rvlsoft - Fotolia
Few technologies have been as important in IT and enterprise security as encryption, using a mathematical algorithm to scramble the contents of a file -- or even an entire disk.
Without the unique key used to encrypt the data, nobody else can -- at least, easily -- decrypt and discover the hidden contents. In the event of a breach or some other inappropriate event, the data remains private and inaccessible.
What is Microsoft BitLocker technology?
Microsoft BitLocker encryption is a longtime Windows feature that debuted with Windows Vista in 2007. Microsoft continues to develop BitLocker as a full-volume drive encryption platform. BitLocker employs the AES encryption algorithm -- in cipher block chaining or XTS mode -- with either a 128-bit or 256-bit key. The platform is commonly available in Windows 10 and Windows Server.
How does BitLocker work in Azure?
More recently, Microsoft added BitLocker technology as a service for Azure Windows virtual machines called Azure Disk Encryption (ADE). The ADE -- essentially a BitLocker -- encryption key is stored and protected by the Azure Key Vault service, and only authorized key users can read or run the protected Azure VM. ADE protects the VM host disks, local cache and any data in transit between an Azure VM and Azure Storage.
To use ADE, the administrator creates a key store for ADE and assigns user permissions. After a resource -- such as a VM -- is created, the administrator can attach a key vault and select a key to encrypt the resource.
How does Microsoft BitLocker work on networks?
But this is not the only evolutionary use of Microsoft BitLocker, which is also used as a secure means of booting on-premises servers on wired or wireless networks. The technology is called BitLocker Network Unlock. BitLocker Network Unlock adds a physical factor of authentication (the actual physical server), building security for vital systems without the need for user interaction.
Consider an example: A sensitive enterprise database server is off and locked down with BitLocker. The underlying physical server uses a Trusted Platform Module (TPM) and is configured to use network unlock. When the database server is powered on, it obtains a key from the TPM and then sends the key and a request to a separate Windows Deployment Server (WDS) on the local network. If the WDS recognizes the TPM key and request by determining the service exists on the local network, the WDS sends all of the credentials the database server needs to unlock the protected server, decrypting the disk and allowing the system to boot normally.
Dig Deeper on Enterprise infrastructure management
Related Q&A from Stephen J. Bigelow
Regression tests and UAT ensure software quality and both require a sizeable investment. Learn when and how to perform each one, and some tips to get... Continue Reading
Learn the meaning of functional vs. nonfunctional requirements in software engineering, with helpful examples. Then, see how to write both and build ... Continue Reading
Just because software passes functional tests doesn't mean it works. Dig into stress, load, endurance and other performance tests, and their ... Continue Reading