Skip to main content
Druva Documentation

How to back up an encrypted disk using BitLocker by Phoenix Agent

This article applies to:

  • OS: Windows
  • Product edition: Phoenix 

About BitLocker

BitLocker drive encryption is a data protection feature of the operating system that was first made available in Windows Vista.

Properties:

  • When integrated with the operating system, BitLocker addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
  • BitLocker is a drive-level encryption and not a file-level encryption. Hence, hence when enabled, the access to the entire drive is restricted.
  • BitLocker works based on a password encryption whereas EFS works on the basis of certificate-based encryption.

Configurations required for Phoenix backup with BitLocker enabled

  • Scenario 1: BitLocker enabled on devices with a single drive (C:\ as OS volume): Since BitLocker has a drive-level encryption, the drive is unlocked when the OS is up and running. Hence, BitLocker does not hamper the functionality of Phoenix and the backups complete successfully.
  • Scenario 2: BitLocker enabled on one or more drives of each device having multiple drives: The OS volume backups of drives enabled with BitLocker complete successfully. The rest of the drives must have auto-unlock enabled during the authentication process while setting up BitLocker for the drives. If auto-unlock is not enabled, the drives remain encrypted even after boot-up. If the drives are configured for backup, Phoenix cannot back up the drive as they are encrypted.

Enable seamless backup from servers with BitLocker encryption

  1. Open Control Panel on the host system.
  2. Click the BitLocker Drive Encryption icon.

    BitLockerHDD.png
  3. The BitLocker configuration page opens. The page displays all the drives, with their respective configuration status. Different options for the OS volume and additional drives are also displayed.

    BLLockerDriveEncryption.png
  4. Find the Turn on Auto Unlock for non-OS drives and enable the option. This ensures the drive is accessible to Phoenix for backup every time the user boots the device.