Acronis and Microsoft eDrive

I'm not familiar with eDrive, but we use McAfee Endpoint Encryption at work and we have no issues creating and restoring images with Acronis.  Once you've booted into Windows, I believe the disk is no longer encrypted (same with bitlocker too, unless you just bitlocker a folder or folders - in which case, once you have unlocked the drive it can be backed up). You can take an image or backup, just as easily as using Windows image backup.  

Where you might find issues, is restoring an image to a locked drive.  If you can't decrypt the drive first (lost key, corruption, etc), you would have to wipe the drive, restore the image and then encrypt the data again since the restored image would not be encrypted (as it was taken in an unencrypted state).

I suspect that edrive would not be supported in Acronis True Image.  Because of the hardware enabled requirements of such devices as True Image stands right now I think support is not present.

You should check with Acronis Support to confirm this.

Yes, to be sure, I'd check with Acronis and/or give it a test before really putting the disk into realworld use.  

The Microsoft EDrive is just using bitlocker encryption controlled by hardware to make it more efficient. Once the drive is unlocked, data can be imaged just fine.  In order to image or restore though, the drive must be unlocked - that's all.  That is why they say disk duplicators (physical cloning devices) won't work - since the disk will be encrypted during the entire process when trying that route.  

It should work as long as the backup is taken while the drive is unlocked (booted into Windows already).  Bitlocker is not active on the disk while Windows is in use.  We take images of encrypted drives with Windows Backup and/or Acronis all the time of Bitlockered systems and McAfee EDEP systems and can easily restore them, but the backup image has to be done while the system is booted into Windows.  

Likewise, when you push the image back, the drive must not be encrypted (yet) and this disk appears to the ability to disable bitlocker so it should be doable.  

https://technet.microsoft.com/en-us/library/hh831627.aspx

Configuring Encrypted Hard Drives as Startup drives

Configuration of Encrypted Hard Drives as startup drives is done using the same methods as standard hard drives. These methods include:

• Deploy from media: This deployment method involves installing Windows 8 or Windows Server 2012. from DVD media. Configuration of Encrypted Hard Drives happens automatically through the installation process.

• Deploy from network: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the Enhanced Storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell or the DISM command line tool. If this component is not present, configuration of Encrypted Hard Drives will not work.

• Deploy from server: This deployment method involves PXE booting a client with Encrypted Hard Drives present. Configuration of Encrypted Hard Drives happens automatically in this environment when the Enhanced Storage component is added to the PXE boot image. During deployment, the TCGSecurityActivationDisabled setting in unattend.xml controls the encryption behavior of Encrypted Hard Drives. For further information, see the Windows Assessment and Deployment Kit (ADK)and related release notes.

• Disk Duplication: This deployment method involves use of a previously configured Windows 8 or Windows Server 2012. image and disk duplication tools to apply a Windows image to an Encrypted Hard Drive. Disks must be partitioned using Windows 8 or Windows Server 2012.setup tools for this configuration to work. Images made using disk duplicators will not work.

More info about disabling bitlocker and/or turning it off too:

http://windows.microsoft.com/en-us/windows-vista/what-is-the-difference… 

There may be a caveat - apparently, if you restore an image and plan to turn e-drive back on again, you may have to wipe your drive and start from scratch according to this article.  It says there is no way of getting around reinstalling an OS when you enable the self encrypting hardare - I'm assuming this is accurate, but I have no experience with them.  I would think that the image would contain all of the necessary data and just encrypt itself again (that's how software encryption has typically worked when we recover images though). 

http://www.ckode.dk/desktop-machines/how-to-enable-windows-edrive-encry…

So yes, you should be able to take an image and yes you should be able to restore/recover it if you need to, but if you then plan to enable e-drive encryption again, you may be out of luck.  I'd be curious to know how it all goes though - if you can test and report back, that would be great.

You may want to consider not enabling e-drive functionality - according to Samsung... at least for their models, it's not reversible and if you ever plan to use this drive in another system - warranty replacement may be your only option...

http://forums.anandtech.com/showthread.php?t=2366848

I think it would be possible to backup your disk however recovery would be another issue altogether.  Because recovery of an OS system disk requires a computer to booted into an environment other than Windows it would be necessary to somehow get around the device SD to accomplish a recovery task.  I do not believe this possible at the current time but again check with the Support team.

Thank you for your response.

eDive is an interesting solution but the restore of such a system is challenging.  

I decided to go for with the software based bitlocker encryption.  The CPU I have is able to provide AES-NI instructions, so I think this is the best choice in my situation.

Hello, everyone.

As far as I know, True Image compatibility with eDrive SSDs has never been tested. In Windows it should make no difference whether the drive has hardware-based encryption or not. When dealing with bootable media, though, I'm not so certain. In theory the drive should be unlocked in the UEFI environment even before the machine boots into the True Image Bootable Media. However, I cannot confirm this with absolute certainty.