MS Exchange 2013 Datastore on Bitlocker Encrypted Volume
Posted on 2013-11-17
Dear EX Community,
I am currently experimenting with MS Exchange 2013 and Bitlocker Drive Encryption (Windows Server 2012 R2). My intention is to put the Exchange Database on an encrypted volume. I am aware that this does not protect the data when the system is in a running state. My goal is to protect the data in case one of the hard drives (RAID 1 Array) gets swaped out, since the server is located in an external Data Center.
On the server I have currently 2 partitions:
C: - System Partition (unencrypted)
D: - Data Partition (Bitlocker Encrypted, has to get manually unlocked using a key after every reboot)
Exchange itself I'd install on C: while the Exchange Database would get put on the encrypted D partition.
Now my question is how Exchange will cope at boot time when the Data Partition is not yet unlocked and Exchange can't access the Datastore. I suppose this will lead into troubles? How about if I set all Exchange related services to manual startup in order to start the services manually after the D: partition has been unlocked?
I am aware that there is a possibility to automatically unlock the D: partition at boot time but this would require that the System Partition is also encrypted, which is not possible in this scenario since the server doesn't have a TPM-Module and I don't want to enter the key through the KVM-Console when rebooting the server.
Any feedback is highly appreciated. Thank you very much!