none
WHS and truecrypt (or bitlocker) RRS feed

  • Question

  • Hello, I just bought a HP WHS to backup my machines. I use truecrypt to encrypt the full disk. The backup went fine but when I restore the machine it wasn't encrypted? I read WHS does it at the logical level (so samething with BitLocker I guess)

    Questions:
    1) Is there a solution to backup an encrypted drive with WHS? how?
    2) Is it possible to encrypt the WHS itself or at least its "Computers and Backups"? which might give enought security
    3) if 1 and 2 answers are no, please add a requirement in WHS to solve this very very important issue (I mean, most of the people have laptops now days and they just want their WHS to backup their secure data from their laptop)

    I can always create and mount a vault and save the unmounted vault to WHS but what a pain I will need to wait for hours that the backup is done before being able to work with it

    Please help if you solved this issue

    Thank you

    Wilhelm


    Monday, April 6, 2009 6:23 PM

Answers

  • Windows Home Server backup functions within a running OS, so if that OS has drivers loaded to decrypt a BitLocker or TrueCrypt container and present it as a disk drive, ou can back that drive up. And during the backup it's not "encrypted"; the clusters that are backed up are the actual decrypted data. If it didn't work this way, then Windows Home Server might (probably would) have to back the entire container/encrypted drive up every night. So no, there is no way to back up the data in an encrypted fashion.

    As for encrypting the server itself, no, there is no way to do that either.

    I think you're mistaken in your thought that people only want to back up a small amount of data. Perhaps that's all you want to do, but I think most people want to be able to restore all their data and programs to their "last known good" configuration after a hard drive failure (the most common failure in a computer). Windows Home Server isn't a great solution for someone who wants to back up a few critical files, but it does do a bare metal restore with less pain (for most people) than other products.

    If you feel strongly about this you can submit a product suggestion on Connect. I will warn you that Windows Home Server is intended to be an easy to use/configure product for the non-technical home environment, not an enterprise class storage/backup solution. As such, anything that adds complexity to the product will need a lot of justification.

    I'm not on the WHS team, I just post a lot. :)
    Monday, April 6, 2009 6:59 PM
    Moderator

All replies

  • Windows Home Server backup functions within a running OS, so if that OS has drivers loaded to decrypt a BitLocker or TrueCrypt container and present it as a disk drive, ou can back that drive up. And during the backup it's not "encrypted"; the clusters that are backed up are the actual decrypted data. If it didn't work this way, then Windows Home Server might (probably would) have to back the entire container/encrypted drive up every night. So no, there is no way to back up the data in an encrypted fashion.

    As for encrypting the server itself, no, there is no way to do that either.

    I think you're mistaken in your thought that people only want to back up a small amount of data. Perhaps that's all you want to do, but I think most people want to be able to restore all their data and programs to their "last known good" configuration after a hard drive failure (the most common failure in a computer). Windows Home Server isn't a great solution for someone who wants to back up a few critical files, but it does do a bare metal restore with less pain (for most people) than other products.

    If you feel strongly about this you can submit a product suggestion on Connect. I will warn you that Windows Home Server is intended to be an easy to use/configure product for the non-technical home environment, not an enterprise class storage/backup solution. As such, anything that adds complexity to the product will need a lot of justification.

    I'm not on the WHS team, I just post a lot. :)
    Monday, April 6, 2009 6:59 PM
    Moderator
  • Thanks Ken,

    I was wondering, as I can login to the WHS via RDP, I can install TrueCrypt and I can encrypt the full WHS drive, will WHS work?
    I guess the issue is then to be able to type the truecrypt password just after the bios loaded ;)), any idea? May be if I plug a usb keyboard?

    thank you

    Wilhelm
    Tuesday, April 7, 2009 6:18 PM
  • If it's before Windows Home Server boots, then I would expect WHS to continue to work, albeit with decreased performance. I wouldn't recommend it, though; if you have a need for that level of encryption, I think Windows Home Server is the wrong platform.
    I'm not on the WHS team, I just post a lot. :)
    Tuesday, April 7, 2009 6:35 PM
    Moderator
  • Have you (or anyone else) tried volume encryption with Windows Home Server yet?  I really want the features of Windows Home Server, but I really want  encryption of the data it holds and the external backups it generates.
    Sunday, June 21, 2009 8:30 AM
  • If you have a need for that level of encryption, I think Windows Home Server is the wrong platform.

    Ken, can you tell me what would be the correct platform for WHS features + encrypted storage?
    Sunday, June 21, 2009 8:32 AM
  • If you have a need for that level of encryption, I think Windows Home Server is the wrong platform.

    Ken, can you tell me what would be the correct platform for WHS features + encrypted storage?
    There is no platform that I'm aware of which offers both. As I've said above, I really wouldn't recommend volume/partition encryption. There are questions of performance, obviously. However, in addition to that, what happens if/when you need to perform a server reinstallation due to corrupted OS partition or failed system drive? How do you recover all your data partitions, since the encryption keys are (presumably) on the system drive somehow?

    If encryption is a deal-breaker, you want to give up the Windows Home Server features and move to Windows Server 2008.

    I'm not on the WHS team, I just post a lot. :)
    Sunday, June 21, 2009 12:51 PM
    Moderator
  • Hello,

    I really like my WHS 1. I think it is reliable, backup all the machines every day, this is great, I beleive everybody should have 1, except for 1 thing, security

    2 years, after do we have a solution to encrypt our WHS and WHS backup? (I can do some of it today but this is a pain and defy the purpose of WHS, like I can backup on an extrernal encrypted usb drive but the WHS data itself are still not ecrypted, only the backup, I need everything to be secure other wise there is no point)

    Does the new WHS offer this capability? If yes, then this is worst the upgrade to me.

     

    thanks

     

    Wilhelm


    w.
    • Edited by wil70 Tuesday, May 24, 2011 4:33 PM .
    Tuesday, May 24, 2011 4:31 PM