Jump to content
amkassir

FileVault and Retrospect 12

Recommended Posts

I'm thinking about enabling FileVault on my Mac. The current version of FileVault encrypts the entire disk. As I prepare to use FileVault, I wanted to make sure Retrospect 12.5 is compatible and can reliably backup and restore files on my hard drive.

 

I found the following (somewhat dated) information in the manual for Retrospect 12, page 112:

 

Don’t backup FileVault sparse image files: Mac OS X since version 10.3 has included a feature called FileVault. When FileVault is enabled, the entire contents of your Home folder [this is outdated, now the whole disk] is encrypted and decrypted into a sparse image file (in Mac OS X 10.3 and 10.4) or sparse bundle (in Mac OS X 10.5 and later) on the fly. This option tells Retrospect not to back up FileVault sparse images. There are a number of good reasons for this.

 

The sparse image files change constantly and therefore will always get backed up by Retrospect. In addition, these files can get quite large, and they cannot be restored properly unless they were backed up while the FileVault user was logged out of Mac OS X.

 

If you must enable FileVault there are a few steps you must take to ensure that all user data is backed up and available for restore: (My boldface.)

 

Make sure all FileVault users are logged in.

 

Choose their Home directory volumes as backup sources.

 

If a local or client computer has multiple accounts for users that have FileVault enabled, all those users must be logged in. When they are logged in, their user folders appear in Retrospect’s Sources list as separate volumes. For example, if the FileVault user Chester is logged in, a new volume named “Chester” is listed in Retrospect’s Volume Selection window.

 

In order to ensure that user data is backed up, the FileVault users’ volumes must be selected as Sources. Selecting the startup disk volume will not back up the users’ data correctly.

So from this quote, it appears Retrospect 12 will be able to backup and restore files on a FileVault-encrypted hard disk. I'm not talking about the sparse image files on the disk, rather the actual unencrypted files.

 

A call to Retrospect support (to double-check) led to the technician insisting Retrospect doesn't support backing up files protected by FileVault. I directed him to this section of the manual, but this did not change his understanding of the matter. I am confused by this, because the manual seems to indicate Retrospect can reliably backup and restore files in this scenario.

 

So, I'm looking to experts on this forum for their experiences (or expectations) with FileVault. Thanks in advance for any assistance you can offer.

 

Retrospect 12.5.0 (111)

Mac OS El Capitan 10.11.3

Share this post


Link to post
Share on other sites

You are correct that the sparse image files can't be copied (because they can't be used after a restore). If you have a file vault volume mounted as a disk (like in the old Mac OS versions), then you would need to back up that mounted image.

 

Basically if you can go to Sources, browse the volume and see the individual files that are part of your file vault, Retrospect will back them up.

Share this post


Link to post
Share on other sites

So, I enabled FileVault, but I don't see a mounted disk image in the Finder or in Retrospect's Sources. Maybe that's changed since earlier versions of FileVault. My encrypted disk still appears in the Source list, like it was before it was encrypted. Under Sources, I can browse my disk's encrypted contents; all my files appear to be there.

 

A few questions:

 

1. Does it look like backing up my files in this scenario would work as expected?

2. Besides turning off backing up FileVault sparse image files, is there anything else I need to do?

3. I have a disk image file (unrelated to FileVault) formatted as a sparse image on my disk. If I turn off backing up FileVault sparse image files, will it also exclude backing up this disk image? I'd like to back that up if possible.

 

Thanks for any replies.

Share this post


Link to post
Share on other sites

I did an incremental backup and it seemed to work normally. It backed up about as much data as I would have expected. I did a restore of a single file as a test and it was successful. So I think Retrospect is working with FileVault enabled.

 

Regarding my 3rd question about the disk image file, I'm doing a separate Retrospect backup of the contents of that file in case the option not to backup FileVault sparse image files prevents that disk image file from being backed up.

 

I wish there was a simple way to preview what files are going to be backed up. I still miss the pre-backup overview window and file browser in Retrospect 6. The method to examine the files to be backed up in Retrospect has never been as easy to use or as convenient as that method in version 6.

 

Any replies or thoughts would be welcome.

Share this post


Link to post
Share on other sites

There are three main types of FileVault encrypted volume, your boot volume, an external drive and an encrypted network Time Machine backup.

 

You can only backup the boot volume if the Mac is booted and a FileVault authorised user has unlocked/logged in. (Duh!) This also means the operating system gets loaded and so does the Retrospect client. Then the Retrospect Engine can talk to the Retrospect client and can do a file by file backup and will not be affected by FileVault encryption.

 

If however you want to backup a FileVault encrypted external drive then this first has to be mounted. Then once again Retrospect will be able to see its contents and back them up.

 

For an encrypted network Time Machine backup this is encrypted SparseBundle disk image. As already discussed this cannot be backed up or more importantly cannot be successfully restored. Hypothetically this encrypted sparse bundle disk image could be manually mounted and then once again the contents backed up via Retrospect. Merely entering Time Machine user interface would not mount it in a way that is likely to work with Retrospect. You would have to locate and double-click on the sparsebundle to trigger a mount request visible to the Finder.

Share this post


Link to post
Share on other sites

Hello jelockwood:

 

Thanks for the explanation of those three types. Your statements reassure me that everything is working as expected!

 

Much appreciated.

Share this post


Link to post
Share on other sites

As an additional comment, if you are backing up an encrypted source then as I previously explained this typically means Retrospect is seeing the unencrypted contents of the encrypted volume. This in turn normally means the backup created by Retrospect will not be encrypted. Since obviously it was considered necessary to encrypt the original source you really, really must consider telling Retrospect to encrypt its backup mediaset.

 

You cannot convert an existing Retrospect mediaset to/from being encrypted so you either need to remember to make this choice at the beginning or create a completely new mediaset.

 

Remember there is no point encrypting the original source and then leaving a backup copy which is not encrypted and which can therefore be exploited by data thieves.

Share this post


Link to post
Share on other sites

Hi jelockwood:

 

You make an excellent point. Fortunately, I had Retrospect create a new, encrypted, media set a few months back, anticipating my use of FileVault, and the need to keep my backup encrypted as well.

 

Thanks again!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×