- This topic has 5 replies, 2 voices, and was last updated 1 month ago by
.
- Posts
Hi,
I have a Windows 10 laptop with C drive encrypted using bitlocker.
I need to perform regular backups onto an USB drive. I need two things:
– granular file backups. I suspect using built-in windows backup tool since for online backups the data is accessible.
– Disaster recovery backup. This part is the cumbersome part since I am finding that tools like Acronis need to disable bitlocker before performing a DR backup. This is far from ideal because that means to regenerate bilocker recovery passwords.
Any experiences?
Miguel, you have to distinguish between DR tools that work on the file level and block-based backup tools. File level tools usually need to run within a Windows session of the installed OS which means they run under the privileges of an authenticated user. They have access to the files as any other application. Block-level tools usually come with their own OS and therefore need to disable BitLocker first. I previously worked with Acronis but I found it too complicated for daily backups.
In any case you have to make sure that you store the BitLicker recovery keys on an external device. You will need them in case of a DR. It also very important that you simulate the DR case. Most DRs fail because admins realize too late that their solution is not working. You can simulate DRs in a virtual environment.
Thanks for answering so quickly.
I know all that. I was assuming that I could backup sector by sector as DR backup. Clonezilla claims it can do it.
Of course I am working on testing DR and a procedure before going on production.
I was just giving the whole picture and try to generate a debate and get some inputs.
Regenerating bitlocker passwords for DR every month or quarter I find it a little bit time consuming and error prompt
Thanks
I think I am not making myself understand.
Of course I am not expecting file based backups to work offline with Bitlocker enabled. What I mean is that I want to be abre to backup a whole drive sector by sector and be able to restore the data on the same laptop in case of DR. I assume I would use same bitlocker password all the time.
In case of drive breaks I want to be able to buy a new drive and restore the whole drive sector by sector.
I tried live CD from Acronis and it didn’t work even unlocking (not disabling) bitlocker as mentioned on their docs.
I am going to try clonezilla and I wanted to know experiences from people here.
I hope now I make myself more clear of the assumptions I know and what I try to accomplish here.
As explained above, if you boot from an external OS (Acronis CD), the backup tool can’t access the drive as long as BitLocker is enabled. However, if I remember it right, you can install Acronis on your system drive and then you can also secure BitLocker-encrypted drives if you run Acronis from the Windows installation that also runs BitLocker. Acronis will create an image that you can use for a bare metal restore. At least it was like this a couple of years ago.
- You must be logged in to reply to this topic.
