Here is some more detail which you may find useful. I've paraphrased it from a communication I recently received. I hope it's useful to you.
Unfortunately though it still boils down to the fact that non-NTFS encryption isn't currently supported, hence my earlier recommendation to discuss with your sale rep before backing up such data with Avamar.
====================================================== If we are backing up data that is encrypted using the native Windows NTFS encryption, then the data gets backed up in its encrypted form. A special Windows OS call rather than the standard BackupRead and BackupWrite system calls is used to back up and restore encrypted data. In this case there is no commonality if a portion of the file changes. This capability of backing up NTFS encrypted data, while not effective, is fully supported.
It is important to be aware that backing up data using the disk/volume encryption products, such as PGPDisk, ProtectDrive (perhaps this includes the Sophos product you mention), has not been tested with Avamar and therefore, backing up the data from these encrypted volumes is not supported.
When backing up the data from these proprietary encrypted volumes, Avamar uses the standard BackupRead and BackupWrite system calls, and therefore, the data is backed up as normal data.
The one major exception is that testing has shown that VSS will fail to freeze the encrypted disks/volumes due to an apparent incompatibility between the encrypted disk/volume and VSS by trying to back up the volume using NTBackup (which also freezes the volumes using VSS), and NTBackup also failed to freeze the volumes. Therefore, none of the open files on the encrypted disk/volume will get backed up. =====================================================
What kind of encryption are you thinking of using?
NTFS encrypted files is fully supported although, if a portion of an encrypted file changes and that encrypted file is backed up a second time there will be no commonality with the data from the previous backup.
Only NTFS encryption is fully supported at the moment. I'd recommend contacting your EMC sales rep to discuss this with product management before implementing it. They may be able to put together a business case to have the Sophos encryption product tested with Avamar.
I am not clear why the client would care. I would think the clinet would look at the file and look for atoms of what had been stored before. Encryption would make the file appear to have more unique atoms but still retain the information. What do you think?
I have a client with lots of laptops they are encrypted and there is an issue.
the client has 2 versions of the encription software, in one version avamar works perfect and in the other version the error was:
2009-07-22 11:00:35 avtar Error <5244>: Unable to open directory "C:\Documents and Settings" (code 1005: The volume does not contain a recognized file system.
Please make sure that all required file system drivers are loaded and that the volume is not corrupted).
SOLUTION: you have to disable the VSS adding a line in the avtar.cmd file --freezemethod=none
The data doesn¿t need to be encrypted because it is stored in hashes across the hosts and is sent as multi length hashes across the wires. Because of that, the data can never be reassembled as it sits or over the wire.
The data doesn¿t need to be encrypted because it is stored in hashes across the hosts and is sent as multi length hashes across the wires. Because of that, the data can never be reassembled as it sits or over the wire.
I believe he's referring to client side encryption on laptops rather than at-rest encryption of the data chunks on the Avamar server.
there are mutliple threads on encryption here.. could easily get confusing
Thanks for the information and I am still waiting on my sales rep to return my e-mail (I will follow up today). From informally asking the question during a support call on another matter, the client seems to do a call to the OS to be able to backup the file - I don't want to state as fact that it decrypts it at that point - and if the encryption software cannot work in the same way you have an issue.
I will follow up when I know more, but thanks for everyone's insight.
Avamar Exorcist
462 Posts
0
September 28th, 2009 07:00
Unfortunately though it still boils down to the fact that non-NTFS encryption isn't currently supported, hence my earlier recommendation to discuss with your sale rep before backing up such data with Avamar.
======================================================
If we are backing up data that is encrypted using the native Windows NTFS encryption, then the data gets backed up in its encrypted form. A special Windows OS call rather than the standard BackupRead and BackupWrite system calls is used to back up and restore encrypted data. In this case there is no commonality if a portion of the file changes. This capability of backing up NTFS encrypted data, while not effective, is fully supported.
It is important to be aware that backing up data using the disk/volume encryption products, such as PGPDisk, ProtectDrive (perhaps this includes the Sophos product you mention), has not been tested with Avamar and therefore, backing up the data from these encrypted volumes is not supported.
When backing up the data from these proprietary encrypted volumes, Avamar uses the standard BackupRead and BackupWrite system calls, and therefore, the data is backed up as normal data.
The one major exception is that testing has shown that VSS will fail to freeze the encrypted disks/volumes due to an apparent incompatibility between the encrypted disk/volume and VSS by trying to back up the volume using NTBackup (which also freezes the volumes using VSS), and NTBackup also failed to freeze the volumes. Therefore, none of the open files on the encrypted disk/volume will get backed up.
=====================================================
Avamar Exorcist
462 Posts
0
September 28th, 2009 03:00
NTFS encrypted files is fully supported although, if a portion of an encrypted file changes and that encrypted file is backed up a second time there will be no commonality with the data from the previous backup.
Avamar Exorcist
462 Posts
0
September 28th, 2009 05:00
cwilson62946
12 Posts
0
September 28th, 2009 05:00
cwilson62946
12 Posts
0
September 28th, 2009 06:00
OscarG1
2 Intern
•
137 Posts
0
September 28th, 2009 14:00
the client has 2 versions of the encription software, in one version avamar works perfect and in the other version the error was:
2009-07-22 11:00:35 avtar Error <5244>: Unable to open directory "C:\Documents and Settings" (code 1005: The volume does not contain a recognized file system.
Please make sure that all required file system drivers are loaded and that the volume is not corrupted).
SOLUTION:
you have to disable the VSS adding a line in the avtar.cmd file
--freezemethod=none
That worked for me
Limbaugh
40 Posts
0
October 2nd, 2009 11:00
Avamar Exorcist
462 Posts
0
October 5th, 2009 01:00
stored in hashes across the hosts and is sent as
multi length hashes across the wires. Because of
that, the data can never be reassembled as it sits or
over the wire.
I believe he's referring to client side encryption on laptops rather than at-rest encryption of the data chunks on the Avamar server.
there are mutliple threads on encryption here.. could easily get confusing
Message was edited by:
Nicholas Ricioppo
Limbaugh
40 Posts
0
October 8th, 2009 06:00
cwilson62946
12 Posts
0
October 8th, 2009 07:00
I will follow up when I know more, but thanks for everyone's insight.
georgeav
1 Message
0
November 10th, 2012 00:00
Do you know if anything happened in the last three years on this subject ?
I couldn't find any whitepaper regarding Avamar and encrypted hard drives. I'm interested especially in integration with Bitlocker.
Thank you,
George