Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is Backup Exec System Recovery incompatible with PGP Whole Disk Encryption?

Posted on 2008-06-19
4
Medium Priority
?
1,270 Views
Last Modified: 2013-12-01
After encrypting my laptop's hard drive with PGP Whole Disk Encryption 9.8.2 Backup Exec System Recovery 7.0.3 fails to complete a full image of the hard drive. Has anyone else experienced this and is there a solution other than decrypt, backup, encrypt?

0
Comment
Question by:pnkljohnson2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 21943145
I suspect this is going to be at least partially incompatible. As I understand it, how BESR works is to look at the files visible under windows, and attempt to create a image file which, when restored (and the hal replaced as appropriate) will run on dissimilar hardware.

However, on full disk OTFE systems, the image on the hard drive is *not* the files windows "sees" (there is a indirection layer activated in a custom boot driver which decrypts the data before windows "sees" it. So any attempt to copy the bootstrap will find it is a custom one and that the windows startup file (boot.ini) is not visible on the disk.

I think really the only path forward here is to contact the vendors of both products and ask which products of the other type are compatible with their product ( i.e. ask symantec which full disk encryption products their backup solution is compatible with, and if the image is encrypted/secure afterwards; then ask pgp corp what backup solutions are compatable with their full disk crypto product)

There is a certain irony here as pgp was formerly *owned by* symantec.....
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 21945441
PGP support responded by suggesting that whole disk encryption and hot image programs might produce unpredictable results.  The take-away is that these programs should not be used together.  I'll probably move to a cold image product.  Thank you for your insight.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 21945708
Be aware that cold image products tend to have severe drawbacks - in many cases, you will find it hard or impossible to restore the image to different hardware than the source (as you can't mount the image to update the hardware abstraction layer and other device specific drivers), can't do item-specific restores (i.e you can restore the whole drive, but not one file) and so forth.

the other issue is that an encrypted volume is incompressible and has to be backed up as a single item - so if you have 300mb of files on a 200gb drive, you are looking at a 200gb backup that will *take* 200gb (not the "you can fit 200 on a 100gb tape after compression" that most backup devices offer, you will need two 100gb tapes)

usually a cleaner solution is to hold a baseline unencrypted copy of your hard drive (without any sensitive data on it of course) using a solution such as the one symantec offer, then do hot backups of recently changed files excluding the system directories. This is easier if you keep them together (like in your my documents or on your desktop) or alternatively, partition the drive so that data files go onto a second partition, which you can then back up and restore separately from your operating system partition.

you will want to ensure your file level backup includes some sort of crypto in that case though.
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 21956573
Again, thank you for your insight.  It's very helpful.

Peter
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question