Skip to main content
commvault.com commvault.com
Solved

Bitlocked VM machine -thoughts?

  • November 5, 2021
  • 1 reply
  • 916 views
J
Byte
Forum|alt.badge.img+4
  • JM-
  • Byte
  • 12 replies

The server admins are considering bitlocking VM machines and maximizing security. My assumption is the best way is a regular VMware backup without an agent being installed.

If they ever wanted to do a restore, then restore to whole guest and leave to the server admins to copy from the restored guest back to the source. The boxes are medium to small sized

 

Ques: At restore time is CV capable of creating a browsable contents of a bitlocked VM guest?

Storage is disk, will doing live recovery contents generation

 

Best answer by Stuart Painter

Hi @JM- 

If the drive is encrypted at OS level, e.g. using BitLocker, then only the OS itself will be able to read the contents of backup data due to the requirement for a decryption key, which held in the OS.

So, a BitLocker encrypted VM guest won’t be readable or browsable at restore time.

The only options available, you have already stated:

  1. Restore the whole guest VM and allow the server admins to access the contents
  2. Have an in-guest agent to protect the content as a separate backup that would be browsable.

Note: Components Backed Up by the Windows File System Agent explains that Volumes using BitLocker encryption are backed up if the volume is unlocked.

Of course, option 2 and the unlock caveat may present a problem as this would circumvent the security principles of encrypting the VMs. This would allow the data to be accessed externally by anyone with the required access to the Commcell backup data.

Thanks,

Stuart

View original
Did this answer your question?

1 reply

S
Vaulter
Forum|alt.badge.img+15

Hi @JM- 

If the drive is encrypted at OS level, e.g. using BitLocker, then only the OS itself will be able to read the contents of backup data due to the requirement for a decryption key, which held in the OS.

So, a BitLocker encrypted VM guest won’t be readable or browsable at restore time.

The only options available, you have already stated:

  1. Restore the whole guest VM and allow the server admins to access the contents
  2. Have an in-guest agent to protect the content as a separate backup that would be browsable.

Note: Components Backed Up by the Windows File System Agent explains that Volumes using BitLocker encryption are backed up if the volume is unlocked.

Of course, option 2 and the unlock caveat may present a problem as this would circumvent the security principles of encrypting the VMs. This would allow the data to be accessed externally by anyone with the required access to the Commcell backup data.

Thanks,

Stuart

Customer Support

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings