As you’ve probably heard by now, the latest version of BackupAssist includes BitLocker encryption for System Protection backups on external drives. This is an addition we’re really excited about – it’s a great tool that helps provide the high level of data security our customers have come to expect from us.
As the BitLocker engine may be an unfamiliar tool to some of our customers, we also want to make sure that you’re aware of the normal process when encrypting data for the first time – particularly in regards to duration.
To sum this article up – preparing your backup device for its first Bitlocker encryption may take some time. Don’t panic. This is a normal part of the process, and the good news is it only needs to be prepared once.
What is Bitlocker and how does BA use it?
BitLocker is a Microsoft encryption feature included in Server 2008 and later operating systems that allows data to be securely encrypted in 256-bit AES. It works by encrypting a drive at the sector level.
In BackupAssist, this means that you can securely encrypt an external drive destination for your System Protection backups, so your data can’t be accessed by anyone who isn’t authorized to do so.
So how long will encryption take?
Because BitLocker operates at the sector level, you’ll only need to encrypt your backup destination once. However, because the entire encryption process takes place up front, the time it takes can very depending on a lot of factors. If you have a particularly large device already containing a lot of data, it may take some time.
Microsoft estimates that BitLocker encryption can take roughly 1 minute per every 500mb encrypted – this is a good rule of thumb to use when planning for the time you’ll need to encrypt a destination. Using this rule of thumb, you can arrive at the following of reasonable estimates of how long variously sized drives will take to encrypt:
Windows Server 2008
| 500 GB drive | 17 hours |
| 1 TB drive | 33 hours |
| 2 Tb drive | 67 hours |
Windows Server 2012
| New disk | 1-5 minutes |
| 1 TB / 300 GB used | 10 hours |
| 2 TB / 1.5 TB used | 50 hours |
To learn more, see the Microsoft BitLocker FAQ.
However, other factors that will affect the duration of Bitlocker encryption include:
- The size of the drive
- The performance of the drive and the server
- The operating system in use
- How much data is on the drive (for Windows 2012)
Another point worth noting is that the process will be a lot faster when using Windows 8 or Windows Server 2012 onward, providing there isn’t much data already stored on the device. This is because in Windows Server 2012 R1/R2, BitLocker will only encrypt used disk space. It will not encrypt unused disk space or disk space containing deleted files.
What should I do about it?
As we point out in the title of this article, while BitLocker encryption may take a while it’s absolutely worth the wait! Security vulnerabilities in a business context are unacceptable, particularly when you’re talking about sensitive data. Cyber crime is increasing exponentially, and the security of your corporate data is not something to take lightly.
Therefore, the best thing you can do to deal with a potentially timely BitLocker encryption process is simply to plan for the time required to perform the encryption, when you create a backup job .
As we’ve pointed out, the encryption process will only need to be undertaken once – when you first set up the disk destination for your backups with BitLocker selected. Therefore, it’s advisable to establish an approximate time-line for the encryption process based on the factors outlined above, and schedule it to go ahead at a time that will have minimal impact on your IT operations. For example, overnight or over a weekend.
It is also worth considering the amount of data on the destination disk if you are using Windows Server 2012. If there is no data or it is a new disk, the encryption process will be very fast. And if you use an existing disk, removing data before encrypting it will save a lot of time.
Allow adequate time for your encryption process and run it at a time that suits your business, and you’ll have all the benefits of secure encrypted backups
To learn about encryption times, please view our encryption resource page.
Anything you’re still not sure about with BA and BitLocker?
Leave your question in the comments, tweet @BackupAssist or post to Facebook.
Share this article, because knowledge is power.
