This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

securing my TM, CCC external HDD backups

d00by
d00by Junior Member
Hi,



I read the sticky FAQ.



Just need to clarify that the following is correct :-



1) I backup my data to 2 external HDDs. One disk has [b]Time Machine[/b] backup. The second disk has my whole system drive[b] bootabe[/b] image cloned using carbon copy cloner.



2) I want to encrypt these 2 HDDs to protect my data if those 2 external HDDs get stolen. So I want to use knox to encrypt those 2 external HDDS.



3) So, I use knox to create whole disk vaults and then use TM & CCC to store my backup data on those 2 drives.



So, the downside is that the CCC backup system image will not be bootable, right?



I use Mac Mini2,1 OSX 10.6.5

Comments

  • khad
    khad Social Choreographer
    Thanks for asking, d00by! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    [i]The TL;DR version is that it is not possible to encrypt Time Machine backups, but it is possible to create non-bootable Carbon Copy Cloner backups.[/i]



    Time Machine will not back up to a disk image — encrypted or otherwise. What will happen is that all the Time Machine files will be stored [i]next to and outside of[/i] the vault on the external drive. When Knox mounts the volume it is hidden and only the vault's contents are shown. This makes it appear that nothing is working and the files are not present on the drive. Normally, with Knox running, it is not very a trivial task to place files outside the encrypted vault on the drive. The vault on the drive, in essence, [i]becomes[/i] the drive when Knox is running. However, if Knox is not running (or you are Apple's Time Machine software) you will see everything on the drive. This includes the Time Machine backup files. They will not be encrypted unless they are in the vault, but there is not currently a way to force Time Machine to place them there. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_sadsmile.png' class='bbc_emoticon' alt=':-(' />



    As an aside, please make sure that you are excluding your Knox vaults from your Time Machine backup.



    Knox uses Apple's "sparse bundle" technology for its OS X 10.5+ compatible (the default) vaults. Sparse bundles should always be excluded from Time Machine and other backup/sync products specifically because if they are currently mounted by OS X at the time of a backup, any utility that backs it up will appear to "succeed" but data integrity is not guaranteed. At some point you may end up with a sparse bundle that cannot be mounted if it is restored.



    That's one of the prime reasons why Knox's built-in backups will always close/dismount the vault: it makes the resulting backup a consistently valid copy of the original.



    [url="http://help.bombich.com/kb/dmg-and-remote/dimages#backup_to_existing_dmg"]Carbon Copy Cloner will work great with a Knox whole-disk encrypted volume[/url]. As you mention, it will not itself be bootable. However, once restored to a physical drive, the restore target will be bootable.



    I hope that helps. Please let me know if you have any further questions or concerns. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />