Implementation of Sophos SafeGuard Disk Encryption in RAID 0/1/5 environments

  • Article ID: 109122
  • Updated: 30 Sep 2010


Product
Sophos SafeGuard Disk Encryption 4.60

Client OS

Windows 2000 Professional SP4, Windows XP SP3

Server OS

None

Question

Is it possible to implement Sophos SafeGuard Disk Encryption in a RAID 0/1/5 environment? What should be considered when implementation takes place?

Answer

First of all, we must differentiate between a software and hardware RAID:

Software RAID
Software implementations are provided by most Operating Systems. A software layer sits above the (generally block based) disk device drivers and provides an abstraction layer between the logical drives (RAID arrays) and physical drives. Software RAID is typically limited to RAID 0 (striping across multiple drives for increased space and performance) or RAID 1 (mirroring two drives). Software implementations can allow RAID arrays to be created from partitions rather than entire physical drives.

Hardware RAID
A hardware RAID implementation requires, at a minimum, a special RAID controller. This may be a PCI expansion card, or a capability built in to the motherboard. The drives may be IDE/ATA, SATA, SCSI or any combination thereof. The system using the RAID can be directly attached to the controller or, more commonly, connected via a SAN. The controller hardware handles the management of the drives, and performs any parity calculations required by the chosen RAID level. Hardware implementations also typically support hot swapping, allowing failed drives to be replaced while the system is running.

Nowadays, the most common RAID levels are:
- RAID 0: Striped Set (2 disks minimum) without parity
- RAID 1: Mirrored Set (2 disks minimum) without parity
- RAID 5: Striped Set (3 disk minimum) with Distributed Parity

Sophos SafeGuard Disk Encryption and RAID:
From the technical point of view, Sophos SafeGuard Disk Encryption can be implemented on systems where a dedicated RAID controller takes care of the RAID functionality. The system must be configured as RAID 0. Sophos SafeGuard Disk Encryption does not support built-in software RAID solutions from Windows XP/2000 or additional RAID classes, other than RAID 0!

Please keep in mind that, from the technical point of view, it is not possible to use typical RAID features like 'hot swapping' (changing defective harddisks online) on RAID systems where Sophos SafeGuard Disk Encryption is installed.

In case of emergency, the use of Sophos SafeGuard Disk Encryption's emergency tools (e.g. for emergency decryption purposes) is possible on hardware based RAID 0 systems.

Keywords: RAID0 RAID1 RAID5 0 1 5, sde

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments