Availability for the Always-On Enterprise
Post Reply
pierluigid
Novice
Posts: 4
Liked: never
Joined: Jan 04, 2016 2:29 pm
Contact:

VBR 9.5 and Bitlocker encryption

Post by pierluigid » Sep 07, 2017 2:53 pm

Hi
I have a Windows Server 2008 R2 (VM) where I've just created a new volume (D:) and I have encrypted this volume with Bitlocker.
I've seen that a VBR backup job (full active) run without problem BUT if I try to do a Restore Guest files I can't find the D: drive.
VBR 9.5 backup seems to ignore this D: encrypted drive.
I've found an article : Veeam Endpoint Backup: BitLocker support (https://www.veeam.com/blog/veeam-endpoi ... pport.html )
Perfect, this is what I was looking for ... but I need it into VBR and not Veeam Agent .
No others info found on internet ... Can someone tell me something about this ?

Many thnaks in advance.
Pierluigi

foggy
Veeam Software
Posts: 16834
Liked: 1361 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by foggy » Sep 07, 2017 3:21 pm

Hi Pierluigi, it doesn't ignore the encrypted disk, it just cannot make sense of it due to not having the Bitlocker keys, hence, FLR is not available. However, Instant VM Recovery should work flawlessly in this case.

pierluigid
Novice
Posts: 4
Liked: never
Joined: Jan 04, 2016 2:29 pm
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by pierluigid » Sep 11, 2017 8:47 am

Hi Foggy
You are right. Instant VM recovery and also restore virtual disks works fine.
But would be nice to have all the possibilities that Veeam Agent has, as reported in the above link.
Do you know if these possibilities will be integrated in VBR asap ?
Many thanks.
Pierluigi

foggy
Veeam Software
Posts: 16834
Liked: 1361 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by foggy » Nov 17, 2017 2:42 pm

Not ASAP or in the short term. Veeam B&R is an image-based solution, while Veeam Agent runs directly on the server and thus has access to the keys.

Gostev
Veeam Software
Posts: 22995
Liked: 2890 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by Gostev » Nov 17, 2017 4:35 pm

In theory, we might be able to get the keys during application-aware guest processing... but I wonder if this is actually possible, as it would sounds like a terrible security hole for the Bitlocker, no?

jrwilmoth040707
Service Provider
Posts: 48
Liked: 2 times
Joined: Apr 07, 2015 1:53 pm
Full Name: James Wilmoth
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by jrwilmoth040707 » Oct 17, 2018 1:47 am

foggy wrote:
Nov 17, 2017 2:42 pm
Veeam B&R is an image-based solution
While that is true, no Veeam customer out there wants to have the mere ability to restore an image. There are an abundance of image-based solutions that offer bare metal recoveries. Veeam also offers many additional restore options, hence the ability to choose the specific type of restore for the need. If we cannot offer quick file-level restore options to clients with BitLocker encrypted disks, I would like to know what other types of restores are unavailable to us.

Gostev
Veeam Software
Posts: 22995
Liked: 2890 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by Gostev » Oct 17, 2018 11:07 am

If FLR is not possible, then no other granular restore option will be available either.

jrwilmoth040707
Service Provider
Posts: 48
Liked: 2 times
Joined: Apr 07, 2015 1:53 pm
Full Name: James Wilmoth
Contact:

Re: VBR 9.5 and Bitlocker encryption

Post by jrwilmoth040707 » Oct 20, 2018 5:13 pm

While not having this ability at this time is an acceptable answer, not working towards having it is an unacceptable answer. Well, I guess all we can do is hope then. Or start looking for another solution that will provide granular backup and restore for BitLocker encrypted disks.

We only have one client who has decided (as of this past week) to go all out in meeting HIPAA requirements, and apparently it is non-negotiable according to the AM. So when the day comes that they want us to restore a single file that someone deleted off the file server, we will have to basically restore the entire disk and attach it back to the file server in order for it to be decrypted, I guess. If you are aware of easier, less painful ways, please do tell. If more clients start wanting this, we will definitely have to hunt another solution.

Post Reply

Who is online

Users browsing this forum: Bryan.simmons, foggy, KennethCrowl, tdewin, Wad4iPod and 64 guests