Solved

I read that using disk encryption should not be done on Windows server 2012 folders that have raided drives.  Also performace degrades.

Posted on 2016-08-16
3
66 Views
Last Modified: 2016-08-17
I read that using disk encryption should not be done on a Windows server 2012 folder where the machine has raided drives.  Also performance degrades. Is this true?
0
Comment
Question by:Mike-LFC
3 Comments
 
LVL 8

Accepted Solution

by:
Tyler Brooks earned 500 total points
ID: 41758619
I have used software based encryption on RAID arrays before and not had any difficulties, however, as I've found with most full disk encryptions, there is definitely some performance degradation.

That being said encryption of the disk really only helps if someone steals the physical disk, or the system containing it, and is unable to gain access to any of the user accounts. If they can manage to log into the system the encryption doesn't protect anything. In many ways if you implement stronger physical security for the system to make it more difficult to steal you eliminate or reduce the need for full disk encryption.

I generally would recommend full disk encryption on mobile systems, or systems that are easily stolen, not necessarily on a server so long as the physical security of the server is solid.
1
 
LVL 62

Expert Comment

by:btan
ID: 41758880
There will definitely be performance impact with disk encryption though it is minimal as it conducting the encrypt/decrypt transparent ("on the fly") at the kernel level. The impact come mainly due to the I/O read/writes at the storage controller as there are hardware internal buffering for managing its read/writes.

But strictly speaking, I do (like to) see them as separate entity as there is no interaction between the RAID and encryption to factor into the speed and really boils down the implementation efficiency. For example, RAID-5 array generally suffers in write access, so having to add on encryption work on the disk does not make it any slower especially if a poor encryption scheme (software or hardware based) is implemented. The source of slowdown can also be at the filesysem level too.

It is back to benchmarking the before and after implementing such control. Also there are self encryption solid state HDD as well with dedicated crypto hardware to offload or compensate the "impact". See
Doesn’t hardware encryption negatively impact the performance of systems?

A: Not at all. Dedicated hardware (electronic circuitry) can always out-perform software (computer programs) running on a general-purpose OS-based platform.
http://www.trustedcomputinggroup.org/commonly-asked-questions-answers-self-encrypting-drives/
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41758893
Mike, please name your sources.
There's a degrade, but not of a level that should keep you from using it.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WriteBack Attribute permission on domain level 13 62
How to find the user path in AD by find now. 3 33
MS Endpoint Protection 2 22
HP Procurve and AAA authentication 2 25
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question