2 Replies Latest reply on Feb 6, 2015 11:15 AM by verysign

    Question about EPO backups regarding encryption

    verysign

      What would happen if your EPO server died, and you had to roll back to an earlier backup of say 1 week. what would happen to all the machines / USB keys that had been encrypted during that time?

       

      Also are there any extra precautions that need to be taken when backing / restoring an  EPO server?

        • 1. Re: Question about EPO backups regarding encryption
          jhall2

          The machines that have been encrypted in that time would upload their keys upon connecting to the ePO server. User passwords and attributes are tracked with timestamps and password changes and the like will be uploaded to ePO also. Users may be removed from these systems as ALDU only runs upon the start of the Drive Encryption service. Because the users will not be removed until the key has been uploaded to ePO successfully, there is always the ability to perform a machine recovery if the users are removed.

           

          The typical use case for FRP Removable Media is to use a recovery key either a standard key or a User Personal Key. These are cached locally but will not be uploaded to ePO. Drives that were initialized during that time will need to reinitialized if the keys no longer exist in ePO.

           

          It is recommended that incremental backups are taken daily and full backups are taken once or twice a week. Because this is MSSQL, standard backup practices of the DB can be used. As with any backups, it is recommended that be checked from time to time to ensure that the backup process is successful. Specific directories of the ePO server will also need to be backed up.

           

          For specific information about backup and recovery of the ePO server can be found in KB66616

          • 2. Re: Question about EPO backups regarding encryption
            verysign

            thank you for such a detailed answer!