Drive Encryption and Acronis Corporate products

Discussion in 'Acronis True Image Product Line' started by jeremyotten, Jan 9, 2007.

Thread Status:
Not open for further replies.
  1. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    More and more drive encryption is being used. Problem is that acronis won't see the encryption and is forced into sector image copy.

    When you have a 300GB encrypted drive with 10GB data the image file wil still be about 300GB.

    The only way to let this work is let TrueImage regonize the encryption.

    Are you planning on adding an Acronis Encryption module in the future or the regonize other drive encryptions?

    Thanx in Advance

    P.s this feature is greatly wanted….
     
  2. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    Re: Drive Encryption and Acronis Coporate products

    You should probably post this to the wish-list thread.
     
  3. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    Re: Drive Encryption and Acronis Coporate products

    was also already done.... ;-)
     
  4. foghorne

    foghorne Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    1,389
    Location:
    Leeds, Great Britain
    Re: Drive Encryption and Acronis Coporate products

    I see your problem, but if you want encryption on your harddisk as well as in your backups you are making life difficult if you are asking to decrypt in order to encrypt again to a backup. Sometimes good layering makes life easy, and actually disk space is cheap. I know which solution I would go for - we already have it.

    F.
     
  5. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    Re: Drive Encryption and Acronis Coporate products

    ok.. now you are supposed to tell me the solution...
     
  6. foghorne

    foghorne Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    1,389
    Location:
    Leeds, Great Britain
    Re: Drive Encryption and Acronis Coporate products

    Sorry for not being clearer. Use a big disk drive. You can pick up (say) a 750GB drive for just over 200 quid. Save yourself a lot of hassle.

    F.
     
  7. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    Re: Drive Encryption and Acronis Coporate products

    That is not what I meant with encyption dude.

    some companies want to encrypt there data on the live SYSTEM for when the stuff gets stolen.. now when you do that then your image of for example a 300GB drive with only 10GB used will also be 300GB because trueimage does not regocnize my partition and files (because there are encrypted)

    do we have an understanding here?
     
  8. seekforever

    seekforever Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    4,751
    Re: Drive Encryption and Acronis Coporate products

    Just a bit of speculating here but I wonder how practical it is to expect TI or any other imaging program to be able to make sense out of somebody's encrypted disk - especially since the encryption company has gone to great pains to make sure nobody can figure the thing out. Does anybody offer used-sector-only imaging of encrypted disks?

    Even though imaging bypasses the file system, it is obvious that it has to be able to understand some aspects of it to create its in-use sector map.

    A possible, but not totally secure solution for imaging, would be to set up a smaller partition for the sensitive data and then just image the whole thing.

    I find this an interesting subject and am interested in learning more about it. I certainly agree that there is a real need to protect computers, especially portable computers, against data theft.
     
  9. Menorcaman

    Menorcaman Retired Moderator

    Joined:
    Aug 19, 2004
    Posts:
    4,661
    Location:
    Menorca (Balearic Islands) Spain
    Hmm, interesting. TI works at the in-use sector level unless it is unable to recognise the file system (unsupported file system or damaged supported file system) when it then reverts to RAW sector-by-sector copying.

    So I guess the question is - does drive encryption mess around with the actual file system or does it merely encrypt the data residing on the in-use sectors that a particular file system uses?

    Regards
     
  10. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    It makes the partition type different and therefor acronis won't regocnize it.

    the best way to make this work is for acronis to make its own drive encryption option which trueimage then can regocnize and image....
     
  11. Kallex

    Kallex Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    14
    Supporting all 3rd party standard (and god help us, proprietary as well) encryption formats would be practically impossible for Acronis to do.

    Only working solution is to get Acronis to run on top of the encryption solution. One likely working way would be to run the Acronis on top of OS (that all live backups are ran anyway).

    "Likely" is there, because I haven't tested it; there is a risk that it doesn't get along with the encryption software drivers, but that depends also the encryption provider.


    If everything works, then the security effectively boils down to that the created image has to be encrypted as well. Currently Acronis does not support on-the-fly (or any other for that matter, but on-the-fly is the only really safe way) encryption.

    So you need some encrypted disk to store the unencrypted image (such as another partition or virtual encrypted partition solution) within which you can then file-level encrypt the image for secure safekeeping.


    I have added to the Wish list the on-the-fly encryption wish, as currently our server backups for 3 servers all have to be file-level encrypted after Acronis backups and we cannot use any automatic FTP or other deployments on the ATI because of this.

    Hope this helped,

    Kalle
     
  12. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,283
    "When you have a 300GB encrypted drive with 10GB data the image file wil still be about 300GB."

    Of course. There is a price to pay for encryption and security, nothing is free. And if you have 10 GB of data, why use a 300 GB encrypted drive? Use a smaller encrypted drive.
     
  13. foghorne

    foghorne Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    1,389
    Location:
    Leeds, Great Britain
    Re: Drive Encryption and Acronis Coporate products

    Hi Jude

    I didn't realise that encryption changed the partition such that a raw read would fail. Can you explain why that happens?

    F.
     
