Hard Drive Encryption
-
@Nic said:
Good point - I guess you'd have to put the encryption in the RAID controller, but that would be a recipe for disaster.
Not that bad. Little different than having it in the OS.
-
As long as they have good tools to decrypt in case of a hardware failure.
-
@Nic said:
As long as they have good tools to decrypt in case of a hardware failure.
Same issues that you have with OS failure or drive failure. Wherever you encrypt you have to be really confident that it won't fail or have a solid recovery method. With a RAID controller, it could be stored both in the controller and on the disk the same way that RAID configuration is.
-
@scottalanmiller said:
Seagate used to have disk level, yes. Not sure how that works in RAID.
Several vendors offer drive level encryption - but like you said, with a RAID controller, the controller would have to know how to take the passwords and pass it along to the drives during boot. So you'd still need iLo for remote work. This is something you'll probably never have on a regular workstation.
-
Another problem with just encrypting the data is forcing all of the data to the right location.
By default Word stores it's files on the C:\users\usernname\documents directory, well that's on the
drive - so now you either have to move the profiles (a problem) or the user has to REMEMBER to put the data in the right place. Also, what about the PageFile? or other temporary files? If you really need to encrypt a system, not encrypting the whole thing seems unlikely to cover everything you're trying to protect.That said, of course encrypted systems are a huge pain to support.
-
@Dashrender said:
@scottalanmiller said:
Seagate used to have disk level, yes. Not sure how that works in RAID.
Several vendors offer drive level encryption - but like you said, with a RAID controller, the controller would have to know how to take the passwords and pass it along to the drives during boot. So you'd still need iLo for remote work. This is something you'll probably never have on a regular workstation.
iLO doesn't solve the problem. The RAID controller must handle it. ILO would only give you visibility into a failed system otherwise.
-
iLo won't let you see what's on screen so you can type in a password?
When I was talking about iLo I was referring to the fact that the RAID controller could possibly pass the password prompt request back to the screen for the user to answer.
Having The RAID controller store the passwords internally would be find, as long as the RAID controller won't do so until after YOU/Admin type in the RAID controller unlock code.
-
@Dashrender said:
iLo won't let you see what's on screen so you can type in a password?
Of course it does, but the RAID controller has to put things on the screen. The disks don't talk to the computer directly. That's what RAID does, 100% encapsulation.
-
@Dashrender said:
When I was talking about iLo I was referring to the fact that the RAID controller could possibly pass the password prompt request back to the screen for the user to answer.
Yes, if the RAID does that. But that is not a natural component of RAID.
-
If you absolutely need to keep things easy for them, AKA do everything including wiping, then you need an out of band solution.
Try a KVM over IP.
http://www.lantronix.com/it-management/kvm-over-ip/spider.html
http://www.blackbox.com/Store/Detail.aspx/ServSwitch-Wizard-IP-DXS-Single-Access-IP-Gateway/ACR101AJust plug it in, plug in the network cable, and you are good to go. Easy to manage via a single web interface.
-
@PSX_Defector Wow...they aren't cheap! But I like what they can do!
