Ghost Solution Suite

 View Only
  • 1.  Ghosting for Backup and Restore with Vista/Bitlocker

    Posted Jul 30, 2007 03:34 PM
    Hi All,
     
    There is a surprising lack of information on the subject of Vista and Bitlocker on Symantecs site in my surface searches.
    We use Ghost for backup purposes to have a 100% complete snapshot of a machine, and we use it for pre-prepped images.
     
    In intital testing(and slightly expected) with Bitlocker and Vista, Ghost will take the entire drive space. Prior to Bitlocker Ghost would only create an image from the drive space used.
    So previously is 30 out of 60 gigs were being used on a Windows XP machine with EFS, the Ghost process run from DOS would only create an image based on the used space of approx 30gigs.
     
    With Bitlocker and Vista, it is apparently creating a 60 gig image. While that makes sense with what little truly know about Bitlocker. I have to wonder what is symantecs answer to handling Bitlocker. This will render ghost completely useless for the function that we utilize it for.
     
    Thanks


  • 2.  RE: Ghosting for Backup and Restore with Vista/Bitlocker

    Posted Aug 03, 2007 03:12 AM
    Hi,

    As you correctly say, There is only little public information tavailable on BitLocker. And no tools to manipulate it either. However, this is expected since it suppose to be used to achieve a very high level of security, which should be difficult (if not impossible) to break.

    Ghost 11.x will detect the BitLocker and switch to sector image mode when creating images. This explains the large image size. If you really need to do that for deployment purposes, consider wiping the disk before installing Vista. Having a repetitive pattern in unused sectors will increase the compression ratio considerably. However, these images will not be viewable from Ghost Explorer and you can restore to a disk with the same geometry.

    Deploying images with BitLocker raises some interesting questions. With that kind of security, you cannot share a single key among all the users. But if you take an image of an encrypted drive and deploy to multiple machines, all of them will contain the same key. I am still not sure if there are tools to update the key if stored in the TPM chip.

    One possible solution is to use an unencrypted image and run BitLocker after deploying it to new machine. This will generate an unique individual key for each machine, as well as you have an image that could be restored to any machine rather than a specific machine.

    Regarding the backups, I cannot still think of an easy way. The BitLocker driver was not available for WinPE, so if you boot to anything other than the installed OS, you will only see the encrypted data without the facility to decrypt it. Then the only option left is hot imaging (not available with GSS 2.xx) after booting to OS. However, then you have a plain (unencrypted) image of a secure machine.

    Hope this gives you some information.

    Krish


  • 3.  RE: Ghosting for Backup and Restore with Vista/Bitlocker

    Posted Aug 15, 2007 04:27 PM
    Hi Krish,
     
    Thanks for the reply. We are most likely going to make a vista image and then install/setup bitlocker. Unfortunately that takes 90 minutes at times.
     
    Thanks