Solved

I read that using disk encryption should not be done on Windows server 2012 folders that have raided drives.  Also performace degrades.

Posted on 2016-08-16
3
96 Views
Last Modified: 2016-08-17
I read that using disk encryption should not be done on a Windows server 2012 folder where the machine has raided drives.  Also performance degrades. Is this true?
0
Comment
Question by:Mike-LFC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Accepted Solution

by:
Tyler Brooks earned 500 total points
ID: 41758619
I have used software based encryption on RAID arrays before and not had any difficulties, however, as I've found with most full disk encryptions, there is definitely some performance degradation.

That being said encryption of the disk really only helps if someone steals the physical disk, or the system containing it, and is unable to gain access to any of the user accounts. If they can manage to log into the system the encryption doesn't protect anything. In many ways if you implement stronger physical security for the system to make it more difficult to steal you eliminate or reduce the need for full disk encryption.

I generally would recommend full disk encryption on mobile systems, or systems that are easily stolen, not necessarily on a server so long as the physical security of the server is solid.
1
 
LVL 64

Expert Comment

by:btan
ID: 41758880
There will definitely be performance impact with disk encryption though it is minimal as it conducting the encrypt/decrypt transparent ("on the fly") at the kernel level. The impact come mainly due to the I/O read/writes at the storage controller as there are hardware internal buffering for managing its read/writes.

But strictly speaking, I do (like to) see them as separate entity as there is no interaction between the RAID and encryption to factor into the speed and really boils down the implementation efficiency. For example, RAID-5 array generally suffers in write access, so having to add on encryption work on the disk does not make it any slower especially if a poor encryption scheme (software or hardware based) is implemented. The source of slowdown can also be at the filesysem level too.

It is back to benchmarking the before and after implementing such control. Also there are self encryption solid state HDD as well with dedicated crypto hardware to offload or compensate the "impact". See
Doesn’t hardware encryption negatively impact the performance of systems?

A: Not at all. Dedicated hardware (electronic circuitry) can always out-perform software (computer programs) running on a general-purpose OS-based platform.
http://www.trustedcomputinggroup.org/commonly-asked-questions-answers-self-encrypting-drives/
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41758893
Mike, please name your sources.
There's a degrade, but not of a level that should keep you from using it.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question