Leopard and FileVault won’t work well with Time Machine
(2 votes, average: 4 out of 5)
Loading ...Chatting to a colleague this morning, and it looks like Leopard’s Time Machine just won’t work with Filevault when he tried on his laptop. As Apple state on their Time Machine page in their marketing blurb: “Time Machine: a giant leap backward” …when working with Filevault.
Time Machine monitors your disk drive by checking for changed files on the hour and backing these up incrementally. Filevault works by encrypting and storing the entire contents of your Home folder into a safely encrypted disk image, then reading and writing to that, encrypting and decrypting on the fly.
Because of this, your home directory is essentially a single file as seen by Time Machine, so every time you try to make a change to your Filevault protected home directory, Time Machine tries to backup this whole disk image.
Now as a business user, I can see why Filevault would be used to protect sensitive business data on a laptop in a business environment, but really businesses should have a more robust backup solution should be in place already, rather than depending on a consumer grade solution, and businesses should not really depend on Time Machine as their sole reliable backup solution. Time Machine won’t work reliably across a network (unless to another Mac) anyway, which is what a lot of businesses will be doing backup-wise.
However as a home user, on my machine at home, I can see the benefits of Time Machine, and really running Filevault on my home directory would be pointless, as the amount of RAW image processing I do would seriously be hampered by encrypting/decrypting on the fly, and I have absolutely no need to encrypt my MP3s! At home, most of the document processing I do now is web based anyway, and short of a few applications and music/photos, I have precious little on my home hard drive that really needs encryption, but would benefit from something like Time Machine for occasional file recovery/chance of component failure. At work, I use Filevault on my laptop, and our source code repository for storing code and Lotus notes for storing project related info, so have no need for Time Machine, but Filevault on the other hand is very useful.
Now obviously my particular computer usage will work well with this situation, but for those who store more sensitive documents and want encryption and to use time machine, another solution might well be needed.
The only workaround I can think of is to use the Disk Utility to create an encrypted AES-128 disk image. This is the same technology Apple uses for Filevault. Them while using this, mount it and write files to it, and close it when done. Time Machine will back this up as usual, but as it is storing just the files you want encrypted, it should be a lot snappier, due to much smaller file size. It’s not an ideal situation, but if someone had to use both encryption and Time Machine it might help.
October 31st, 2007 at 9:12 am
[…] posted recently to the techblog, so thought I would post my thoughts on using Filevault with Time Machine after hearing a colleague’s frustrations with Time […]
November 14th, 2007 at 4:39 pm
What I dislike the most about all this, is the fact Leopard doesn’t warn you in any way while activating Time Machine for the first time in case you are using FileVault.
The average user will probably have to find out by error that his home directory was not backed up by Time Machine. I do understand the problem in backing up the FileVault container, but not every one does.
There are many workarounds you can think of to keep your stuff encrypted other than using FileVault, but then again the average user is probably not going to be looking for that…
November 24th, 2007 at 3:10 am
Time Machine, a giant step into uselessness. The whole point of time machine is to be able to back up the machine effortlessly and to have access to that data. As a Systems Engineer for 10+ years, the consumer should NEVER have to choose between back ups OR secure data. As a small business owner who has made the migration to OS X from Windows nothing could be more impossible than this. If Time Machine uses the correct credentials, it should have all the access it needs to go in and back up the necessary files in the home folder protected with FileVault.
November 26th, 2007 at 4:02 pm
Well, I agree it’s quite useless for my home ~/, but it should work well outside, i.e. /Applications, /Library etc.
My home will be backed up with a simple rsync -axv ~/ /Volumes/Backup, which has worked very well for me over the years. Every once in a while I throw in an additional –delete to clean up. :-)
November 30th, 2007 at 12:17 am
What about sparse bundle backups?!?!
November 30th, 2007 at 10:46 am
the careful observer will notice that, when logging out, a new message appears in the FileVault dialog: backing up…
And that is what seems to happen: TM saves the whole Vault into its intestines. The first time, this takes considerably more time than the following times, so I have reason to believe that it does it on a per-change basis. When you look into the backup area of FileVault you find the Vault there.
So there really IS a backup, it’s only far less convenient to restore from it.
Cheers
andy
PS: being a professional user of Mac OS I strongly rely on ordinary backup solutions, but - should it occur that TM worked with FV - I shall definitely switch to TimeMachine. It is far more straight forward, far more transparent what happens, far easier to restore and therefore far more reliable in its usage. Yet, sadly, there are many constraints today…
December 20th, 2007 at 4:05 am
andyz is right, thanks to the use of a sparse bundle instead of a sparse image, Time Machine is able to create at least a kind of backup of the FileVault protected user data when logging out.