PDA

View Full Version : Big dilemma: data protection with Knox (sparseimages) / back up with SuperDuper!


gianfry
10-10-2008, 07:18 PM
Hi there, I finally decided it's time to join the club. It's about time I set a "Data Protection" and "Backup" Plan. (on Mac, of course).

When I have to make a choice, I go and just get obsessed with information gathering and knowledge: I need to figure things out, and I don't stop until I am pleased with solutions.

So I spent this week (literally) on reading all about the topics I need to figure out.

Again, what I need to cover, I call it : "Mac Data Protection and Backup Management".

So, two different yet complementary topics:
1) I want to "password-protect" ALL of my data, be it on my computer and hard drives. Yeah, that's important, right?

2) I want to have perfect duplicate data (backup) of my computer, hard drives, and remote server on a "Backup Hard Drive". And of course I want to protect that drive too.

So I went out there, and I start reading about it all and a few names came up:
- FileVault
- Time Machine
- DiskUtility
- Knox
- SuperDuper!
(And a few others along the way…)

I understood things about all of that (again, it was about time).

To make a long story short (too late for that?), from my research I got that:

• In the matter of "Data Protection": the way to protect files (or whole volumes) is all related to "Vaults" (encrypted password protected "vistual disks"). That there are 2 kinds of "Vaults", "Disk Images" (.dmg) and "Sparse Images" (.sparseimages). (Yeah, I know, Sparse Bundles…). Got the difference between the two (three).
Now, I discarded use/turn on FIleVault because of the fact that it can only make the "whole Home Folder" as one single "Vault", and can't make different "Vaults" for different files.
Then found out that "DiskUtility" can produce just that.
But in my research I came across this third software that is Knox, and I got that it could handle the whole vault-thing preatty nice and simple. (But yes, I discoverd all the things that DiskUtility is able to do, let there be light…).
So, for "Data Protection", I decide to go with Knox. All right…

• In the matter of "Backup Management": to sum it
up it all came down to Time Machine and SuperDuper!, really. Somehow I don't find Time Machine suitable for what I need, and I want to keep it as simple as possible. One software for Data Encryption, another for Buckup. That's it.
I digged on SuperDuper!, and the fact that it makes a perfect "bootable" copy of your whole Mac, system, applications and files, is unbeatable. Plus it is very simple to use. I studied the manual, read thousand of posts on forums and all.

Now, I wanto to create a framework for my protected backup.

First thing, I went and bought an external hard drive: LaCie 1TB.

For you to know, I got a Mac and two external hard drives and I want to back up all this data to a "Backup Disk".

So, my configuration will look like this:

- Mac HD (my computer: 10.5.2 160GB)
- HD-01 (external hard drive: LaCie 160GB). For: iTunes files
- HD-02 (external hard drive: LaCie 250BG). For: all kinds of stuff.

- Remote-HD (files on MediaTemple server). For my sites in WordPress.

- Backup-HD-01 (LaCie 1TB). For:
copy of "Mac HD" + "HD-0"1 +" HD-02" + "Remote-HD".


So, stripped out:

- Mac HD
- HD-01
- HD-02
- Remote-HD

- Backup-HD-01

Now, I want to make sure that all those hard drives are formatted as "Mac OS Extended (Journaled)", right? Right.

The problem I am running into (finally, he got there…) is that I need to find the right interaction between Knox Vaults options, and SuperDuper! backup options.

The thing is that Knox gives you 2 possible choices for making a password protected sparse image:

1) Encrypted files vaults
2) Encryted volume (whole-disk) vault


The difference is that, using option number 2, when you mount (connect) your "External Hard Drive", you need to type your password to mount the whole disk.

In option number 1, when you mount your "External Hard Drive", it just normally mounts it, and then you can access and interact with the different "Encrypted files vaults" within it.

From Knox interface, when you want to make a new vault:
Vault Type:
• Create an encrypted vault file
• Reformat a volume as an encrypted vault

To know if I want to format my "Backup-HD-01" using "Reformat a volume as an encrypted vault", I need to know how SuperDuper!'s bootable copy will react.

Question is: can "SuperDuper! bootable copy" reboot if the hard drive is formatted as an "encrypted volume"? And if it can't, can it reboot if it is just in a "sparse image", or it totally need to be copied on the hard drive, outside of the sparse image, in order to reboot? Which is the case when you are forced to use OS X Install Disc, even thought you got a rebootable copy on an Hard Drive?

So, I'd like to figure out this:

1) If the "Bootable Backup Copy" of my "Mac HD" is on an "External Hard Drive" that I format as an "Encryted volume (whole-disk) vault", can it "boot" from it, without running the "OS X Install CD"?

2) If the "Bootable Backup Copy" of my "Mac HD" is on an "External Hard Drive" that I format as an "Encryted volume (whole-disk) vault", can one "boot" from it, without running the OS X install CD?

So, the answer can be:

a) Yes you can with option 1, you can't with option 2

b) Yes you can with option 2, you can't with option 1

c) Yes you can with option 1 and 2

d) No, you can't with neather options, and will have to run the "OS X Install CD".

e) You can go with option 1 and leave a partition in the hard drive to copy the bootable copy on, so that it can work from there, without using the OS X Install CD.

