full disk encryption

schweidj

9
+0/-0

full disk encryption

« on: April 02, 2017, 09:28:07 PM »

Hi

can anybody tell me if there is an install option for full disk encryption in SME Server 9.x?

Regards,
Joachim

Logged

Stefano

10,894
+3/-0

Re: full disk encryption

« Reply #1 on: April 02, 2017, 10:04:20 PM »

AFAIK no ATM

what are you thinking about? any hint? it could be a great improvement

Logged

schweidj

9
+0/-0

Re: full disk encryption

« Reply #2 on: April 03, 2017, 11:39:38 PM »

I use a esxi box so I can access the console on restart to enter the password on startup.
From my point of view it´s a knock-out criterion for some-server. I would never store sensible data on a non encrypted device.

Logged

schweidj

9
+0/-0

Re: full disk encryption

« Reply #3 on: April 03, 2017, 11:42:00 PM »

Quote from: schweidj on April 03, 2017, 11:39:38 PM

I use a esxi box so I can access the console on restart to enter the password on startup.
From my point of view it´s a knock-out criterion for sme-server. I would never store sensible data on a non encrypted device.

Logged

Daniel B.

1,700
+0/-0

Re: full disk encryption

« Reply #4 on: April 04, 2017, 12:37:43 AM »

You can use the graphical installation menu with which you have all the centos partitioning options. Encryption should work (I have not tested). I should also add that full disk encryption on a 24/7 powered server is nearly useless (unless it's not physically protected)

Logged

C'est la fin du monde !!!

brianr

990
+2/-0

Re: full disk encryption

« Reply #5 on: April 04, 2017, 08:25:51 AM »

Quote from: Daniel B. on April 04, 2017, 12:37:43 AM

You can use the graphical installation menu with which you have all the centos partitioning options. Encryption should work (I have not tested). I should also add that full disk encryption on a 24/7 powered server is nearly useless (unless it's not physically protected)

I can see partly what you mean here, but I think a link or paragraph explaining this point would be very instructive.

Logged

Brian j Read
(retired, for a second time, still got 2 installations though)
The instrument I am playing is my favourite Melodeon.
.........

Daniel B.

1,700
+0/-0

Re: full disk encryption

« Reply #6 on: April 04, 2017, 09:12:47 AM »

Well, that's easy: once you entered the password to unlock the drive, the data is available just as if it was unencrypted for as long as the server stay powered on. The only protection it brings is if someone physically takes your server (or the image disk if it's a VM)

« Last Edit: April 04, 2017, 09:29:34 AM by Daniel B. »

Logged

C'est la fin du monde !!!

schweidj

9
+0/-0

Re: full disk encryption

« Reply #7 on: April 04, 2017, 09:32:26 AM »

Of course that´s what I mean, it´s protected if someone steals the hardware.

Thank you, I´ll try the graphical installation menu...

Joe

Logged

brianr

990
+2/-0

Re: full disk encryption

« Reply #8 on: April 04, 2017, 10:41:04 AM »

Quote from: schweidj on April 04, 2017, 09:32:26 AM

Of course that´s what I mean, it´s protected if someone steals the hardware.

Thank you, I´ll try the graphical installation menu...

Joe

Please keep us up to date with your progress, I am also interested in this..

Logged

Brian j Read
(retired, for a second time, still got 2 installations though)
The instrument I am playing is my favourite Melodeon.
.........

CharlieBrady

6,918
+3/-0

Re: full disk encryption

« Reply #9 on: April 04, 2017, 09:14:47 PM »

Quote from: Daniel B. on April 04, 2017, 09:12:47 AM

once you entered the password to unlock the drive, the data is available just as if it was unencrypted for as long as the server stay powered on.

A corollary is that if the system reboots, and you are not physically present to enter the password, then the system is unusable.

Logged