In-Place Encryption using TrueCrypt while maintaining original drive letter

I am attempting to fully encrypt all hard drives on a number of servers at my company.  My problem is this:

We run a medical database off of a dedicated server which has 3 separate drives (all mirrored independently)  The OS resides on the C: drive, SQL database on the D: drive and the front end medical program on the E: drive.  All three operate in conjunction with one another.

I need to be able to encrypt all three drives using full disk encryption but need them to auto-mount on system boot (preboot authentication), I need the drives encrypted in-place to ensure there is no interruption in service, and I need the encrypted volumes to maintain their original drive letters since the needed programs have been running upwards of 18 months and I cannot afford a reinstallation to allow the drive references to be changed.

The system partition is easy, no need for instruction there.  My issue then becomes encrypting non system partitions in place and allowing the original drive letter to be used.  Is there any way to do this with TrueCrypt?  My initial thoughts are that I need to dump the files off a set of hard drives, use disk management to change drive letters, encrypt and reinsert files, then add to system favorites verifiying that the original drive letter is being used as well as making sure it is loaded using preboot authentication.  That process really gives me chills considering without this database, the company shuts down.  Is there a better way of doing this or even a better 3rd party software to utilize?

Any recommendations would be greatly appreciated.
LVL 1
mcvay178Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SysExpertCommented:
first of all, as part of Disaster Recovery, you should have access to a backup server and use that while you are doing your encryption.

1) Full backup - preferably twice

2) Shut down all services accessing data ( SQL etc )

3) change drive letters of D, E to F, G  or similar

4) encrypt data  and now use D and E for encrypted drives

If there are problems you can either reverse the process or restore from backups as needed.

I hope this helps !
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mcvay178Author Commented:
This is pretty much what I was expecting.  You didn't mention anything about pulling data off of the drives initially.  Does this mean that you can encrypt non system partitions 'in-place' with truecrypt?  If so, a brief description of how to get to this capability would be greatly appreciated.  I am working on getting a backup server updated to the appropriate database level while I perform the encryption.
0
SysExpertCommented:
Not sure, But I though the newest version supported something like this.

Depending on your RAID controller, It may be possible to unmirror the drives as your backup ( IF RAID 1 )
so that you can then encrypt one drive, copy the data from the other mirror so no additional copying is needed.

But Your RAID mirror must support mirroring from 1 drive to another rather than starting from scratch.

Otherwise you will need to backup and copy the data over after encrypting.

0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

mcvay178Author Commented:
I luckily have a test server already set up for the medical database in question.  A few changes in IP address in the front end INI files along with changing adapter settings and a quick update will get me a functional backup in place.  I will look at the raid setup and see what I can't find out but would rather leave as much as possible in place on the system.  Since the server was set up by another company and shipped to us before I began working here, the system is a bit of an enigma to me.

I will proceed with duplicate full backups and simply copying the data off of the D: and E: drives and replacing after encryption and hope for the best.   Will post back and award points once the procedure is complete.
0
mcvay178Author Commented:
Just a follow up.  Spent the past weekend encrypting all system drives.  All encryption was successful.  Unfortunately TrueCrypt does not have the ability to encrypt non-system partitions in place on any operating system older than Vista or Server 2008.  This centers around the fact that older OS's do not support 'on the fly' adjustments to partition size, which apparently TrueCrypt requires for an in place encryption.

Method to follow was to run dual backups and have a test server in standby for disaster recovery, use unlocker to kill all processes accessing the random files on the server (after shutting down all services known to access the files).  Perform a copy and past to a spare backup drive.  At this point, access computer management and change the drive letter and Reboot.  Run disk encryption.  With TrueCrypt 7.0 if you have an encrypted system partition you can add a non system partition to the mounting list for the preboot authenticator.  To do this, simply make the non system partition a system favorite and access the System favorites properties and set to mount when system comes up.

Only downside was my data partition took upwards of 5 hours to encrypt but our company now has significant mitigating factors in place to deal with HIPAA laws assuming the server ever grew legs.
0
mcvay178Author Commented:
Solution basically confirmed my initial assumptions so helped in that way, but did not provide specific information regarding the system favorites capabilities of truecrypt or the specifics regarding in place encryption.  That being said, the confirmation was help in and of itself.  TYTY!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities

From novice to tech pro — start learning today.