PDA

View Full Version : Disk Encryption or Partition Encryption




freddyfrogg
Jul 19, 2010, 05:26 AM
Hello All,

I am in the process of setting up my Snow Leopard Server (10.6) and cannot figure out how to encrypt certain data. In particular, I want the partition containing "services" to be encrypted so that if a thief steals the physical server and removes the hard drives, all of the e-mails etc. cannot be accessed.

Is there a way to do this? Is there any software available that can do whole disk / partition encryption? Is there a way to move the services data to the admin's home folder and then encrypt that using FileVault?

Many thanks.



alphaod
Jul 19, 2010, 05:35 AM
I use PGP Whole Disk Encryption. Encrypts everything, so I don't have to worry about losing anything.

freddyfrogg
Jul 19, 2010, 05:41 AM
Sounds like the perfect solution - I saw on their web site that it is compatible with Mac OS X 10.6 but it did not mention anything regarding the server version. Are you saying that you have successfully used PGP Whole Disk Encryption on Mac OS X Server 10.6 (i.e. it is compatible)?

alphaod
Jul 19, 2010, 05:45 AM
Yes I have it running on my Mac Pro running 10.6.4 Server (64-bit kernel).

freddyfrogg
Jul 19, 2010, 05:46 AM
Perfect - many thanks for your help!

alphaod
Jul 19, 2010, 05:48 AM
They do have a trial version you can use for 30 days.

freddyfrogg
Jul 21, 2010, 10:26 AM
Did you install this on a RAID system? I have a software Raid 1 (mac mini server version) and there was an error with encryption of the hard drive which I guess must have been due to the RAID setup. Is there any way around this that you are aware of? Did you have the same issue?

Many thanks.

mlts22
Jul 29, 2010, 10:13 AM
As an alternative to PGP WDE, you might consider a sparsebundle disk image. However this will require you to start your services manually after you log on and type in the passphrase to mount the sparsebundle.

The other advantage of the sparsebundle is that because only the relatively small 8MB bands get changed, backups of changed data, even if it is a large database container are easy.

VideoFreek
Jul 29, 2010, 05:19 PM
PGP's website cautions against use of PGP Whole Disk Encryption with Mac OS X Server. See here (https://pgp.custhelp.com/app/answers/detail/a_id/976/~/pgp-whole-disk-encryption-9.x-support-for-dynamic-or-raid-disk-drives). It is not clear to me whether they are referring to server hardware only, or whether they mean OS X Server in general.

Edit: some further research on PGP's site shows that, while it can be done, it is unsupported and can be problematic. See for example this thread (http://forum.pgp.com/t5/PGP-Whole-Disk-Encryption-for/WDE-on-OSX-server-with-shares/m-p/30634#M1134.).

mlts22
Aug 6, 2010, 10:43 AM
PGP's website cautions against use of PGP Whole Disk Encryption with Mac OS X Server. See here (https://pgp.custhelp.com/app/answers/detail/a_id/976/~/pgp-whole-disk-encryption-9.x-support-for-dynamic-or-raid-disk-drives). It is not clear to me whether they are referring to server hardware only, or whether they mean OS X Server in general.

Edit: some further research on PGP's site shows that, while it can be done, it is unsupported and can be problematic. See for example this thread (http://forum.pgp.com/t5/PGP-Whole-Disk-Encryption-for/WDE-on-OSX-server-with-shares/m-p/30634#M1134.).

I just checked the PGP FAQ, and it says it does not work, nor is it supported for OS X Server.

Looks like if you want a supportable solution, a two-phase boot where you boot the OS, then enable partitions via Truecrypt or Disk Utility, then start your database applications is probably the best way.