If I stop using BitLocker, is it better to suspend it or decrypt the drive? And what is the difference between...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
a BitLocker recovery password and a BitLocker recovery key?
These are two different BitLocker recovery features in Windows Server 2012 -- Suspend and Decrypt -- and they are used differently.
The Suspend option is used in conjunction with trusted platform module (TPM) capabilities. This keeps the disk encrypted but exposes the BitLocker key, which allows technicians to retrofit or upgrade the server without having to decrypt and re-encrypt the drives. Once the system hardware is changed, a new hardware "fingerprint" is taken and the BitLocker key is changed accordingly. Suspend can be a huge timesaver when system hardware changes must occur.
If you want to stop using BitLocker, it's best to turn the feature off using the Decrypt option. This will fully decrypt all data on the drive and effectively disable BitLocker.
Keep in mind that some software upgrades could require technicians to suspend or decrypt the drive before installation. Otherwise, software updates might cause unexpected changes to the system "fingerprint," resulting in disk access problems. It's best to review any upgrade notes regarding BitLocker interaction before attempting software upgrades on an encrypted server.
To answer your second question, a recovery password and a recovery key are one and the same.
When a server is configured for BitLocker, an emergency access method is usually established at the same time. For example, emergency access might be needed if the TPM has problems verifying hardware integrity and the system refuses to boot. If this occurs, a technician must provide a recovery key (sometimes called a "recovery password") to access the encrypted drive. A recovery key is a 48-digit code typed into the BitLocker recovery dialog or read from a USB flash drive, restoring access to the encrypted disk and the server.
Encryption is increasingly important as organizations opt to protect their sensitive data. Windows Server 2012 and Windows 8 administrators can deploy BitLocker to provide that protection, encrypting the computer's local disk as-needed and even binding the encrypted data to a unique piece of hardware. IT administrators will need to understand the hardware and software requirements for BitLocker, recognize the performance overhead that encryption imposes and plan for encryption key recovery contingencies.
Related Q&A from Stephen J. Bigelow
Businesses today are finding it more efficient to develop self-service portals via tools such as vRealize Automation to speed along IT requests.continue reading
VMware's vRealize Automation offering allows IT to customize the product to plug into the existing infrastructure tools.continue reading
VMware offers two products that can help automate cloud management tasks to provide more consistency with the distribution of IT services.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.