a PC, what's the difference if the data is equally accessable?
-rich
0
japple55Author Commented:
Rich,
Thanks for the tip on encrypted hard drives - I was not aware they were out there and will check into them. And I have to agree - I'm a little uncomfortable with the notion of all my data being somewhere else and absolutely dependent on an internet connection.  Although in the financial services business, like many today, everything is done via the internet so without a connection, I wouldn't have any data to work with anyway. On the other hand, I would feel a lot more comfortable with an offsite server when a Cat 5 hurricane is approaching and it is one step closer to having my business "virtual."  Also, the thought of just needing a dumb terminal or ultra-portable laptop to access my full system is really attractive. I suppose I could just put a terminal server (encrypted) in my office but I still have the potential of it being stolen, destroyed, or even losing power while I'm away on vacation rendering in inaccessible. (I am a sole prop so have no office staff to reboot while I'm away)

I would disagree on the point of backups instead of imaging. I have so many applications (some requiring VAR assistance in installation) installed that getting a bare metal machine up and running, even via a restore process would take way too much time.  I even dread upgrading laptops because of all the work involved in getting the new system ready to go live.  In the days of DOS (pre-windows registry) that would have been fine, but not now. Imaging (without encryption at least) is quick and simple and when I discovered it I thought I was in heaven. Of course with my paranoia, I still do regular backups as well, but imaging has saved my bacon a few times already.

Thanks guys for some great suggestions that I need to consider in depth and research. I'll leave this up a while longer before closing out, in case there are any more suggestions.
Jim
0
Rich RumbleSecurity SamuraiCommented:
Understood. It's not a bad idea to have multiple points of access to your backed up data, a local USB archive you could use to reimage your LT's, and an offsite and online archive you could DL and reimage with... My main point with the imaging vs backup was that there is typically a single folder, or a few essential files that really only need to be backed up for one to restore to and get up and running. There are drawbacks to simply backing up certain data as opposed to a complete image, mainly there could be settings that might be missing with selective file backups, as opposed to having the entire registry backed up with your settings, and natuarally ease of use, a complete image makes it an easy transition.
An encrypted HD sounds like a good solution for your situation, as the page file, temp files are encrypted no matter what. The OS infact really doesn't even know the data is encrypted as the HD takes care of seemlessly decrypting/encrypting the data. This is the USB stick I use, it's great, also seemless encryption/decryption
http://www.pcstats.com/artvnl.cfm?articleID=1913 Also truecrypt, steganos and 7zip are my favorite utils
http://www.7-zip.org/ http://www.steganos.com/?layout=default&content=products_sss&language=en&command=features http://www.truecrypt.org/
Good Luck!
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
japple55Author Commented:
I filled in the point values I wanted for each but it looks like it gave all 500 points to RichRumble as the accepted answer. How do I split the points if it still will only accept one answer. I wanted 200 to RichRumble, 200 to Carl_Legere and 100 to DeltaFire. Can you correct it?
Thanks,
Jim
0
LucFEMEA Server EngineerCommented:
Jim,

As far as I can see it you did split the points correctly. Though only RichRumble, Carl_Legere and DeltaFire can verify if the correct amount of points where awarded. When splitting points you can only select one comment as being the "Accepted answer" all others are "Assisted answers", this doesn't mean no points where allocated to them.

Best regards,

LucF
0
japple55Author Commented:
Okay, my mistake. Thanks for the followup.
Jim
0
carl_legereCommented:
allocated correctly here.  remember that for an A grade it is multiplied by three.
0
carl_legereCommented:
er B grade = 3
0
japple55Author Commented:
Sorry Carl, I don't follow you. I'm new at this but didn't see anything in help about multipliers of points. I thought the B grade was reasonable but no offense intended if I goofed.
Jim
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.