Jump to content
  • 0

Drivepool + encryption


maxiimus

Question

Hi,

 

I am looking for at solution to encrypt my storage drives that I am using for drivepool. How is the easiest way to do this? I have read this forum through over and over again, but I cannot seem to find a newer guide to how to setup bitlocker (I would rather use something like disktryptor instead but if bitlocker is the only encryption software supported, I can live with that).

 

Does anyone know how to encrypt the disks I'm using for my drivepool storage? I don't have a TPM-module so I'll need to use a USB drive. Also, I am not going to encrypt my system drive, so how do I manually start drivepool (I don't have a problem manually activate things at each startup as my server is seldom restarted).

 

Any help would be much appreciated!

 

/MaxIImus

Link to comment
Share on other sites

13 answers to this question

Recommended Posts

  • 0

Well, BitLocker is probably the best option here. 

 

But baring that, you can definitely use DiskCryptor.  There are a couple of things you'll need to do to get it working properly, though.

 

The simplest way to get everything working properly is to install the 2.2.0.651 public beta build. This enables the drive unlock detection by default. Additionally, it includes the Bypass NTFS Filter option in the UI (Pool Options -> Performance -> Bypass file system filters).  

 

If you don't wish to use the beta build, you'll need to edit the advanced settings file:

http://wiki.covecube.com/StableBit_DrivePool_2.x_Advanced_Settings

Set "BitLocker_PoolPartUnlockDetect" to "True" and "CoveFs_BypassNtfsFilters" to "False" and reboot the system.

 

 

These should allow you to use DiskCryptor with the system.  If you have any issues with detection of the drives after unlocking them, then restart the "StableBit DrivePool Service" (run "services.msc", find the service and restart it).  This service is what detects the pooled disks and "creates" the pool. Restarting it will force it to redetect the drives in the system.

 

 

 

 

 

 

Additionally, we don't support TrueCrypt or any of its forks, because they completely bypass the normal disk API, which is what we use to identify and call disks.

 

DiskCryptor works, because it uses a file system filter to encrypt and decrypt the data. Normally, we bypass these for the pooled disks, but that doesn't work for what you want .... hence disabling the "Bypass file system filters" option. 

 

 

 

However, for easy, BitLocker is the best option. As for the system disk, depending on the OS, it may allow you to use a password instead.

And depending on your mainboard, it may include a TPM header (if you let me know the model, I'll double check for you). ASRock, ASUS and SuperMicro all sell TPM modules, that can be easily installed.

Link to comment
Share on other sites

  • 0

If the TPM module is a problem, you can disable the need for one in the group policies.

 

run gpedit.msc

go to Local Computer Policy \ Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives

--> Require additional authentication at startup 

and check "Allow bitlocker without a compatible TPM"

Link to comment
Share on other sites

  • 0

That was quick response, nice :) .

 

OK, so if I edit the advanced settings file with the lines you wrote, I should be able to use both Bitlocker and DiskCryptor? I don't need to do anything else besides that (and restart the service if needed)

 

TwoEdge: I'll give that a try :) thx.

 

I guess I'll try putting a couple of extra disks in the machine and play with the encryption (both bitlocker and diskcryptor). I think i will start with bitlocker as I would hate to loss most of my 10TB of data because I didn't do my research right.

 

BTW my server has a SUPERMICRO X8SIE-F motherboard but it doesn't have a TPM-module :)

Link to comment
Share on other sites

  • 0

Ah, yes, no TPM header on that board. :(

 

And yes, the group policy edit above will definitely allow you to use it without a TPM module, but it will require a usb stick or passcode. 

 

 

 

And, yes, I think you can use both products together.  I'm not 100% sure about that, but there is really only one way to find out. :)

Link to comment
Share on other sites

  • 0

I have no experience with DiskCryptor so my advice was only meant for bitlocker.

 

As Christopher said you will need a passcode this way.

 

I have everything encrypted including my system drive, so all other drives can auto unlock once I have unlocked the system drive.

Link to comment
Share on other sites

  • 0

Hi everyone,

 

I have now used diskcryptor for a couple of days and it seems to work flawlessly. I did what Christopher said in #2 and I have also encrypted my system drive for most transparency. I have to enter my password at boot but after that, I don't get any indications or notifications that the whole system is encrypted which is really nice.

 

Thanks for the replies in here :) .

 

BTW: I didn't try Bitlocker as I thought I would try diskcryptor first :)

Link to comment
Share on other sites

  • 0

Old tread, but new question: For encrypting DrivePool drives, is Securstar's DriveCrypt Plus Pack supported?  I would think so, but because of TrueCrypt not being supported, that throws other full-disk encryption solutions into question.

Link to comment
Share on other sites

  • 0

That depends entirely on how it works. 

 

The reason that TrueCrypt doesn't work, is that it uses a hack to present the drives to the system, bypassing the VDS system, entirely. 

 

Each solution ... well, we'd have to test to verify if it will work or not, before we can say "yes or no" to it. 

 

 

However, from a quick test, it looks like the way that SecurStar's softwar works will work with StableBit DrivePool just fine. But you need to encrypt the underlying disks, rather than the pool. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...