Encryption of the source is, of course, a valid approach to securing your backups. The key is that the backup has to be of the encrypted data files yet most drivers will decrypt the files before they are copied to a backup unit. (I.e., the files are decrypted as they are read from the client disk.) In this case you would need to install a similar program on the server to encrypt the files as they are stored as the LAN transfer would be clear text. (And, by the way, if you only want the backup to be encrypted then there is no need to have this program on the client and on the server it only needs to be used on the backup disk. That is exactly what TrueCrypt is doing as I use it today.)

_________________
....JBick

EX475, 2 GB, LE-1640
PC1: Vista-->W7 Ultimate/32, (D-Drive RAID-5 Array)
PC2: Lenovo Laptop, Win XP Home SP3
2xLinksys WRT54G v1.1 and 2xNetGear GS105 Gbit switch

Be sure to also look at the thread discussing the Automated Backup Script.


Sorry, but I have read this about four times and do not understand what you are saying. The script is only a "copy", there is nothing in it that will cause any file sizes to grow. I need more information (screen shots, copy of the code...) in order to comment. Also please indicate the formatting of the source and destination disks.

For restores just reverse the process (reverse source and destination in the RoboCopy command lines).


You have the idea....

Recreating the shares should not be necessary.

_________________
....JBick

EX475, 2 GB, LE-1640
PC1: Vista-->W7 Ultimate/32, (D-Drive RAID-5 Array)
PC2: Lenovo Laptop, Win XP Home SP3
2xLinksys WRT54G v1.1 and 2xNetGear GS105 Gbit switch

I'm new to WHS and many of the things mentioned in this article, except truecrypt. I have this exact problem with my truecrypt encrypted external hdds and my WHS box. A lot of this is very complicated to me and I have a few questons. What exactly does this solution do? What do these scripts do? Do I have to recreate my shares after ever restart of the WHS machine? What happens from start to finish when an hdd is mounted, has data written to it, dismounted, mounted again, and accessed remotely from a client on the network? I am most confused about what the scripts do and what robocopy does.

If you use WHS 2011 then you can/should use BitLocker Drive Encryption. BitLocker is native to the OS and is very secure. You can configure volumes to be automatically unlocked at boot time, so your shares become available without any need to log in and manually tinker with services.

BitLocker's biggest "gotcha" is that the auto-unlock capability works differently with USB/FireWire disks. For automatic unlocking to work with these, the user who enabled the automatic unlocking on these volumes must log in for the unlock to be performed. If you use pooling software such as Drive Bender or StableBit, there are some additional gotchas when encrypted USB/FireWire disks are part of the pool, because the pool service will try starting up very early in the boot process before you have a chance to log in, and they'll start throwing errors about missing disks because the service cannot see them.

You're going to run into these problems with any encryption solution. The key is figuring out the best way to work around the shortcomings.

In my case, I created a "helper service" that works in conjunction with Home Server SMART 2012 that can be configured to unlock the USB/FireWire volumes at boot time before the pool service starts, by making the pool service dependent on my "helper service." Even then, there can be a delay of several seconds after a volume is unlocked before it becomes available, and by then the pool service is well underway starting up.

_________________
Matt Sawyer
Owner, Dojo North Software, LLC

HP EX490, 4GB, E5300, 15TB - Server 2012 - Sharing and Streaming
HP EX487, 4GB, E5300, 13TB - Server 2012 Essentials - Backups

I know it's been a year since this thread was last updated, but maybe you guys still exist. What currently bugs me is that WHS doesn't see the encrypted drive that's inside one of the attached clients, so that it cannot be used as backup source.

Anyone know what the culprits are in this scenario?

Thanks,
Ingmar