Disk Encryption or Partition Encryption

Discussion in 'Mac OS X Server, Xserve, and Networking' started by freddyfrogg, Jul 19, 2010.

  1. macrumors newbie

    Joined:
    Jul 19, 2010
    #1
    Hello All,

    I am in the process of setting up my Snow Leopard Server (10.6) and cannot figure out how to encrypt certain data. In particular, I want the partition containing "services" to be encrypted so that if a thief steals the physical server and removes the hard drives, all of the e-mails etc. cannot be accessed.

    Is there a way to do this? Is there any software available that can do whole disk / partition encryption? Is there a way to move the services data to the admin's home folder and then encrypt that using FileVault?

    Many thanks.
     
  2. macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    上海 (Shanghai)
    #2
    I use PGP Whole Disk Encryption. Encrypts everything, so I don't have to worry about losing anything.
     
  3. thread starter macrumors newbie

    Joined:
    Jul 19, 2010
    #3
    Sounds like the perfect solution - I saw on their web site that it is compatible with Mac OS X 10.6 but it did not mention anything regarding the server version. Are you saying that you have successfully used PGP Whole Disk Encryption on Mac OS X Server 10.6 (i.e. it is compatible)?
     
  4. macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    上海 (Shanghai)
    #4
    Yes I have it running on my Mac Pro running 10.6.4 Server (64-bit kernel).
     
  5. thread starter macrumors newbie

    Joined:
    Jul 19, 2010
    #5
    Perfect - many thanks for your help!
     
  6. macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    上海 (Shanghai)
    #6
    They do have a trial version you can use for 30 days.
     
  7. thread starter macrumors newbie

    Joined:
    Jul 19, 2010
    #7
    Did you install this on a RAID system? I have a software Raid 1 (mac mini server version) and there was an error with encryption of the hard drive which I guess must have been due to the RAID setup. Is there any way around this that you are aware of? Did you have the same issue?

    Many thanks.
     
  8. macrumors 6502a

    Joined:
    Oct 28, 2008
    #8
    As an alternative to PGP WDE, you might consider a sparsebundle disk image. However this will require you to start your services manually after you log on and type in the passphrase to mount the sparsebundle.

    The other advantage of the sparsebundle is that because only the relatively small 8MB bands get changed, backups of changed data, even if it is a large database container are easy.
     
  9. macrumors demi-god

    VideoFreek

    Joined:
    May 12, 2007
    Location:
    Philly
    #9
    Be careful

    PGP's website cautions against use of PGP Whole Disk Encryption with Mac OS X Server. See here. It is not clear to me whether they are referring to server hardware only, or whether they mean OS X Server in general.

    Edit: some further research on PGP's site shows that, while it can be done, it is unsupported and can be problematic. See for example this thread.
     
  10. macrumors 6502a

    Joined:
    Oct 28, 2008
    #10
    I just checked the PGP FAQ, and it says it does not work, nor is it supported for OS X Server.

    Looks like if you want a supportable solution, a two-phase boot where you boot the OS, then enable partitions via Truecrypt or Disk Utility, then start your database applications is probably the best way.
     

Share This Page