peste19 Posted December 8, 2012 Share Posted December 8, 2012 (edited) I wanted to enable bitlocker on my whs 2011 server but not really how to proceed with it regarding the pools, dont know really how to encrypt them, for example im not sure if i start the encryption on 1 physical drive if it will corrupt the other drive, i just afraid of losing my information. any help would be appreciated Edited December 8, 2012 by peste19 Link to comment Share on other sites More sharing options...
jmwills Posted December 8, 2012 Share Posted December 8, 2012 Why do you feel it is necessary to encrypt? Link to comment Share on other sites More sharing options...
ikon Posted December 9, 2012 Share Posted December 9, 2012 @peste19, you say you're afraid of losing your information. I hope you have a good backup strategy in place. There should be no reason for you to be afraid of losing information permanently. Link to comment Share on other sites More sharing options...
peste19 Posted December 9, 2012 Author Share Posted December 9, 2012 its 1 extra step for security, its backups all of my computer, its has personal data and in case of theft it will be encrypted. The pool is my backup strategy, in case i drive fails i got another, i just afraid of i enable bitlocker incorrectly on the pool that the duplication might corrupt the other drive Link to comment Share on other sites More sharing options...
ikon Posted December 9, 2012 Share Posted December 9, 2012 So, if someone steals all your computers, or your house burns down, or you get flooded out, or there's a tornado, or any other disaster, you have no copies of your data, is that correct? Link to comment Share on other sites More sharing options...
Drashna Jaelre Posted December 13, 2012 Share Posted December 13, 2012 On StableBit DrivePool, there was a setting to enable bitlocker support on the pooled drives. It's listed as "Legacy" now, so I'm not sure it's needed. http://wiki.covecube.com/StableBit_DrivePool_Advanced_Settings#Legacy However, that doesn't help with the system drive. Ideally, you'll want to encypt the system drive too. As most hardware doesn't have a TPM module, you'll need to run the security policy hack to enable the "USB" mode, and you will need this USB drive attached to be able to boot from the system. http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/ After that, just enable bitlocker on all the drives, and should be smooth sailing from there. Link to comment Share on other sites More sharing options...
ikon Posted December 13, 2012 Share Posted December 13, 2012 I'm not sure why you would need to enable BitLocker on the system drive if that's all it is - the System Drive: i.e. zero data on it. Am I missing something? Link to comment Share on other sites More sharing options...
Drashna Jaelre Posted December 14, 2012 Share Posted December 14, 2012 Paranoia. Also. if you lock the pooled drives, then they become accessible once the OS boots. Which only protects the data if somebody pulls the drives out and puts them in another system. By *also* locking the system drive means the system can't be booted. Which is good if your server gets stolen. Makes it that much harder to get into your server. But yeah, it breaks down to paranoia. Like, legally you are not obligated to give your passwords or bit locker code to law enforcement. Especially if they don't have a warrant. Link to comment Share on other sites More sharing options...
ikon Posted December 15, 2012 Share Posted December 15, 2012 OK, making the system non-bootable if stolen is certainly a good reason for locking the system drive. Well, except for the part where MS has a backdoor into the locked drives, so law enforcement could get in anyway. Still, it does protect from anyone except law enforcement or 3-letter agencies. So, to answer the question from my previous post, the answer is, "Yes", I was missing something. Link to comment Share on other sites More sharing options...
Drashna Jaelre Posted December 17, 2012 Share Posted December 17, 2012 True, but it makes things that much more complicated. And for the security paranoid... it would technically require a warrant. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now