locked
Windows Server 2016, SQL 2016 with BitLocker RRS feed

  • Question

  • Is BitLocker compatible with windows server 2016 that is running the domain controller role and SQL 2016 on the same server? I understand having those 2 roles on the same server is not a best practice.

    What is the performance impact with bit locker enabled?

    What are the caveats with bit locker? What are the caveats when it comes to disaster recovery?

    If the TPM chip doesn't work anymore, do I lose access to the bit locker drives and do I need to perform disaster recovery?

    Dell server raid cards like PERC H730 and PERC H740P support drive encryption as well at the raid level instead of using bit locker but if a problem arises it might be more difficult to troubleshoot due to everything being dell.

    Dell raid supports encryption but it requires self encrypting drives and that might be finicky if the drives are not from dell.

    Thanks

    Friday, November 10, 2017 8:11 PM

All replies

  • Hi kungpow112,

     

    Bitlocker is compatible with Windows Server 2016 and SQL Server 2016, but you may meet problems when installing SQL Server on domain control controller, if you need to use failover cluster, it is not supported to install on a domain controller.

     

    The bitlocker will affect the performance of SQL Server a lot, especially the I/O performance. BitLocker supports two levels of cipher strength for BitLocker: 128-bit and 256-bit. Longer encryption keys provide an enhanced level of security. However, longer keys can cause slower encryption and decryption of data. On some computers, using bitlocker might result in noticeable performance degradation.

     

    >>If the TPM chip doesn't work anymore, do I lose access to the bit locker drives and do I need to perform disaster recovery?

     

     This problem is more related to Bitlocker, I suggest you opening a case in Microsoft Bitlocker Administration and Monitoring (MBAM) forum at https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopmbam

     

    Best Regards,

    Teige

     


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Proposed as answer by Teige Gao Monday, November 20, 2017 1:35 AM
    Monday, November 13, 2017 6:18 AM