japple55
asked on
Seeking Encrypted Laptop Redundancy solution
Okay, I'll admit right up front, I'm anal about backups and redundancy. Besides all the usual potential computer problems, I live in hurricane-prone coastal Florida and am therefore subject to evacuation on short notice. Besides the steps below, I also use an online backup service, as well as store local backups on alternating external drives by different manufacturers. Here goes:
In the past:
I run business on primary laptop (A) but keep second identical laptop (B) for redundancy (both drive as well as other hardware). Backup nightly, and on weekly basis image (Acronis Trueimage) laptop A drive to USB then restore to laptop B so always have live data on redundant machine no older than 1 week. Process worked fine using two Dell laptops. Due to increasing threat of privacy issues, purchased whole disk encryption software (SecureDoc by WinMagic). Process still worked but imaging time and size was dramatically increased because of encryption. (imaging software must do raw sector-by-sector image due to encryption, which makes image size equal to drive capacity; 60 gig drive=60 gig image)
Recently:
Replaced 2 Dells with 2 IBM ThinkPad Z60Ms with 100gb drives. Now utilize IBM's Rescue&Recovery backup to image drive. SecureDoc software is incompatible with R&R so purchased Utimaco SafeGuard Easy (SGE) whole disk encryption. Drive encryption does not affect SGE image size (R&R has great compression algorithim). Run same backup/restore process as with Dells above.
Problem:
Images written to USB drive can only be restored back to laptop A that created the image, or to a NON-encrypted laptop B; cannot keep both drives encrypted and have interchangeable image backups. I NEED to keep both laptops encrypted so both can be used in the workplace simultaneously (laptop A for normal business, laptop B for document imaging workstation and other functions while laptop A is otherwise unavailable, and would like to leave laptop B in office during week) To accomplish this currently, I must image laptop A to USB (1 hour), decrypt laptop B (3.5 hours), restore to laptop B (1 hour), encrypt laptop B (3.5 hours). A tiresome process! Another security risk is that the backup images stored on external USB drives are clear text, otherwise the non-encrypted laptop B could not access them for a restore.
Attempted Solutions:
Researched many whole disk encryption programs; none compatible with IBM R&R software. (could dump R&R but then imaging time increases dramatically)Researched peer to peer synchroziation software (between machines after authentication) none will synchronize entire drive.
Looking for other solutions that would allow for whole disk encryption on redundant laptops with reasonable imaging/backup processing time and hardware requirements. Would consider other hardware/software configurations. Thanks in advance.
In the past:
I run business on primary laptop (A) but keep second identical laptop (B) for redundancy (both drive as well as other hardware). Backup nightly, and on weekly basis image (Acronis Trueimage) laptop A drive to USB then restore to laptop B so always have live data on redundant machine no older than 1 week. Process worked fine using two Dell laptops. Due to increasing threat of privacy issues, purchased whole disk encryption software (SecureDoc by WinMagic). Process still worked but imaging time and size was dramatically increased because of encryption. (imaging software must do raw sector-by-sector image due to encryption, which makes image size equal to drive capacity; 60 gig drive=60 gig image)
Recently:
Replaced 2 Dells with 2 IBM ThinkPad Z60Ms with 100gb drives. Now utilize IBM's Rescue&Recovery backup to image drive. SecureDoc software is incompatible with R&R so purchased Utimaco SafeGuard Easy (SGE) whole disk encryption. Drive encryption does not affect SGE image size (R&R has great compression algorithim). Run same backup/restore process as with Dells above.
Problem:
Images written to USB drive can only be restored back to laptop A that created the image, or to a NON-encrypted laptop B; cannot keep both drives encrypted and have interchangeable image backups. I NEED to keep both laptops encrypted so both can be used in the workplace simultaneously (laptop A for normal business, laptop B for document imaging workstation and other functions while laptop A is otherwise unavailable, and would like to leave laptop B in office during week) To accomplish this currently, I must image laptop A to USB (1 hour), decrypt laptop B (3.5 hours), restore to laptop B (1 hour), encrypt laptop B (3.5 hours). A tiresome process! Another security risk is that the backup images stored on external USB drives are clear text, otherwise the non-encrypted laptop B could not access them for a restore.
Attempted Solutions:
Researched many whole disk encryption programs; none compatible with IBM R&R software. (could dump R&R but then imaging time increases dramatically)Researched peer to peer synchroziation software (between machines after authentication) none will synchronize entire drive.
Looking for other solutions that would allow for whole disk encryption on redundant laptops with reasonable imaging/backup processing time and hardware requirements. Would consider other hardware/software configurations. Thanks in advance.
Why don't you just use EFS?
