Finally – we’ve found a nice, fast, cost effective solution for encrypted image backups.
One of the limitations of the Microsoft Block Level Backup (a.k.a. drive imaging) features in Server 2008 is that all backups will be unencrypted. For businesses like medical clinics, legal firms or law enforcement, this can compromise client information.
I’ve been working with the CRU DataPort 10 Secure device (http://www.cru-dataport.com/) as a possible solution to this problem… and the result is good!
I’ve been playing with the internal version. The device consists of a “frame” (or “dock”), where you insert the hard drive caddy. The actual frame connects via SATA to the motherboard or SATA controller, and contains the encryption electronics. You can then insert the hard drive caddy, and all information on that disk is encrypted. If you try to plug the disk into a normal SATA port, it appears as an uninitialized disk.
An external version is also available, which connects via USB or eSATA.
The encryption features make the units perfect for backup! And they’re more cost effective than other solutions, like the RDX drive.
When I first played with the CRU system (and when it’s used unassisted by BackupAssist), I found some “gotchas” – that swapping disks causes drive letters to change, and that it was not possible safely remove the disk on a non-hot-swap SATA controller.
So last week, I spent some time handling these problems in BackupAssist, and these new features have made it into v5.4. In summary, BackupAssist integrates with the CRU DataPort devices by:
- Safely ejecting the disk after the backup so it can be removed without data loss
- Changing the drive letter of the disk before the backup so the backup will work
- Doing a hardware rescan before the backup so that any newly attached hardware will reappear, or if the drive was ejected from the night before but not replaced, the ejected drive will reappear, and the backup will happen.
[These features have been in BackupAssist for USB drives for over a year, but before these changes, we were having some problems ejecting SATA disks on non-hot-swap controllers and reassigning drive letters.]
On the plus side, because the CRU DataPort 10 Secure unit encrypts the entire hard drive, you can place other data onto the disk as well – such as SQL Backups, Exchange Mailbox backups (PST), File backups – and they’re automatically encrypted too.
I’ll be running some trials and case studies with some partners of ours, and I’ll keep everyone updated on progress. These new case studies will also be backups of Hyper-V systems, so the package of BackupAssist + CRU gives encrypted Hyper-V Backups with granular restore – Yippie!
Availability: these features were released in the v5.4 beta last week, and are also in the full release of v5.4 – which is going to be released this week.
Big thanks to Hilton Travis for sending a rocket my way and making me work long hours to get this feature in!
Enjoy!
I’ve seen a similar hardware encryption dock/cage device offered by Addionics. The important thing to know is if it met U.S. FIPS and other industry compliance certification standards. It’s one thing if it works and another if it is certified compliant – bureaucracy