[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

In-Place Encryption using TrueCrypt while maintaining original drive letter

Posted on 2010-08-18
6
Medium Priority
?
1,226 Views
Last Modified: 2013-11-08
I am attempting to fully encrypt all hard drives on a number of servers at my company.  My problem is this:

We run a medical database off of a dedicated server which has 3 separate drives (all mirrored independently)  The OS resides on the C: drive, SQL database on the D: drive and the front end medical program on the E: drive.  All three operate in conjunction with one another.

I need to be able to encrypt all three drives using full disk encryption but need them to auto-mount on system boot (preboot authentication), I need the drives encrypted in-place to ensure there is no interruption in service, and I need the encrypted volumes to maintain their original drive letters since the needed programs have been running upwards of 18 months and I cannot afford a reinstallation to allow the drive references to be changed.

The system partition is easy, no need for instruction there.  My issue then becomes encrypting non system partitions in place and allowing the original drive letter to be used.  Is there any way to do this with TrueCrypt?  My initial thoughts are that I need to dump the files off a set of hard drives, use disk management to change drive letters, encrypt and reinsert files, then add to system favorites verifiying that the original drive letter is being used as well as making sure it is loaded using preboot authentication.  That process really gives me chills considering without this database, the company shuts down.  Is there a better way of doing this or even a better 3rd party software to utilize?

Any recommendations would be greatly appreciated.
0
Comment
Question by:mcvay178
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 63

Accepted Solution

by:
SysExpert earned 1500 total points
ID: 33468134
first of all, as part of Disaster Recovery, you should have access to a backup server and use that while you are doing your encryption.

1) Full backup - preferably twice

2) Shut down all services accessing data ( SQL etc )

3) change drive letters of D, E to F, G  or similar

4) encrypt data  and now use D and E for encrypted drives

If there are problems you can either reverse the process or restore from backups as needed.

I hope this helps !
0
 
LVL 1

Author Comment

by:mcvay178
ID: 33469030
This is pretty much what I was expecting.  You didn't mention anything about pulling data off of the drives initially.  Does this mean that you can encrypt non system partitions 'in-place' with truecrypt?  If so, a brief description of how to get to this capability would be greatly appreciated.  I am working on getting a backup server updated to the appropriate database level while I perform the encryption.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33470626
Not sure, But I though the newest version supported something like this.

Depending on your RAID controller, It may be possible to unmirror the drives as your backup ( IF RAID 1 )
so that you can then encrypt one drive, copy the data from the other mirror so no additional copying is needed.

But Your RAID mirror must support mirroring from 1 drive to another rather than starting from scratch.

Otherwise you will need to backup and copy the data over after encrypting.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:mcvay178
ID: 33477277
I luckily have a test server already set up for the medical database in question.  A few changes in IP address in the front end INI files along with changing adapter settings and a quick update will get me a functional backup in place.  I will look at the raid setup and see what I can't find out but would rather leave as much as possible in place on the system.  Since the server was set up by another company and shipped to us before I began working here, the system is a bit of an enigma to me.

I will proceed with duplicate full backups and simply copying the data off of the D: and E: drives and replacing after encryption and hope for the best.   Will post back and award points once the procedure is complete.
0
 
LVL 1

Author Comment

by:mcvay178
ID: 33538506
Just a follow up.  Spent the past weekend encrypting all system drives.  All encryption was successful.  Unfortunately TrueCrypt does not have the ability to encrypt non-system partitions in place on any operating system older than Vista or Server 2008.  This centers around the fact that older OS's do not support 'on the fly' adjustments to partition size, which apparently TrueCrypt requires for an in place encryption.

Method to follow was to run dual backups and have a test server in standby for disaster recovery, use unlocker to kill all processes accessing the random files on the server (after shutting down all services known to access the files).  Perform a copy and past to a spare backup drive.  At this point, access computer management and change the drive letter and Reboot.  Run disk encryption.  With TrueCrypt 7.0 if you have an encrypted system partition you can add a non system partition to the mounting list for the preboot authenticator.  To do this, simply make the non system partition a system favorite and access the System favorites properties and set to mount when system comes up.

Only downside was my data partition took upwards of 5 hours to encrypt but our company now has significant mitigating factors in place to deal with HIPAA laws assuming the server ever grew legs.
0
 
LVL 1

Author Closing Comment

by:mcvay178
ID: 33538515
Solution basically confirmed my initial assumptions so helped in that way, but did not provide specific information regarding the system favorites capabilities of truecrypt or the specifics regarding in place encryption.  That being said, the confirmation was help in and of itself.  TYTY!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When we purchase storage, we typically are advertised storage of 500GB, 1TB, 2TB and so on. However, when you actually install it into your computer, your 500GB HDD will actually show up as 465GB. Why? It has to do with the way people and computers…
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question