Solved

I read that using disk encryption should not be done on Windows server 2012 folders that have raided drives.  Also performace degrades.

Posted on 2016-08-16
3
81 Views
Last Modified: 2016-08-17
I read that using disk encryption should not be done on a Windows server 2012 folder where the machine has raided drives.  Also performance degrades. Is this true?
0
Comment
Question by:Mike-LFC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Accepted Solution

by:
Tyler Brooks earned 500 total points
ID: 41758619
I have used software based encryption on RAID arrays before and not had any difficulties, however, as I've found with most full disk encryptions, there is definitely some performance degradation.

That being said encryption of the disk really only helps if someone steals the physical disk, or the system containing it, and is unable to gain access to any of the user accounts. If they can manage to log into the system the encryption doesn't protect anything. In many ways if you implement stronger physical security for the system to make it more difficult to steal you eliminate or reduce the need for full disk encryption.

I generally would recommend full disk encryption on mobile systems, or systems that are easily stolen, not necessarily on a server so long as the physical security of the server is solid.
1
 
LVL 63

Expert Comment

by:btan
ID: 41758880
There will definitely be performance impact with disk encryption though it is minimal as it conducting the encrypt/decrypt transparent ("on the fly") at the kernel level. The impact come mainly due to the I/O read/writes at the storage controller as there are hardware internal buffering for managing its read/writes.

But strictly speaking, I do (like to) see them as separate entity as there is no interaction between the RAID and encryption to factor into the speed and really boils down the implementation efficiency. For example, RAID-5 array generally suffers in write access, so having to add on encryption work on the disk does not make it any slower especially if a poor encryption scheme (software or hardware based) is implemented. The source of slowdown can also be at the filesysem level too.

It is back to benchmarking the before and after implementing such control. Also there are self encryption solid state HDD as well with dedicated crypto hardware to offload or compensate the "impact". See
Doesn’t hardware encryption negatively impact the performance of systems?

A: Not at all. Dedicated hardware (electronic circuitry) can always out-perform software (computer programs) running on a general-purpose OS-based platform.
http://www.trustedcomputinggroup.org/commonly-asked-questions-answers-self-encrypting-drives/
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41758893
Mike, please name your sources.
There's a degrade, but not of a level that should keep you from using it.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question