    Last edited: Jan 11, 2007
  14. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    This happens with all drive encryption programs. This is by design.. I am now testing 1 program that claims drive encryption and image compatiblity called

    winmagic secure doc

    which is also used by the US government and US Homeland Security

    ......
     
  15. foghorne

    foghorne Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    1,389
    Location:
    Leeds, Great Britain
    OK. Thanks for the heads up. I was unaware that raw copying would not work.

    F.
     
  16. Menorcaman

    Menorcaman Retired Moderator

    Joined:
    Aug 19, 2004
    Posts:
    4,661
    Location:
    Menorca (Balearic Islands) Spain
    Thanks for the clarification Jeremy. Now appreciate that there is a difference between "Drive" encryption and "File" encryption and therefore one needs to be careful of the terminology being used.

    Regards
     
  17. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    My Thread also stated Drive encryption and no file encryption....
     
  18. writedom

    writedom Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    57
    I just want to make a couple points regarding backing up an encrypted disk. Something I do every day.

    1. When a hard disk is encrypted ALL data becomes unintelligible information (basically random data). The encryption program (PGP WDE, Drive Crypt Plus Pack, etc.) never decrypts the data on the hard disk. The program reads the encrypted data from the disk and decrypts a copy of the data in RAM. Hence - "On The Fly Encryption"

    2. I have not tried to perform a backup with Acronis TI using the CD, but it works in Ghost. However, I highly advise against performing a backup this way for two reasons. First, the backup file will be equal to the size of the drive being backed up (random data cannot be compressed), and secondly copying files of this size is very problematic.

    3. Solution - Perform backup of your drive while running in windows. If you need to keep your data safe then copy to another encrypted hard disk, encrypted usb drive, etc. Or, you could use Ghost 10 which supports encryption of image files.

    Does anyone know if there is an Acronis Image product that encrypts its images using tried and true algorithms?
     
  19. foghorne

    foghorne Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    1,389
    Location:
    Leeds, Great Britain
    This seems true as data which tends to lack repeating patterns will offer little or no compression. For non disk based encryption systems (e.g. file or stream) the conventional way of doing this would be to compress first then encrypt.

    Which makes me wonder ATI's failure to backup encrypted disk systems (compression aside) is just a partition type issue. My understanding is that if it does not recognise the filesystem (partition type) it reverts to raw sector copy mode. I don't yet get why it can't do this. All it needs to be able to do is a) Interpret the address range of the partition from the partition table in the MBR, and then b) Address and read the sectors in that partition. Data is just data. I can't see that the MBR will have been encrypted so what exactly is stopping ATI doing such a backup ?

    F.
     
    Last edited: Jan 12, 2007
  20. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    Acronis does RAW sector by sector copy when it doesn't regocnize the partition type!

    automatically!
     
  21. foghorne

    foghorne Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    1,389
    Location:
    Leeds, Great Britain
    Yes that was my understanding too. So if TI doesn't care what the partition type is, how can using a non-standard partition type be an obstacle to it doing a backup ?

    Sorry for being thick, I am missing something here.

    F.
     
  22. Menorcaman

    Menorcaman Retired Moderator

    Joined:
    Aug 19, 2004
    Posts:
    4,661
    Location:
    Menorca (Balearic Islands) Spain
    Understood Jeremy. My statement wasn't aimed at you - it was a general comment that we users needed to be aware that there was a difference between the two.

    Regards
     
  23. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    see my prior threads on encryption.

    I am using SecureDoc (WinMagic.com), and TI 9.

    SecureDoc WAS able to have you back up an actual encrypted partition, and restore it to the hard drive, along with MBR 0; we found that the first bootup of this worked, but tehn something happens to the MBR table.

    SO, I've been testing this with them, and teh best workaround for backup is

    1. boot up in windows.
    2. do backups from WITHIN windows
    you have now created an UNENCRYPTED backup of the partition (c:, for example)
    3. for security, LOCK THIS BACKUP up in a safe !!

    to restore -
    get your new/spare/etc hard drive, create an MBR on it, and reload teh c: partition to it.
    you now have an unencrypted restore.
    re-encrypt this.

    That may sound like a round-robin with extra steps, BUT it has BEEN RELIABLE for me, over past two months, in testing this.

    my main goal is to have a path to restore, in case of disaster. I now have that.

    I encrypt my tablet PC (medical and financial data); the data is essentially bulletproof. If it gets stolen, all I've lost is teh hardware.

    Hope this helps

    Nick
     
  24. jeremyotten

    jeremyotten Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    684
    Ok Winmagic just got a little bit better now.

    It has a bartpe plugin ;-)

    with this you can restore the previously made unecrypted backup while the Bartpe plugin encrypts it on the fly. Superfast and tranparrent!

    ;-)

    Partitioning with disk director can even be done!

    Winmagic is the absolute winner in encryption icw imaging! Not even Utimaco can come close yet ;-)!
     
  25. comp974

    comp974 Registered Member

    Joined:
    May 18, 2007
    Posts:
    1
    where can I get that BartPE plugin?
     
Thread Status:
Not open for further replies.