Bitlocker and drivepool

[peste19]

I wanted to enable bitlocker on my whs 2011 server but not really how to proceed with it regarding the pools, dont know really how to encrypt them, for example im not sure if i start the encryption on 1 physical drive if it will corrupt the other drive, i just afraid of losing my information.

 

any help would be appreciated

Edited December 8, 2012 by peste19

[jmwills]

Why do you feel it is necessary to encrypt?

[ikon]

@peste19, you say you're afraid of losing your information. I hope you have a good backup strategy in place. There should be no reason for you to be afraid of losing information permanently.

[peste19]

its 1 extra step for security, its backups all of my computer, its has personal data and in case of theft it will be encrypted.

 

The pool is my backup strategy, in case i drive fails i got another, i just afraid of i enable bitlocker incorrectly on the pool that the duplication might corrupt the other drive

[ikon]

So, if someone steals all your computers, or your house burns down, or you get flooded out, or there's a tornado, or any other disaster, you have no copies of your data, is that correct?

[Drashna Jaelre]

On StableBit DrivePool, there was a setting to enable bitlocker support on the pooled drives. It's listed as "Legacy" now, so I'm not sure it's needed.

http://wiki.covecube.com/StableBit_DrivePool_Advanced_Settings#Legacy

 

However, that doesn't help with the system drive. Ideally, you'll want to encypt the system drive too. As most hardware doesn't have a TPM module, you'll need to run the security policy hack to enable the "USB" mode, and you will need this USB drive attached to be able to boot from the system.

http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

 

After that, just enable bitlocker on all the drives, and should be smooth sailing from there.

[ikon]

I'm not sure why you would need to enable BitLocker on the system drive if that's all it is - the System Drive: i.e. zero data on it. Am I missing something?

[Drashna Jaelre]

Paranoia.

Also. if you lock the pooled drives, then they become accessible once the OS boots. Which only protects the data if somebody pulls the drives out and puts them in another system. By *also* locking the system drive means the system can't be booted. Which is good if your server gets stolen. Makes it that much harder to get into your server.

 

But yeah, it breaks down to paranoia. Like, legally you are not obligated to give your passwords or bit locker code to law enforcement. Especially if they don't have a warrant.

[ikon]

OK, making the system non-bootable if stolen is certainly a good reason for locking the system drive. Well, except for the part where MS has a backdoor into the locked drives, so law enforcement could get in anyway. Still, it does protect from anyone except law enforcement or 3-letter agencies.

 

So, to answer the question from my previous post, the answer is, "Yes", I was missing something.

[Drashna Jaelre]

True, but it makes things that much more complicated. And for the security paranoid... it would technically require a warrant.