Le Café Central de Deva
..... Deva blogs!!
My experience with BitLocker: I use Windows BitLocker Drive Encryption (BitLocker) in my Windows Server Vista, 2008 & new Win 7 boxes. As i am trying this for a while, i thought to apply it with Exchange Server 2007 SP2 also; also wanted to see, whether i can make Exchange Server more stronger?
How i tried? Step 1: I tried creating my new installation of Windows Server 2008 machine with SP updates Step 2: Tried creating the BitLocker Step 3: Tried creating the Exchange Server 2007 SP2
Let me share the steps that i followed. Also i want to share couple of basics about BitLocker, if you’re interested…
What’s a BitLocker? BitLocker a security feature in the Windows Vista, Windows Server 2008, Windows 7 operating systems that can provide protection for the operating system on your computer and data stored on the operating system volume.
What BitLocker do? Mainly it takes care of the following:
What makes BitLocker – the special? What i learnt is… BitLocker is implemented in code in the early startup components ((master boot record (MBR), boot sector, boot manager, Windows Loader)), and as a filter driver that is an integral part of the operating system. When BitLocker is first enabled, existing data on the volume must be encrypted. You can continue to use the computer during this process.
Also the BitLocker helps,
To get more information regarding the BitLocker Drive Encryption, you can refer this TechNet article. Also you can refer the BitLocker Encryption Step-by-Step Guide for more information.
How this help us with Exchange Server to make it secure? In Windows Server 2008, BitLocker protection can be extended to volumes used for data storage as well, along with the protection for the operating system on your computer.
BitLocker requires that the active partition (or called as system partition) be a non-encrypted partition. The Windows operating system is installed to a second partition that is encrypted by BitLocker. Whenever dealing with the encryption of data, especially in an enterprise environment, you must consider how that data can be recovered in the event of hardware failure, changes in personnel, or other situations in which encryption keys are lost.
How to do this? BitLocker enables an IT administrator to encrypt the operating system volume and additional volumes on a Windows Server 2008-based computer. Let we try this out. By default, BitLocker is not installed in Windows Server 2008. You must add BitLocker from the Server Manager page in Windows Server 2008.
I tried installing from the command prompt.
Click the Start button, click All Programs, click Accessories, Right-click Command Prompt, and click Run as administrator.
If the User Account Control (UAC) dialog box appears, select Continue.
At the command prompt, type the following: ServerManagerCmd -install BitLocker -restart
ServerManagerCmd -install BitLocker -restart
This installs BitLocker if you have not already installed it.
After you install and configure BitLocker, you must restart the server to enable the features that BitLocker provides.
Additionally, what more you can secure? As per the TechNet article, you can use BitLocker to encrypt the volumes that host Exchange 2007 database files and transaction log files. Additionally, because the Exchange Storage Engine (ESE) works well with BitLocker, you do not experience a significant performance penalty when you encrypt the volumes that host the Exchange database files and transaction log files.
Do you know, this is supported by Microsoft CSS? As per the TechNet article - because of rigorous testing and because of the integration of BitLocker in Windows Server 2008, Microsoft Customer Support Services fully supports Exchange 2007 for use with BitLocker-encrypted volumes.
Viola, It's working. I tried the same steps. Good documentation and try too.
Steve, Thanks for your update!! Nice to hear!