search cancel

Image capture with Ghost takes much longer than usual and the captured image is larger than expected

book

Article ID: 151726

calendar_today

Updated On:

Products

Ghost Solution Suite Deployment Solution

Issue/Introduction

When capturing an image, Ghost is not compressing the image and instead performing a sector-by-sector copy of the entire disk even though no switches or options for this were selected. It is noticed that there are an unusually large amount of .ghs/image files created and the image capture takes much longer than usual. If the image is then deployed to a different machine, the machine may not boot to the production OS.

Environment

GSS 3.3
DS 8.x

Cause

Drive encryption or Bitlocker is enabled on the drive the image was captured from. Many organizations chose to enable Bitlocker or drive encryption to protect sensitive data. Additionally, many OEM manufacturers, primarily HP, are shipping their machines with Bitlocker enabled on the drive but "waiting for activation". In this case, the drive is encrypted but waiting for a key to be set. 

Resolution

Symantec Ghost will capture an image of a drive that uses BitLocker Drive Encryption using Sector by Sector cloning. When the disk / volume is still encrypted the Image should be treated as a backup as Ghost does an ‘Image All’ capture / restore of the entire disk / volume. When using BitLocker Ghost knows to enable Image All cloning and turn off compression. When restoring the encrypted image, it should be restored back to the same drive size or larger. 

When a disk / volume is unlocked it looks completely unencrypted to Ghost. Ghost (GSS 3.3) should handle the image creation without issue. However Ghost can run into problems on restore.  The issues that Ghost encounters are dependent on the approach that the encryption software uses to hide its metadata. Broadcom/Symantec Technical Support's recommendation for this is to restore to an unencrypted drive and then to encrypt the contents afterwards – specifically for deployment. In some cases it may be possible to restore to an encrypted disk / volume as long as it is unlocked, but it is software encryption dependent (and also dependent on the source image).

In the case of Bitlocker, Ghost should be able to do ‘Partition’ restores to unlocked (unencrypted) bitlocker volumes. However for most purposes Broadcom/Symantec Technical Support recommends restoring to a disk with no software encryption and then encrypting it afterwards.

If Bitlocker status is "waiting for activation" and the only option is to "Turn on BitLocker", the drive is still encrypted. To unencrypt the drive, "Turn on BitLocker" must be selected to set a key (to be saved off box), then "Turn off BitLocker" will unencrypt the drive.

 

 

Additional Information

221581 "Image capture taking much longer than usual and creating very large image"