Windows encrypted software raid
Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)
From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.
I want to achieve 2 things:
1) theft protection
a) if hardware gets stolen, drives are useless to thief
2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)
The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.
They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.
Is this possible? If so, how is this possible?
ssd encryption raid bitlocker windows-server-2012-r2
migrated from superuser.com Dec 2 at 11:34
This question came from our site for computer enthusiasts and power users.
add a comment |
Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)
From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.
I want to achieve 2 things:
1) theft protection
a) if hardware gets stolen, drives are useless to thief
2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)
The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.
They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.
Is this possible? If so, how is this possible?
ssd encryption raid bitlocker windows-server-2012-r2
migrated from superuser.com Dec 2 at 11:34
This question came from our site for computer enthusiasts and power users.
BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04
What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02
@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16
add a comment |
Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)
From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.
I want to achieve 2 things:
1) theft protection
a) if hardware gets stolen, drives are useless to thief
2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)
The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.
They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.
Is this possible? If so, how is this possible?
ssd encryption raid bitlocker windows-server-2012-r2
Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)
From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.
I want to achieve 2 things:
1) theft protection
a) if hardware gets stolen, drives are useless to thief
2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)
The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.
They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.
Is this possible? If so, how is this possible?
ssd encryption raid bitlocker windows-server-2012-r2
ssd encryption raid bitlocker windows-server-2012-r2
asked Dec 2 at 11:28
Andreas Reiff
16118
16118
migrated from superuser.com Dec 2 at 11:34
This question came from our site for computer enthusiasts and power users.
migrated from superuser.com Dec 2 at 11:34
This question came from our site for computer enthusiasts and power users.
BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04
What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02
@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16
add a comment |
BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04
What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02
@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16
BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04
BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04
What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02
What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02
@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16
@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16
add a comment |
1 Answer
1
active
oldest
votes
This is definitely possible, and not too difficult to achieve.
What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.
Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.
So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.
1
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f942521%2fwindows-encrypted-software-raid%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is definitely possible, and not too difficult to achieve.
What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.
Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.
So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.
1
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
add a comment |
This is definitely possible, and not too difficult to achieve.
What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.
Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.
So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.
1
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
add a comment |
This is definitely possible, and not too difficult to achieve.
What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.
Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.
So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.
This is definitely possible, and not too difficult to achieve.
What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.
Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.
So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.
edited Dec 2 at 12:12
answered Dec 2 at 11:51
rahuldottech
1114
1114
1
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
add a comment |
1
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
1
1
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f942521%2fwindows-encrypted-software-raid%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04
What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02
@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16