Bitlocker on Server 2008 R2 data volume - simple question I think

We need to meet a requirement that the data on the server is encrypted just so that if someone literally stole the server there would be some safeguards.    I don't know much about Bitlocker - would this work?

It is a simple document management system - database with file repository - assume the sensitive data is only in the repository.

I don't need to encrypt the OS.  So can I encrypt the data (volume or just folders?)  on the "E" drive with bitlocker?  Would this be seamless when booting normally - I think so.  But if someone actually stole the server they would need to log in to the OS to get to the data - if they removed the data drives (and rebuilt the RAID) it would be encrypted.  Does it/can it work this way?  Anyone have things set up like this?
jsprevAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
McKnifeConnect With a Mentor Commented:
Hi.

I have this setup on multiple 2008R2ers.
The question about "seamlessness" is the crucial point. If it has to be automated ("hands free rebootable"), you will have to use either a TPM chip or a script to provide the key.

If your server hardware has a TPM chip, the setup is easy, no need to explain. However, you would need to be aware about attack vectors that remain. Those are called "cold boot attacks" and are illustrated in this video (watch it if your server has a TPM): http://www.youtube.com/watch?v=JDaicPIgn9U

If it hasn't, the way to go is to use a script. The script would use manage-bde.exe (see manage-bde /?) for syntax. It would be triggered by task manager to start on every system start. The script itself would have to be placed on the network share of another device that would be physically secured. If stolen, the script could not be loaded and the drive would stay locked.
0
 
jsprevAuthor Commented:
Thanks!
0
All Courses

From novice to tech pro — start learning today.