Bitlocker does not require tpm. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Phil Brutsche Sent: Friday, January 17, 2014 4:51 PM To: [email protected] Subject: RE: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk
BitLocker will require a TPM module to store the crypto keys. -- Phil Brutsche [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Aakash Shah Sent: Friday, January 17, 2014 2:05 PM To: [email protected] Subject: RE: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk I've never tried this, but would BitLocker work on the server? It would prevent you from needing to enter a password on each boot (rather than TrueCrypt or the like). This should protect the temp and swap files too. -Aakash Shah -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Klaus Hartnegg Sent: Friday, January 17, 2014 8:22 AM To: [email protected] Subject: Re: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk Hi, If you make just an encrypted partition (or image file), then Windows will leak unencrypted data to temp files and swap space. If you encrypt the whole system, then somebody must enter the password on each boot. Fine if it's sitting on my desk, but bad if it's in a rack somewhere else, or even a virtual machine with no console attached. You should use whole hard disk encryption on the clients (to make temp and swap encrypted). In addition you must make sure that the data is also encrypted when it goes to the server. But you cannot mount one truecrypt partition on the server from several clients at once, only one user at a time, otherwise its contents will be garbled. Klaus
