Creating a Sector by Sector Ghost image of a hard drive encrypted with Symantec Endpoint Encryption
Last Updated October 20, 2010
How can encrypted hard disks be imaged for recovery in case of a hard disk failure?
Symantec has tested and confirmed that a raw sector-by-sector image can be made of a hard disk that has the "Hard Disk" User Program installed. Symantec has tested and supports the use of Symantec Ghost version 7.5 or later for this purpose.
Note: It is also possible to create an unencrypted image of an encrypted Harddisk by starting Ghost from within the SEE Access Disk once the log on process has completed. This is only possible using Ghost version 11.5 or later. Please see TECH105685 for more information. This has the advantage of keeping the image smaller, but is not secure as the image is not encrypted.
Note: A raw sector-by-sector image is the only supported image once the Hard Disk User Program has been installed even if the drive is not encrypted. Other imaging programs (e.g. Disk Image) are not supported. Also, we recommend that before attempting this process check Symantec's website to confirm hardware compatibility for the specific hard disk types used at your organization.
When creating the disk image you must create the "raw image" by using the "IR" switch. This will create a snapshot of the encrypted hard disk.
Warning: Do not compress the image.
Note: The image size will be comparable to the size of the drive being imaged. For example, a 60 GB drive will generate a 60 GB image file.
Listed below are the recommended switches and their definitions to use when creating a Sector By Sector copy of an encrypted Hard Drive:
IR: The Image Raw switch copies the entire disk, ignoring the partition table. This is useful when a disk does not contain a partition table in the standard PC format, or you do not want partitions to be realigned to track boundaries on the destination disk. Some operating systems may not be able to access unaligned partitions. Partitions cannot be resized during restore and you need an identical or larger disk.
Auto: Automatically names spanned image files during creation. Using this switch avoids the user prompt that asks for confirmation of the next destination location for the remainder of the image file that is being restored. This switch is the default behavior for Symantec Ghost.
FRO: Forces Ghost to continue cloning even if the source contains bad clusters. Example: "Ghost.exe -IR -Auto -FRO"
The image can be stored on a server, or a set of CDs.
Note: Using a set of CDs introduces potential risks in case one or more of the CDs has any physical media problem. While it may be possible to store the image on DVD media, this has not been tested and confirmed. In order to apply the image to a replacement hard disk, the replacement HDD must be the exact make and model with the same physical geometry as the original hard disk. Any difference will cause a failure in imaging to the new hard disk.
When the image is applied to the replacement hard disk, the same "Hard Disk" login name and password will be required at start-up in order to access the hard disk and its encrypted data.