Are there any server hardware requirements when deploying BitLocker on a Windows Server 2012 system? Do I need...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
to use a server with a trusted platform module?
There are no exotic or unusual hardware or software requirements for a basic BitLocker installation and deployment. The server must meet the minimum requirements needed to support Windows Server 2012; however, there are several hardware wrinkles that could happen.
First, consider using a server with a trusted platform module (TPM) version 1.2 or 2.0. A TPM is not required to install and use BitLocker. However, a TPM is needed to ensure system integrity at startup and to tie BitLocker local disks to their specific physical server. This prevents encrypted disks from being installed in other systems.
Second, evaluate the server's BIOS features. Systems with a TPM will need a compliant firmware. If the BIOS is not intended for TPM, it must support the Unified Extensible Firmware Interface (UEFI) standard. The BIOS must also boot from the hard drive first instead of external drives like USB or optical disks. Still, the BIOS should read USB flash drives during boot just in case you need an emergency encryption to recover lost or corrupted credentials.
And finally, an encrypted drive must provide two partitions -- one FAT32 or NTFS partition for the operating system and another 350 MB active NTFS partition (or larger) -- for a system drive for a BitLocker installation. Hardware encrypted drives are supported, but they must be installed with the onboard security features turned off. The separate partitions are needed to perform a system-integrity check during boot. The system drive often includes other data, such as recovery information and other tools.
Dig Deeper on Windows Server and Network Security
Related Q&A from Stephen J. Bigelow
To configure RAID 1, RAID 5 or RAID 6 erasure coding in VMware vSAN 6.2, an administrator must first choose the proper RAID protection settings.continue reading
RAID provides workload resilience and protects against data loss, but not all levels of RAID are made alike. What are the storage tradeoffs for RAID ...continue reading
Before you encounter noncompliant hardware, integrated security errors and configuration issues, read this expert advice so you know what to do when ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.