commvault.com commvault.com
Solved

Bitlocked VM machine -thoughts?

  • 5 November 2021
  • 1 reply
  • 686 views
J
Rank
Userlevel 1
Badge +4

The server admins are considering bitlocking VM machines and maximizing security. My assumption is the best way is a regular VMware backup without an agent being installed.

If they ever wanted to do a restore, then restore to whole guest and leave to the server admins to copy from the restored guest back to the source. The boxes are medium to small sized

 

Ques: At restore time is CV capable of creating a browsable contents of a bitlocked VM guest?

Storage is disk, will doing live recovery contents generation

 

icon

Best answer by Stuart Painter 5 November 2021, 12:27

View original

1 reply

S
Rank
Userlevel 7
Badge +15

Hi @JM- 

If the drive is encrypted at OS level, e.g. using BitLocker, then only the OS itself will be able to read the contents of backup data due to the requirement for a decryption key, which held in the OS.

So, a BitLocker encrypted VM guest won’t be readable or browsable at restore time.

The only options available, you have already stated:

  1. Restore the whole guest VM and allow the server admins to access the contents
  2. Have an in-guest agent to protect the content as a separate backup that would be browsable.

Note: Components Backed Up by the Windows File System Agent explains that Volumes using BitLocker encryption are backed up if the volume is unlocked.

Of course, option 2 and the unlock caveat may present a problem as this would circumvent the security principles of encrypting the VMs. This would allow the data to be accessed externally by anyone with the required access to the Commcell backup data.

Thanks,

Stuart

Customer Support

Reply


Terms & ConditionsCookie settings