Sophos SafeGuard Disk Encryption 4.60
Windows 2000 Professional SP4, Windows XP SP3
Is it possible to implement Sophos SafeGuard Disk Encryption in a RAID 0/1/5 environment? What should be considered when implementation takes place?
First of all, we must differentiate between a software and hardware RAID:
Software implementations are provided by most Operating Systems. A software layer sits above the (generally block based) disk device drivers and provides an abstraction layer between the logical drives (RAID arrays) and physical drives. Software RAID is typically limited to RAID 0 (striping across multiple drives for increased space and performance) or RAID 1 (mirroring two drives). Software implementations can allow RAID arrays to be created from partitions rather than entire physical drives.
A hardware RAID implementation requires, at a minimum, a special RAID controller. This may be a PCI expansion card, or a capability built in to the motherboard. The drives may be IDE/ATA, SATA, SCSI or any combination thereof. The system using the RAID can be directly attached to the controller or, more commonly, connected via a SAN. The controller hardware handles the management of the drives, and performs any parity calculations required by the chosen RAID level. Hardware implementations also typically support hot swapping, allowing failed drives to be replaced while the system is running.
Nowadays, the most common RAID levels are:
- RAID 0: Striped Set (2 disks minimum) without parity
- RAID 1: Mirrored Set (2 disks minimum) without parity
- RAID 5: Striped Set (3 disk minimum) with Distributed Parity
Sophos SafeGuard Disk Encryption and RAID:
From the technical point of view, Sophos SafeGuard Disk Encryption can be implemented on systems where a dedicated RAID controller takes care of the RAID functionality. The system must be configured as RAID 0. Sophos SafeGuard Disk Encryption does not support built-in software RAID solutions from Windows XP/2000 or additional RAID classes, other than RAID 0!
Please keep in mind that, from the technical point of view, it is not possible to use typical RAID features like 'hot swapping' (changing defective harddisks online) on RAID systems where Sophos SafeGuard Disk Encryption is installed.
In case of emergency, the use of Sophos SafeGuard Disk Encryption's emergency tools (e.g. for emergency decryption purposes) is possible on hardware based RAID 0 systems.
Keywords: RAID0 RAID1 RAID5 0 1 5, sde