locked
Bitlocker RRS feed

  • Question

  •  If I were to use Bitlocker on a 2008 web and database server, would I be able to connect as ususal from an XP workstation. (My thought was yes, of course.) And will bitlocker slow down the DB & web service running on the server.  The server is TPM compliant and attached to the same AD as the XP workstation.
    MCSE
    Wednesday, November 26, 2008 3:13 PM

Answers

  • Good morning Tim.

    You are correct concerning client connectivity. Here several references for BitLocker / deployment, with flowcharts, and so on:

    BitLocker Drive Encryption Technical Overview
    http://technet.microsoft.com/en-us/library/cc732774.aspx


    Description of the BitLocker Drive Preparation Tool
    http://support.microsoft.com/kb/933246/en-us

    Indeed, BitLocker does have an impact on disk access throughput; the tradeoff, is, of course, between efficiency and security. The below paper (published by Microsoft) has the information your are seeking.

    AES-CBC + Elephant diffuser
    A Disk Encryption Algorithm for Windows Vista
    http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf

    Our AES implementation uses about 20 cycles/byte for AES-CBC on a a Pentium 4. The
    diffuser takes about 10 cycles/byte. The overall cipher speed is just over 30 cycles per byte,
    including various overhead. This implies that the cipher is faster than the peak data rate
    of a typical disk.

    Our current BitLocker implementation manages to limit the loss of performance to around
    5% averaged over our test cases. Our typical end-user test scenarios show an even smaller
    overhead. This is good enough to allow widespread adoption of this security technology.

    -------------

    Please let me know if I have adequately answered your questions.

    Regards,
    Bill Wesse
    MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM

    Escalation Engineer
    Thursday, November 27, 2008 1:52 PM