Bitlocker
-
Wednesday, November 26, 2008 3:13 PMIf I were to use Bitlocker on a 2008 web and database server, would I be able to connect as ususal from an XP workstation. (My thought was yes, of course.) And will bitlocker slow down the DB & web service running on the server. The server is TPM compliant and attached to the same AD as the XP workstation.
MCSE
All Replies
-
Thursday, November 27, 2008 1:52 PM Good morning Tim.
You are correct concerning client connectivity. Here several references for BitLocker / deployment, with flowcharts, and so on:
BitLocker Drive Encryption Technical Overview
http://technet.microsoft.com/en-us/library/cc732774.aspx
Description of the BitLocker Drive Preparation Tool
http://support.microsoft.com/kb/933246/en-us
Indeed, BitLocker does have an impact on disk access throughput; the tradeoff, is, of course, between efficiency and security. The below paper (published by Microsoft) has the information your are seeking.
AES-CBC + Elephant diffuser
Our AES implementation uses about 20 cycles/byte for AES-CBC on a a Pentium 4. The
A Disk Encryption Algorithm for Windows Vista
http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf
diffuser takes about 10 cycles/byte. The overall cipher speed is just over 30 cycles per byte,
including various overhead. This implies that the cipher is faster than the peak data rate
of a typical disk.
Our current BitLocker implementation manages to limit the loss of performance to around
5% averaged over our test cases. Our typical end-user test scenarios show an even smaller
overhead. This is good enough to allow widespread adoption of this security technology.-------------
Please let me know if I have adequately answered your questions.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Escalation Engineer- Proposed As Answer by Bill Wesse MSFT Thursday, November 27, 2008 1:52 PM
- Marked As Answer by Chris MullaneyMicrosoft Employee Monday, December 15, 2008 9:28 PM
