Skip to main content
commvault.com commvault.com
Solved

Bitlocker

Henke
Byte
Forum|alt.badge.img+13

Hello,

Our organisation is looking at start using Bitlocker on servers.
I suppose commvault agents do support backing up drives with Bitlocker enabled.

Any specific recommendations regarding it?

BR

Henke

Best answer by dude

@Henke I guess what I was trying to say is that you can still get the VM backed up and restored if needed, however when it comes to the datavolumes, my understanding is that you would not be able to backup that up while the volume is locked. 

As for the schedules, it will fail as it can open the disk.

https://documentation.commvault.com/commvault/v11/article?p=30816.htm

  • Logical volume manager (LVM) metadata processing for volumes encrypted using BitLocker is currently not supported. Decrypting contents of such volumes may not be feasible during browse or restore operations because decryption requires a recovery password or a decryption key. Because enumeration for the volume fails, a file-level browse operation for the encrypted volume cannot display file information.
View original
    Did this answer your question?

    7 replies

    B
    Vaulter
    Forum|alt.badge.img+8

    Hi Henke, 

    Volumes using BitLocker encryption are backed up if the volume is unlocked. You must not run scheduled backups unless the volumes using Bitlocker encryption are unlocked.

    Hope this helps. 

    Henke
    Byte
    Forum|alt.badge.img+13
    • Henke
    • Author
    • Byte
    • 125 replies
    • July 8, 2021

    @Blaine Williams is there any checks on the agent part to determen if the volume is locked/unlock.

     

    dude
    Byte
    Forum|alt.badge.img+15
    • dude
    • Byte
    • 319 replies
    • July 8, 2021

    I think your best best is to exclude the volumes from Backups.

    Mike Struening
    1 person likes this
    • Mike Struening
      Mike Struening
    Henke
    Byte
    Forum|alt.badge.img+13
    • Henke
    • Author
    • Byte
    • 125 replies
    • July 8, 2021

    @dude So if a file server have bitlocker enabled on it’s datavolumes best bet is to exclude the volume? Sounds a bit counter productive though.
    I would think that all volumes would be in an unlocked state, if a volume is in a locked state something is wrong I would guess. I’m not that experienced with bitlocker though.

    @Blaine Williams What happens if a scheduled backup runs against a drive that is locked by mistake or error?
     

    dude
    Byte
    Forum|alt.badge.img+15
    • dude
    • Byte
    • 319 replies
    • Answer
    • July 8, 2021

    @Henke I guess what I was trying to say is that you can still get the VM backed up and restored if needed, however when it comes to the datavolumes, my understanding is that you would not be able to backup that up while the volume is locked. 

    As for the schedules, it will fail as it can open the disk.

    https://documentation.commvault.com/commvault/v11/article?p=30816.htm

    • Logical volume manager (LVM) metadata processing for volumes encrypted using BitLocker is currently not supported. Decrypting contents of such volumes may not be feasible during browse or restore operations because decryption requires a recovery password or a decryption key. Because enumeration for the volume fails, a file-level browse operation for the encrypted volume cannot display file information.
    Damian Andre
    Vaulter
    Forum|alt.badge.img+23
    dude wrote:

    @Henke I guess what I was trying to say is that you can still get the VM backed up and restored if needed, however when it comes to the datavolumes, my understanding is that you would not be able to backup that up while the volume is locked. 

    As for the schedules, it will fail as it can open the disk.

    https://documentation.commvault.com/commvault/v11/article?p=30816.htm

    • Logical volume manager (LVM) metadata processing for volumes encrypted using BitLocker is currently not supported. Decrypting contents of such volumes may not be feasible during browse or restore operations because decryption requires a recovery password or a decryption key. Because enumeration for the volume fails, a file-level browse operation for the encrypted volume cannot display file information.

    For VMware or other VSA style backups, you can backup the volume no problem, but file level browse wont work since that would require the decryption key and code to process bitlocker volumes. You could still do a full VM restore or restore/attach the volume back to another VM to decrypt it

    Henke
    Byte
    Forum|alt.badge.img+13
    • Henke
    • Author
    • Byte
    • 125 replies
    • July 9, 2021

    Thanks @dude and @Damian Andre  for the clarification.

     

    Mike Struening
    1 person likes this
    • Mike Struening
      Mike Struening

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings