Windows encrypted software raid












1














Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)



From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.



I want to achieve 2 things:



1) theft protection
a) if hardware gets stolen, drives are useless to thief

2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)


The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.



They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.



Is this possible? If so, how is this possible?










share|improve this question













migrated from superuser.com Dec 2 at 11:34


This question came from our site for computer enthusiasts and power users.















  • BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
    – Greg Askew
    Dec 2 at 14:04










  • What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
    – djsmiley2k
    Dec 2 at 20:02










  • @djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
    – Andreas Reiff
    Dec 11 at 11:16
















1














Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)



From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.



I want to achieve 2 things:



1) theft protection
a) if hardware gets stolen, drives are useless to thief

2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)


The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.



They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.



Is this possible? If so, how is this possible?










share|improve this question













migrated from superuser.com Dec 2 at 11:34


This question came from our site for computer enthusiasts and power users.















  • BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
    – Greg Askew
    Dec 2 at 14:04










  • What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
    – djsmiley2k
    Dec 2 at 20:02










  • @djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
    – Andreas Reiff
    Dec 11 at 11:16














1












1








1







Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)



From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.



I want to achieve 2 things:



1) theft protection
a) if hardware gets stolen, drives are useless to thief

2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)


The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.



They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.



Is this possible? If so, how is this possible?










share|improve this question













Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)



From what I know, I have to use an SSD for normal/fast hardware encryption (at least via Bitlocker), so I am planning to put 2 ssd disks into a SW mirror.



I want to achieve 2 things:



1) theft protection
a) if hardware gets stolen, drives are useless to thief

2) failure protection
a) if a drive fails, the other takes over and the failed drive can be replaced
b) if the pc fails, the drives run in another pc (or at least can be recovered)


The drives will be home of some VM hard drives, so they don't need to be bootable/system drive.



They should unlock automatically on Windows startup though, in order to reboot the machines unattended, also to have the hyper-v vhds available straight away.



Is this possible? If so, how is this possible?







ssd encryption raid bitlocker windows-server-2012-r2






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 2 at 11:28









Andreas Reiff

16118




16118




migrated from superuser.com Dec 2 at 11:34


This question came from our site for computer enthusiasts and power users.






migrated from superuser.com Dec 2 at 11:34


This question came from our site for computer enthusiasts and power users.














  • BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
    – Greg Askew
    Dec 2 at 14:04










  • What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
    – djsmiley2k
    Dec 2 at 20:02










  • @djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
    – Andreas Reiff
    Dec 11 at 11:16


















  • BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
    – Greg Askew
    Dec 2 at 14:04










  • What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
    – djsmiley2k
    Dec 2 at 20:02










  • @djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
    – Andreas Reiff
    Dec 11 at 11:16
















BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04




BitLocker is not supported for Windows Server 2012 R2 Hyper-V hosts. It is supported on Windows Server 2016 Hyper-V. Also, most SSD encryption is broken. See: serverfault.com/questions/939961/…
– Greg Askew
Dec 2 at 14:04












What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02




What if someone steals the entire machine? All they need do is power it on, and it'll unlock.
– djsmiley2k
Dec 2 at 20:02












@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16




@djsmiley2k Yes, that is a scenario, so this could be prevented by not having a Windows Login and the thief not being able to access anything further on the system? Again, I am not sure what is available/possible here.
– Andreas Reiff
Dec 11 at 11:16










1 Answer
1






active

oldest

votes


















1














This is definitely possible, and not too difficult to achieve.



What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.



Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.



So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.






share|improve this answer



















  • 1




    RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
    – Dave M
    Dec 2 at 12:07










  • @DaveM My bad, no idea why I said RAID 0, thanks
    – rahuldottech
    Dec 2 at 12:12










  • 2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
    – Andreas Reiff
    Dec 14 at 7:47










  • @AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
    – rahuldottech
    Dec 14 at 7:55











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f942521%2fwindows-encrypted-software-raid%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














This is definitely possible, and not too difficult to achieve.



What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.



Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.



So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.






share|improve this answer



















  • 1




    RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
    – Dave M
    Dec 2 at 12:07










  • @DaveM My bad, no idea why I said RAID 0, thanks
    – rahuldottech
    Dec 2 at 12:12










  • 2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
    – Andreas Reiff
    Dec 14 at 7:47










  • @AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
    – rahuldottech
    Dec 14 at 7:55
















1














This is definitely possible, and not too difficult to achieve.



What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.



Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.



So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.






share|improve this answer



















  • 1




    RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
    – Dave M
    Dec 2 at 12:07










  • @DaveM My bad, no idea why I said RAID 0, thanks
    – rahuldottech
    Dec 2 at 12:12










  • 2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
    – Andreas Reiff
    Dec 14 at 7:47










  • @AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
    – rahuldottech
    Dec 14 at 7:55














1












1








1






This is definitely possible, and not too difficult to achieve.



What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.



Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.



So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.






share|improve this answer














This is definitely possible, and not too difficult to achieve.



What you have to do is get a hardware RAID controller (Bitlocker doesn't work on software RAIDs), and set two drives up in RAID 1, so that even if one of the drives fails, the other has a complete copy of all the data.



Once you have the drives set up in a RAID array, all you have to do is configure Bitlocker as you normally would on a drive. Bitlocker drives can be decrypted on other PCs.



So if the computer stops working, you can access your data from another computer, and if someone steals your drives, they won't be able to access your data.







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 2 at 12:12

























answered Dec 2 at 11:51









rahuldottech

1114




1114








  • 1




    RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
    – Dave M
    Dec 2 at 12:07










  • @DaveM My bad, no idea why I said RAID 0, thanks
    – rahuldottech
    Dec 2 at 12:12










  • 2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
    – Andreas Reiff
    Dec 14 at 7:47










  • @AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
    – rahuldottech
    Dec 14 at 7:55














  • 1




    RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
    – Dave M
    Dec 2 at 12:07










  • @DaveM My bad, no idea why I said RAID 0, thanks
    – rahuldottech
    Dec 2 at 12:12










  • 2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
    – Andreas Reiff
    Dec 14 at 7:47










  • @AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
    – rahuldottech
    Dec 14 at 7:55








1




1




RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07




RAID 0 does not provide for requirement 2a from OP- " if a drive fails, the other takes over and the failed drive can be replaced" RAID 1 would provide this with the indicated 2 drives
– Dave M
Dec 2 at 12:07












@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12




@DaveM My bad, no idea why I said RAID 0, thanks
– rahuldottech
Dec 2 at 12:12












2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47




2 questions: 1) if whole system gets stolen, this does not work, i. e. drives can be decrypted? 2) I asked for software raid, if possible. It has e. g. the advantage of no additional hardware dependency. This would work the same without bitlocker (which isnt available in Sever 2012 anyway according to a´comment) but with Veracrypt whole-disk-encryption, I assume?
– Andreas Reiff
Dec 14 at 7:47












@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55




@AndreasReiff If the whole system gets stolen, unless they have the password, they cannot decrypt the data. Also, I am unaware of any mainstream or popular disk encryption solution supporting software RAID.
– rahuldottech
Dec 14 at 7:55


















draft saved

draft discarded




















































Thanks for contributing an answer to Server Fault!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f942521%2fwindows-encrypted-software-raid%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Plaza Victoria

Puebla de Zaragoza

Musa