Post #1 of 365... (some BitLocker stuff)....
And so it begins.....this is the first post of the 1 year test that I am doing to make at least one post a day for the next 365 days. At first I thought I would shoot for just business days but I figure I can get the other 104 posts in as well.
I don't want to just post fluff to make it through though. I want the posts to be useful, relevant and of value.
Here we go.....
We are about to start our live event deliveries again and I have been working on one particular piece of content that we will be delivering. I put together a session called "Why to Deploy Vista with SP1". Pretty easy session really. Why would you deploy without SP1 unless you have 1) a serious application compatibility problem or 2) you just don't care about the stability and security of your Vista systems? Of course there is quite a bit to SP1 but in the session I am focusing on some of the performance enhancements for networking and file copies as well as improvements in BitLocker, Group Policy and Diagnostics.
Did you know that once you have Vista SP1 in place you can use BitLocker on driver other than the C: drive? You can even use BitLocker on removable drives (as long as they are formatted NTFS). One of the first BitLocker questions I hear is "What about the performance impact of encrypting/decrypting on the fly?".
There really isn't any.
Sure, if you fire up some PerfMon type tools you will see charts and lines that show a performance hit and depending on the scale you may think it is a huge hit, but I challenge the average human being to even notice it. Hardware is just so fast these days that us humans don't feel the hit. In fact, my demo environment is setup like this -
Lenovo T61p laptop
100gig 7200 RPM SATA Primary Drive (C:)
100gig 7200 RPM SATA Secondary Drive (H:)
Windows 2008 Enterprise with Hyper-V
I have BitLocked the C: and H: drives (C: is the O/S drive and H: is where I store all the Hyper-V .VHD files) and run Hyper-V VM's on the machine for demos. Both drives are fully encrypted and I don't have any complaints about performance on this machine.
I repeat....I am running a Server O/S and virtualizing additonal OSes along with it on fully encrypted drives and I am happy with the system.
That is pretty darn cool....
I think where people get tripped up is that they turn on BitLocker, go about their business and start complaining about performance while the drive is actively being encrypted/decrypted. In that case you can suffer a significant performance hit because the system is trying to encrypt/decrypt the entire drive and there is a tremendous amount of disk I/O going on. Once the drive is full encrypted/decrypted, the performance hit is in the low single digits (I have heard 1-3% and 3-6% separately....my personal experience seems to support the 1-3% range)
My Recommendation....
Just before bedtime (or quitting time), enable BitLocker, perform the required reboot, then turn it on for the drives in question. Let it run overnight. In the morning, confirm BitLocker is enabled by checking in the BitLocker Control Panel and then go about your business.
You won't even know it is there....
Cheers!