Jump to content
RESET Forums (homeservershow.com)
wigster

Bitlocker best practive: to encrypt server backups?

Recommended Posts

wigster

Hi,

 

I finally got around to buying a TPM module and have started to set up BitLocker on my Home Server. I have six drive: OS, server backup and 4 data drives.

 

I"ve encrypted data since I am mostly worried about someone accessing it on a disk that I dispose of some thing like that. I've encrypted the OS drive to allow for automatic unlock of the data drives.

 

What do I do with the OS backup drive? Should I encrypt it? If I do, then if I have to do a full restore from scratch, how do I access the backup? Will the WS2012R2 startup disk be able to ask for a password and unlock this drive as part of a full disk restore? Or would I have to unencrypt the drive first on a separate machine, restore and then reencrypt it.

 

Does it matter if it is not encrypted? Could someone restore a version of the server from there which they could then use to unlock the data drives?

Share this post


Link to post
Share on other sites
Drashna Jaelre

Honestly, it's not worth the hassle of encrypting the backup drive. 

Because the problem with doing so, is that the restore image doesn't have the bitlocker code. So you'd need to decrypt the drive first, which can take HOURS or days even.  The other option is to create a custom restore image that does include to bitlocker tools, but you're still stuck using command line tools to unlock the drive (rather than decrypting it).

 

So, really, it's a hassle. :( 

  • Like 1

Share this post


Link to post
Share on other sites
wigster

Thanks, this was my fear. 

 

So if my encrypted OS drive dies and I do a restore form an non-encrypted backup drive, how do I get all the encryption working properly again for the data disks? Do I have to manually switch on BitLocker, encrypt the OS drive again and the Data drives will unlock automatically/after I supply the data-drive passwords? Or are there some issues I haven't though of?

Share this post


Link to post
Share on other sites
Drashna Jaelre

You'd have to enable encryption after the drive was restored. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×