Bitlocker Hardware Encryption (Microsoft eDrive) with SED

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Bitlocker Hardware Encryption (Microsoft eDrive) with SED

Veeam Logoby ilovecats » Wed Sep 09, 2015 7:32 pm

VEB documentation clearly states the Bitlocker is supported as long as the volumes are unlocked at the time of backup.

As some of you may know, Since Windows 8/Server 2012, Microsoft started supporting a type of hardware Bitlocker encryption (also called eDrive), using compatible OPAL 2.0 complaint self-encrypted SSD's (most notably select Crucial and Samsung SSD models). This type of Bitlocker can be turned on/off instantly, as the encryption is handed off to the SSD's own controller, and incurs zero performance overhead penalty associated with traditional Bitlocker encryption.

To utilize this feature, certain requirements must be met. For example, the OS must be installed from scratch under pure UEFI. Clone drives/volumes are *not* able to have this feature enabled.

So my question is, does VEB handle this type of Bitlocker encryption without complications? The volumes apparently have to be unlocked at the time of backup, nothing special about that. However, if the backup is successful, later when it is restored to a new drive/volume, the encryption should be *lost* because of the eDrive requirements. The key issue here is, will the restoration still succeed, simply with the volume in encrypted state? Or will the operation fail because of the failure to meet the eDrive requirements?

Any clarifications/advice would be greatly appreciated!
ilovecats
Novice
 
Posts: 3
Liked: never
Joined: Wed Sep 09, 2015 7:16 pm

Re: Bitlocker Hardware Encryption (Microsoft eDrive) with SE

Veeam Logoby ilovecats » Wed Sep 09, 2015 8:53 pm

Made a typo in the last question:

"The key issue here is, will the restoration still succeed, simply with the volume in unencrypted state? Or will the operation fail because of the failure to meet the eDrive requirements?"
ilovecats
Novice
 
Posts: 3
Liked: never
Joined: Wed Sep 09, 2015 7:16 pm

Re: Bitlocker Hardware Encryption (Microsoft eDrive) with SE

Veeam Logoby Dima P. » Fri Sep 11, 2015 4:57 pm

Hello ilovecats,
To tell the truth, we’ve never tested such device. However, from what google tells - you should be able to use it with VEB as a target and a source since encryption is handled on a hardware level. Though, I am not sure about the Bare Metal Recovery.

I wonder, if you could test it and share the results with the community, of course if you have such device with encryption enabled :wink:
Dima P.
Veeam Software
 
Posts: 6242
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov


Return to Veeam Agent for Windows



Who is online

Users browsing this forum: No registered users and 9 guests