Solved

I read that using disk encryption should not be done on Windows server 2012 folders that have raided drives.  Also performace degrades.

Posted on 2016-08-16
3
61 Views
Last Modified: 2016-08-17
I read that using disk encryption should not be done on a Windows server 2012 folder where the machine has raided drives.  Also performance degrades. Is this true?
0
Comment
Question by:Mike-LFC
3 Comments
 
LVL 8

Accepted Solution

by:
Tyler Brooks earned 500 total points
ID: 41758619
I have used software based encryption on RAID arrays before and not had any difficulties, however, as I've found with most full disk encryptions, there is definitely some performance degradation.

That being said encryption of the disk really only helps if someone steals the physical disk, or the system containing it, and is unable to gain access to any of the user accounts. If they can manage to log into the system the encryption doesn't protect anything. In many ways if you implement stronger physical security for the system to make it more difficult to steal you eliminate or reduce the need for full disk encryption.

I generally would recommend full disk encryption on mobile systems, or systems that are easily stolen, not necessarily on a server so long as the physical security of the server is solid.
1
 
LVL 62

Expert Comment

by:btan
ID: 41758880
There will definitely be performance impact with disk encryption though it is minimal as it conducting the encrypt/decrypt transparent ("on the fly") at the kernel level. The impact come mainly due to the I/O read/writes at the storage controller as there are hardware internal buffering for managing its read/writes.

But strictly speaking, I do (like to) see them as separate entity as there is no interaction between the RAID and encryption to factor into the speed and really boils down the implementation efficiency. For example, RAID-5 array generally suffers in write access, so having to add on encryption work on the disk does not make it any slower especially if a poor encryption scheme (software or hardware based) is implemented. The source of slowdown can also be at the filesysem level too.

It is back to benchmarking the before and after implementing such control. Also there are self encryption solid state HDD as well with dedicated crypto hardware to offload or compensate the "impact". See
Doesn’t hardware encryption negatively impact the performance of systems?

A: Not at all. Dedicated hardware (electronic circuitry) can always out-perform software (computer programs) running on a general-purpose OS-based platform.
http://www.trustedcomputinggroup.org/commonly-asked-questions-answers-self-encrypting-drives/
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41758893
Mike, please name your sources.
There's a degrade, but not of a level that should keep you from using it.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now