ASKER
Thanks but I need the higher level of protection that whole disk encryption offers - better authentication features, encryption of page/swap files, temp files, hidden partitions, etc. - not to mention it is too easy for files to inadvertantly end up in an unprotected folder.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Carl,
"access it via TS/RDP"
I don't know what that is - could you elaborate?
Hadn't really considered this but I'm open-minded. How would that work - just like installing programs on a local server but it is off-site? What issues should I be aware of with this strategy?
"access it via TS/RDP"
I don't know what that is - could you elaborate?
Hadn't really considered this but I'm open-minded. How would that work - just like installing programs on a local server but it is off-site? What issues should I be aware of with this strategy?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rich,
Thanks for the tip on encrypted hard drives - I was not aware they were out there and will check into them. And I have to agree - I'm a little uncomfortable with the notion of all my data being somewhere else and absolutely dependent on an internet connection. Although in the financial services business, like many today, everything is done via the internet so without a connection, I wouldn't have any data to work with anyway. On the other hand, I would feel a lot more comfortable with an offsite server when a Cat 5 hurricane is approaching and it is one step closer to having my business "virtual." Also, the thought of just needing a dumb terminal or ultra-portable laptop to access my full system is really attractive. I suppose I could just put a terminal server (encrypted) in my office but I still have the potential of it being stolen, destroyed, or even losing power while I'm away on vacation rendering in inaccessible. (I am a sole prop so have no office staff to reboot while I'm away)
I would disagree on the point of backups instead of imaging. I have so many applications (some requiring VAR assistance in installation) installed that getting a bare metal machine up and running, even via a restore process would take way too much time. I even dread upgrading laptops because of all the work involved in getting the new system ready to go live. In the days of DOS (pre-windows registry) that would have been fine, but not now. Imaging (without encryption at least) is quick and simple and when I discovered it I thought I was in heaven. Of course with my paranoia, I still do regular backups as well, but imaging has saved my bacon a few times already.
Thanks guys for some great suggestions that I need to consider in depth and research. I'll leave this up a while longer before closing out, in case there are any more suggestions.
Jim
Thanks for the tip on encrypted hard drives - I was not aware they were out there and will check into them. And I have to agree - I'm a little uncomfortable with the notion of all my data being somewhere else and absolutely dependent on an internet connection. Although in the financial services business, like many today, everything is done via the internet so without a connection, I wouldn't have any data to work with anyway. On the other hand, I would feel a lot more comfortable with an offsite server when a Cat 5 hurricane is approaching and it is one step closer to having my business "virtual." Also, the thought of just needing a dumb terminal or ultra-portable laptop to access my full system is really attractive. I suppose I could just put a terminal server (encrypted) in my office but I still have the potential of it being stolen, destroyed, or even losing power while I'm away on vacation rendering in inaccessible. (I am a sole prop so have no office staff to reboot while I'm away)
I would disagree on the point of backups instead of imaging. I have so many applications (some requiring VAR assistance in installation) installed that getting a bare metal machine up and running, even via a restore process would take way too much time. I even dread upgrading laptops because of all the work involved in getting the new system ready to go live. In the days of DOS (pre-windows registry) that would have been fine, but not now. Imaging (without encryption at least) is quick and simple and when I discovered it I thought I was in heaven. Of course with my paranoia, I still do regular backups as well, but imaging has saved my bacon a few times already.
Thanks guys for some great suggestions that I need to consider in depth and research. I'll leave this up a while longer before closing out, in case there are any more suggestions.
Jim
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I filled in the point values I wanted for each but it looks like it gave all 500 points to RichRumble as the accepted answer. How do I split the points if it still will only accept one answer. I wanted 200 to RichRumble, 200 to Carl_Legere and 100 to DeltaFire. Can you correct it?
Thanks,
Jim
Thanks,
Jim
Jim,
As far as I can see it you did split the points correctly. Though only RichRumble, Carl_Legere and DeltaFire can verify if the correct amount of points where awarded. When splitting points you can only select one comment as being the "Accepted answer" all others are "Assisted answers", this doesn't mean no points where allocated to them.
Best regards,
LucF
As far as I can see it you did split the points correctly. Though only RichRumble, Carl_Legere and DeltaFire can verify if the correct amount of points where awarded. When splitting points you can only select one comment as being the "Accepted answer" all others are "Assisted answers", this doesn't mean no points where allocated to them.
Best regards,
LucF
ASKER
Okay, my mistake. Thanks for the followup.
Jim
Jim
allocated correctly here. remember that for an A grade it is multiplied by three.
er B grade = 3
ASKER
Sorry Carl, I don't follow you. I'm new at this but didn't see anything in help about multipliers of points. I thought the B grade was reasonable but no offense intended if I goofed.
Jim
Jim