Is Backup Exec System Recovery incompatible with PGP Whole Disk Encryption?

Posted on 2008-06-19
Last Modified: 2013-12-01
After encrypting my laptop's hard drive with PGP Whole Disk Encryption 9.8.2 Backup Exec System Recovery 7.0.3 fails to complete a full image of the hard drive. Has anyone else experienced this and is there a solution other than decrypt, backup, encrypt?

Question by:pnkljohnson2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 33

Accepted Solution

Dave Howe earned 125 total points
ID: 21943145
I suspect this is going to be at least partially incompatible. As I understand it, how BESR works is to look at the files visible under windows, and attempt to create a image file which, when restored (and the hal replaced as appropriate) will run on dissimilar hardware.

However, on full disk OTFE systems, the image on the hard drive is *not* the files windows "sees" (there is a indirection layer activated in a custom boot driver which decrypts the data before windows "sees" it. So any attempt to copy the bootstrap will find it is a custom one and that the windows startup file (boot.ini) is not visible on the disk.

I think really the only path forward here is to contact the vendors of both products and ask which products of the other type are compatible with their product ( i.e. ask symantec which full disk encryption products their backup solution is compatible with, and if the image is encrypted/secure afterwards; then ask pgp corp what backup solutions are compatable with their full disk crypto product)

There is a certain irony here as pgp was formerly *owned by* symantec.....

Author Comment

ID: 21945441
PGP support responded by suggesting that whole disk encryption and hot image programs might produce unpredictable results.  The take-away is that these programs should not be used together.  I'll probably move to a cold image product.  Thank you for your insight.
LVL 33

Expert Comment

by:Dave Howe
ID: 21945708
Be aware that cold image products tend to have severe drawbacks - in many cases, you will find it hard or impossible to restore the image to different hardware than the source (as you can't mount the image to update the hardware abstraction layer and other device specific drivers), can't do item-specific restores (i.e you can restore the whole drive, but not one file) and so forth.

the other issue is that an encrypted volume is incompressible and has to be backed up as a single item - so if you have 300mb of files on a 200gb drive, you are looking at a 200gb backup that will *take* 200gb (not the "you can fit 200 on a 100gb tape after compression" that most backup devices offer, you will need two 100gb tapes)

usually a cleaner solution is to hold a baseline unencrypted copy of your hard drive (without any sensitive data on it of course) using a solution such as the one symantec offer, then do hot backups of recently changed files excluding the system directories. This is easier if you keep them together (like in your my documents or on your desktop) or alternatively, partition the drive so that data files go onto a second partition, which you can then back up and restore separately from your operating system partition.

you will want to ensure your file level backup includes some sort of crypto in that case though.

Author Comment

ID: 21956573
Again, thank you for your insight.  It's very helpful.


Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 7 lost password...(reset vs change) 5 112
backup computers on Workgroup 10 92
Backup domain controller with Backup exec 2010 5 73
robocopy 33 157
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question