Solved

Is Backup Exec System Recovery incompatible with PGP Whole Disk Encryption?

Posted on 2008-06-19
4
1,260 Views
Last Modified: 2013-12-01
After encrypting my laptop's hard drive with PGP Whole Disk Encryption 9.8.2 Backup Exec System Recovery 7.0.3 fails to complete a full image of the hard drive. Has anyone else experienced this and is there a solution other than decrypt, backup, encrypt?

0
Comment
Question by:pnkljohnson2
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 125 total points
Comment Utility
I suspect this is going to be at least partially incompatible. As I understand it, how BESR works is to look at the files visible under windows, and attempt to create a image file which, when restored (and the hal replaced as appropriate) will run on dissimilar hardware.

However, on full disk OTFE systems, the image on the hard drive is *not* the files windows "sees" (there is a indirection layer activated in a custom boot driver which decrypts the data before windows "sees" it. So any attempt to copy the bootstrap will find it is a custom one and that the windows startup file (boot.ini) is not visible on the disk.

I think really the only path forward here is to contact the vendors of both products and ask which products of the other type are compatible with their product ( i.e. ask symantec which full disk encryption products their backup solution is compatible with, and if the image is encrypted/secure afterwards; then ask pgp corp what backup solutions are compatable with their full disk crypto product)

There is a certain irony here as pgp was formerly *owned by* symantec.....
0
 
LVL 1

Author Comment

by:pnkljohnson2
Comment Utility
PGP support responded by suggesting that whole disk encryption and hot image programs might produce unpredictable results.  The take-away is that these programs should not be used together.  I'll probably move to a cold image product.  Thank you for your insight.
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
Be aware that cold image products tend to have severe drawbacks - in many cases, you will find it hard or impossible to restore the image to different hardware than the source (as you can't mount the image to update the hardware abstraction layer and other device specific drivers), can't do item-specific restores (i.e you can restore the whole drive, but not one file) and so forth.

the other issue is that an encrypted volume is incompressible and has to be backed up as a single item - so if you have 300mb of files on a 200gb drive, you are looking at a 200gb backup that will *take* 200gb (not the "you can fit 200 on a 100gb tape after compression" that most backup devices offer, you will need two 100gb tapes)

usually a cleaner solution is to hold a baseline unencrypted copy of your hard drive (without any sensitive data on it of course) using a solution such as the one symantec offer, then do hot backups of recently changed files excluding the system directories. This is easier if you keep them together (like in your my documents or on your desktop) or alternatively, partition the drive so that data files go onto a second partition, which you can then back up and restore separately from your operating system partition.

you will want to ensure your file level backup includes some sort of crypto in that case though.
0
 
LVL 1

Author Comment

by:pnkljohnson2
Comment Utility
Again, thank you for your insight.  It's very helpful.

Peter
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

How to update Firmware and Bios in Dell Equalogic PS6000 Arrays and Hard Disks firmware update.
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now