Solved

I read that using disk encryption should not be done on Windows server 2012 folders that have raided drives.  Also performace degrades.

Posted on 2016-08-16
3
51 Views
Last Modified: 2016-08-17
I read that using disk encryption should not be done on a Windows server 2012 folder where the machine has raided drives.  Also performance degrades. Is this true?
0
Comment
Question by:Mike-LFC
3 Comments
 
LVL 7

Accepted Solution

by:
Tyler Brooks earned 500 total points
ID: 41758619
I have used software based encryption on RAID arrays before and not had any difficulties, however, as I've found with most full disk encryptions, there is definitely some performance degradation.

That being said encryption of the disk really only helps if someone steals the physical disk, or the system containing it, and is unable to gain access to any of the user accounts. If they can manage to log into the system the encryption doesn't protect anything. In many ways if you implement stronger physical security for the system to make it more difficult to steal you eliminate or reduce the need for full disk encryption.

I generally would recommend full disk encryption on mobile systems, or systems that are easily stolen, not necessarily on a server so long as the physical security of the server is solid.
1
 
LVL 61

Expert Comment

by:btan
ID: 41758880
There will definitely be performance impact with disk encryption though it is minimal as it conducting the encrypt/decrypt transparent ("on the fly") at the kernel level. The impact come mainly due to the I/O read/writes at the storage controller as there are hardware internal buffering for managing its read/writes.

But strictly speaking, I do (like to) see them as separate entity as there is no interaction between the RAID and encryption to factor into the speed and really boils down the implementation efficiency. For example, RAID-5 array generally suffers in write access, so having to add on encryption work on the disk does not make it any slower especially if a poor encryption scheme (software or hardware based) is implemented. The source of slowdown can also be at the filesysem level too.

It is back to benchmarking the before and after implementing such control. Also there are self encryption solid state HDD as well with dedicated crypto hardware to offload or compensate the "impact". See
Doesn’t hardware encryption negatively impact the performance of systems?

A: Not at all. Dedicated hardware (electronic circuitry) can always out-perform software (computer programs) running on a general-purpose OS-based platform.
http://www.trustedcomputinggroup.org/commonly-asked-questions-answers-self-encrypting-drives/
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41758893
Mike, please name your sources.
There's a degrade, but not of a level that should keep you from using it.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now