Also, is it possible to just copy the "System" (bootable) on a place, excluding confidential information, and make sparse images for ther rest of the files. How do you do that?
Cause it's what the guys from Knox suggest here (http://www.knoxformac.com/support/").

Really, I don't seem to figure it out, even if I read about everthing around.

I know I made it really long, and that I could really just write: "Can SuperDuper! bootable copy reboot from an encrypted volume or/and from an encypted sparse image?"

But, well, I am sick in bed, so I got time to make it long (and probably boring).

Once I figured ther whole thing out, I will surely go and write the clearest article about Mac backup and data protection ever written. And you will find it here (http://stylozero.com). (At the moment of this writing, the site is not even up yet, but it will.)

Anyway, thanks for not killing yourself after such a long post.

PS: dnanian?
;-)

dnanian
10-10-2008, 08:07 PM
This isn't something we've tested, but in general terms you can't back up an image that you have open (e.g. FileVault). I don't know anything about Knox's "whole disk vault", but I don't think he allows encryption of the boot volume.

PGP does have a "whole disk encryption" option, and the next version of SuperDuper! (v2.6) will support it... and that should be bootable, too.

gianfry
10-11-2008, 05:58 AM
Hi dnanian, thanks a lot for your answear.

In short, I would like to know if I go and choose "Backup - all files" from SuperDuper! and as a destination HD I choose a disk that I encrypted as a "whole volume" (means before mounting it asks for a password), will my copy of my Mac be bootable from that disk.

Other option I want to make sure is: if instead I go and choose "Backup - all files" from SuperDuper! and all my files are in in a sparse image, when I need to boot from the Backup Disk, can I just open the sparse image and then boot from there, or because of the fact that my system and all the files are in a sparse image, make the copy not bootable.

Thanks for the support.
;-)

gianfry
10-11-2008, 06:28 AM
More specifically…

From the manual, page 16:


"With a Sparse Image, your files are kept in a “virtual” disk, which is actually stored in a single file. This file can be placed anywhere, including on a network volume. When mounted (which you do by simply opening the
Sparse Image file), the “virtual” drive looks just like a local disk, and can be
backed up to like any other. You can even Smart Update it!

There are some disadvantages, though:

• …
• …
• Finally, since they’re not physical drives, images of any type cannot be
used to start up your Macintosh. However, the contents retain their
bootable properties and – once restored to a real drive – can act as a
startup drive."

- -

Now, my understanding from that, is that whenever the "Copied HD" is on a sparse image, you can't just reboot once the image is mounted. Is that right?

If so, can you just mount the image and simply copy the "Copied HD" in it to the drive itself (assuming you got enough space for it), so that you can boot from there. (You end up with two exact copied stuff on the same HD, but at the least you can reboot, should it be necessary).

That would mean that you can't possibly have a "password protected" copy of your Mac which is bootable.

Mmm, or am I missing something?

dnanian
10-11-2008, 08:52 AM
Sparse images aren't real drives, and cannot be used as startup drives. PGP does this differently, and would be bootable and encrypted.

gianfry
10-11-2008, 09:44 AM
Mmm… What's PGP?
(Is that a dumb question?)
:)

dnanian
10-11-2008, 09:45 AM
"Pretty Good Privacy" - 3rd party encryption product.

gianfry
10-11-2008, 09:47 AM
Yeah, I just google it, and reading on…

gianfry
10-11-2008, 10:19 AM
Thanks dnanian, for replying.

Mmmh, about PNG: it looks fine, but I don't feel like researching any longer, for the time being.

So, knowing that I want to use SuperDuper! to produce a backup on a sparseimage (and on a whole-disk vault, probably), could you tell me what would be the best procedure to boot my copy if I never need to?

Options I think of:

- Partitioning the Backup Disc leaving an encrypted partition, so that I can copy the "bootable copy" to that partition which is not encrypted, and boot from there.

- Partitioning the Backup Disc leaving an encrypted partition, and make a copy of the OS X Install Disc on the uncrypted partition of the disk (which take less space than copingy the whole "backup copy"), so that I can boot from there and… actually I don't even know what you exactly do with the OS X Install Disc, if ever your computer disc craches…

Anyway, confusion, confusion…

dnanian
10-11-2008, 02:22 PM
You'd basically need to install a basic configuration of OSX to a disk, then use that to open the encrypted image and restore it.

gianfry
10-11-2008, 04:57 PM
Know what, I will WAIT for the 2.6 release, to accomodate my needs.

In the meanwhile, I will have my "encrypted volume" and should I ever need to recover or boot my backup copy, I'll find some solution. The important thing is that at the least I have everything backed up, right?

PS: I wrote another post http://forum.karppinen.fi/forums/1/topics/265here (http://forum.karppinen.fi/forums/1/topics/265).

Cheers.

dnanian
10-11-2008, 04:59 PM
Cheers, and enjoy your weekend! :)